Scally
August 31st, 2001, 12:14
Could really use some help with this one. It seems to have code related to registering the app & references to the non-demo version of the ini file but I can't see any way to get the prog to call the relevant code, so it may be a genuine demo.
I've never seen (or noticed
) any app that according to filemon managed to not read its ini file if its loaded via symbol loader but it does read it if you break on the ep in sice without using the loader. Even when I'd figured this out, I couldn't seem to get close to the point where the dll attempts to read the ini file.
The app is at ht*p://www.mvsoft.com/pub/eqs/eqs57dem.zip
So, I decided to have a go at reconnecting the print dialog & save code to the appropriate menus instead. (Print dialog is at offset 7071Eh & 7079Ch/Save dialog is at offset 7064Ch and the print menu select is at offset 5301h jumping to the code I changed at offset 4DB5h:
0DB5 push 0000
0DB7 push 0000
0DB9 push 0099
0DBC Call .....
I nop'd the pushes and changed the call to go to what I think is the print dialog code.
I maybe doing somethin basic wrong but if I try to hex edit the main app to redirect the calls, the prog crashes. (this occurs even though the files are same size & the only changes visible in hexwkshop/tools/compare are the redirected call & the nop'd pushes). I tried modifying a couple of jumps here and there and redirected the print to printsetup dialog & the thing worked, so it's not just a file date check that's causing the problem. The crash occurs before the symbol loader kicks in, so I can't trace it that way.
Please can anyone give me some guidance on this.
Scally
I've never seen (or noticed
) any app that according to filemon managed to not read its ini file if its loaded via symbol loader but it does read it if you break on the ep in sice without using the loader. Even when I'd figured this out, I couldn't seem to get close to the point where the dll attempts to read the ini file. The app is at ht*p://www.mvsoft.com/pub/eqs/eqs57dem.zip
So, I decided to have a go at reconnecting the print dialog & save code to the appropriate menus instead. (Print dialog is at offset 7071Eh & 7079Ch/Save dialog is at offset 7064Ch and the print menu select is at offset 5301h jumping to the code I changed at offset 4DB5h:
0DB5 push 0000
0DB7 push 0000
0DB9 push 0099
0DBC Call .....
I nop'd the pushes and changed the call to go to what I think is the print dialog code.
I maybe doing somethin basic wrong but if I try to hex edit the main app to redirect the calls, the prog crashes. (this occurs even though the files are same size & the only changes visible in hexwkshop/tools/compare are the redirected call & the nop'd pushes). I tried modifying a couple of jumps here and there and redirected the print to printsetup dialog & the thing worked, so it's not just a file date check that's causing the problem. The crash occurs before the symbol loader kicks in, so I can't trace it that way.
Please can anyone give me some guidance on this.
Scally