I am trying to crack a demo program that only lets your run it 4 times before it expires. anyone have any idea on what I need to be looking for to make it run more than that?

Probably the most usefull tool around is Google.

SiGiNT

i found some tuts but i dont think they will work with the prog i am working on but o well

RegMon and FileMon are very useful for observing the overall activity of the program.

For more in-depth reversing, SoftICE and IDA.

Remember, cracking is not just about following tutorials, it's about using your brain to figure out how things work and how to change how things work.

For the most basic procedure,

i would suggest let your programm run the times needed to expire.
Then write down the message shown. Open up IDA, and search for that message to be pushed...
Then scroll a bit up and search for some condition. Mostly a compare or decrease, increase stuff or a test, like test eax,1 etc.
If the condition is only check one time just patch the jump if the condition
is check more than one time i would suggest you to patch the call.

This basic steps will world at almost many targets in the hood out there,
so try it and you will see

Cheers,

PAPi

In general, I find it a good idea to use an installation monitor whenever I install programs that I know are time or runtimes protected (well, it's a good exercise in general too). That way you'll have a good idea as to what you'll be looking for. If you do use one of these (and it's too late for you anyway, if you already installed it), make sure that you run the program at least once before stopping the monitoring.

Fake

i think that you must refer to the relative tuts....
in internet websuffing, look for the necessary tuts and read
so you find them that more better long time use
good luck!!!
by

Think about this:

The program has to keep the count of "times ran", somewhere.
A file, a registry key. . .
That place has to be updated (Written to) every time you run the program:


SO: with filemon and regmon, keep trak of what things the program writes everytime it starts (without doing doing any anything else),
Also, unless you have 20 computers to do your experiments search about virtual machines so you can install and reinstall your app as many times as necessary to figure this out, without having to reformat your HD every 4 times!

It's also usefull to note the time you last ran the program, search the windows dir, (including subdirectories), by date, for files written on that date and time, ignore regular windows logs and pre-fetch files, look mostly for files labeled .dat or (less frequently .dll), rename any written at that time .bak and see if it renews your trial, if not name them back to what they were - you can also do this in the documents and settings directory - this can buy you time - opening the file in Ollydbg just to see how many runs you have left will usually let you check to see how many are left then exit Olly, not the prog so you won't use one up - also you can run the prog. and close it using task manager intead of exit and that might buy you unlimited runs.

SiGiNT

The best no fail method for doing this is to use RegShot. Search google for RegShot. Now, run Regshot BEFORE you run the time limited program. Tell it to also compare the C:\ drive. Take the first snapshot. Now run the protected program. Take the second snapshot with regshot and do a compare. Every change will show up. It is much easier and more reliable because it's a static list, and also some programs know you will use RegMon, so they just pump out tons of useless data. I very rarely if ever use REgMon anymore. RegShot is 100% more useful for time limited programs.

-nt2o

Nikola---,

Great tip, I've never used regmon - simply because of all the garbage - I have tried Installwatch, but you don't have the after run option, so it's pretty useless.

@Signum - First on your list is to get PEiD - you need to know if you're dealing with a packed prog - changes the whole ballgame, let us know, there are ways to renew your demo if it's packer generated.

SiGiNT

Perhaps you all may have failed to notice the Signum has joiner the "Goners" classification. That means he is banned for repeated violation of the Rules, despite repeated warnings.

Your comments should still be and still are useful to anyone doing research on the Forums on these subjects and will be available for later review also. I'm simply pointing out that "Signum" will not be coming back as a registered member to appreciate your efforts, even though the are helpful.

Regards,

Howdy,

My thinking was he was a troll. I gave him some specific instructions that are the most basic for anyone with some common sense. (reg entries).

He still felt the need to submit this same topic again for the fourth time.

Woodmann

Uhm, I wrote a Regmon Duplicate Remover that removes some of that garbaginous based on a chosen filter level, might be useful to some. It could probably use an upgrade/revamping, but that's why I included the source..

http://www.woodmann.com/forum/showthread.php?t=4162

Cheers,
Kayaker