MZ_66
March 3rd, 2005, 21:21
I am having trouble understanding what this program is doing can someone please point me in the right direction???
The setup exe file has no compression envelope that can be detected with PIED or PROTECTION SCANNER (by CDKiller).
The setup.exe file properties says it is a Package For The Web Stub ver 1.3.197.10707
By InstallShield,
Running the setup.exe creates 2 folders
1: C:\DOCUME~1\yyyyyy~1\LOCALS~1\Temp\xxxxxxx
2: C:\WINDOWS\Temp\_ISTMP1.DIR
The 1st folder contains 18 files that are used to start the setup process
The 2nd folder contains 7 files don’t know the reason for them
None of the files have compression
The setup.exe file in folder 1 starts the install process it is only 56k in size this must be some kind of loader that starts _ISDEL.EXE this file is only 8k not sure of the use of this file
This file will not load on its own with OLLYDBG as it is not a valid PE file
The next file that is started is
_INS0576._MP (the number 576 changes with each re-run of package for the web )
This is were the programme ask for a serial number or do you want to install a demo
You can install the demo and modify it later into a full version this is not that hard
The problem I have is how do you find an unlock code when _INS0576._MP is deleted and recreated on the next re-run of setup.exe??
So patching the file will not work.
If you attach to the running file with OLLYDBG and set a memory breakpoint on the fake serial you have just entered you loose control of the installing process and end up in a loop of loading your serial
None of the other files are recognised as valid PE files
Softice dose not run under win xp reliable so that’s out
Can some please point me at a tut that covers this type of a problem or suggest a another way of approaching this problem
The setup exe file has no compression envelope that can be detected with PIED or PROTECTION SCANNER (by CDKiller).
The setup.exe file properties says it is a Package For The Web Stub ver 1.3.197.10707
By InstallShield,
Running the setup.exe creates 2 folders
1: C:\DOCUME~1\yyyyyy~1\LOCALS~1\Temp\xxxxxxx
2: C:\WINDOWS\Temp\_ISTMP1.DIR
The 1st folder contains 18 files that are used to start the setup process
The 2nd folder contains 7 files don’t know the reason for them
None of the files have compression
The setup.exe file in folder 1 starts the install process it is only 56k in size this must be some kind of loader that starts _ISDEL.EXE this file is only 8k not sure of the use of this file
This file will not load on its own with OLLYDBG as it is not a valid PE file
The next file that is started is
_INS0576._MP (the number 576 changes with each re-run of package for the web )
This is were the programme ask for a serial number or do you want to install a demo
You can install the demo and modify it later into a full version this is not that hard
The problem I have is how do you find an unlock code when _INS0576._MP is deleted and recreated on the next re-run of setup.exe??
So patching the file will not work.
If you attach to the running file with OLLYDBG and set a memory breakpoint on the fake serial you have just entered you loose control of the installing process and end up in a loop of loading your serial
None of the other files are recognised as valid PE files
Softice dose not run under win xp reliable so that’s out
Can some please point me at a tut that covers this type of a problem or suggest a another way of approaching this problem