Hi all
I'm a newbie in cracking,then I can't get through my cracking excercise well.
I start cracking a famous Zip password recovery tool(I think everybody find
it out!).The last version 3.54 of it is worth to write keygen or crack because
it can test up to 15 miliom passes per seceond.
I start with using Stripper for breaking its AsProtect down.
Then I find the protection routine simply by tracing the DialogBoxParam().
Everything goes well until I try to change and remove protection routine
from program(Changing all of it with NOP and make true result for output),
this Program can detect the code modification and will terminate!
I think it uses loading some code from File resourses and use it.But I can't
Find How I can change the code and the program don't detect it.(I think
It compare some codes of program with loaded resource).
Is there anybody that help me for cracking it out?
Note: message that is shown by detection of code modification is come from
the routine of SetUnhandledExceptionFilter().

sincerely yours

Have you done any review of reference materials on code used to detect code modification, either here or on the net? For example, using the main search feature here, I entered "Code modif* + detect*" (without the quotes) and got at least 20 hits. Are you familiar with CRC-32 checking and similiar processes for detecting modifications? In other words, what have you done to help yourself solve your problem? You may have done alot, but you haven't said.

Regards,

This might be one of those great occasions to smack a newbie with the entire HCU archive. As all students who've ever read one of the old essays should know, scanning for 90h in interesting places is all it takes to determine whether or not to trash the hd of a wannabe cracker. Programmers may still be stupid, but that's not really an excuse for not reading up on the most fundamental techniques of patching exe files.

Fake

To sum up what the posters above said: The file seems to do "crc check" / "integrity check" / "self check" of some kind on itself. Search and read about this kind of protection and you will find good info.

Hi, this program got no "modification" check at all. You want to find a protection routine by tracing a windows API (DialogBoxParamA) ? think about it again ...

While your first comment seems to indicate you know bout the program, your second comment seems more general. Why not look at dialogboxparam?

From the msdn:

INT_PTR DialogBoxParam(
HINSTANCE hInstance,
LPCTSTR lpTemplateName,
HWND hWndParent,
DLGPROC lpDialogFunc,
LPARAM dwInitParam
);

Notice the DLGPROC - supplied by the program. If the serial input is gathered from a dialog, it will pass through there. So why not look at the dialogboxparam? It's just one out of a gazillion different starting points, probably no worse than others.
But then again, your second comment may be program specific, and you know something I don't (haven't looked at said program).

Fake

True true, .. i guessed he traced in the startup dialog so that isnt the way to find a "modification" protection like he meaned. You can break on API and trace further but if you trace in it, you will never find a protection against "modification" in it. My first suggest was that he nopped the call to the startup Dialog api out, so the programm wont start anymore. Btw @ first poster: no cracking requests here.