How to patch AWEB Developer 1.31

 

    This program is shareware and after a period, it asks you to register. It's a Visual Basic 6 prog, and I have searched for the right serial, but it doesn't work; actually it creates two serials. Never mind, we will patch it. So before we continue, make two copies of the exe file. The one for backup and the other with extension .w32 for use with W32Dasm.

     Ok, now open the .w32 file with W32Dasm and go to SDR (String Data References) and double click "Evaluation period is over. Do you want to register AWeb Developer now?", but as it there is many times inside the code, you must reach the line 004AE1A7. It will be like this 

:004AE19E 8D954CFFFFFF l               lea edx, dword ptr [ebp+FFFFFF4C]
:004AE1A4 8D4D8C                             lea ecx, dword ptr [ebp-74]

* Possible StringData Ref from Code Obj ->"Evaluation period is over, Do "
                                                               
->"you want to register AWeb Developer "
                                                                ->"now?"

|
:004AE1A7 C78554FFFFFF54044200     mov dword ptr [ebp+FFFFFF54], 00420454
:004AE1B1 C7854CFFFFFF08000000     mov dword ptr [ebp+FFFFFF4C], 00000008

 

Now scroll a bit up till you see 

* Reference To: MSVBVM60.__vbaR8Str, Ord:0000h
|
:004AE102 FF15D8114000     Call dword ptr [004011D8]
:004AE108 DC1D40414000    fcomp qword ptr [00404140]
:004AE10E DFE0                     fstsw ax
:004AE110 F6C440                 test ah, 40
:004AE113 0F84BC010000    je 004AE2D5        <= Here we are. Write down offset AE113
:004AE119 8B0E                     mov ecx, dword ptr [esi]

 

Ok, now choose string "Unregistered" and you shall land here

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004AD2D6(C)   <= See this?

|
:004AD3A8 8B06                    mov eax, dword ptr [esi]
:004AD3AA 56                        push esi
:004AD3AB FF9010030000    call dword ptr [eax+00000310]
:004AD3B1 8D4DD0               lea ecx, dword ptr [ebp-30]
:004AD3B4 50 push eax
:004AD3B5 51 push ecx

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
|
:004AD3B6 FF15AC104000 Call dword ptr [004010AC]
:004AD3BC 8BF0                  mov esi, eax

* Possible StringData Ref from Code Obj ->"Unregistered"
|
:004AD3BE 6898024200        push 00420298

 

Go to Goto->Goto Code Location and enter 4AD2D6. You'll see this code

* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h
|
:004AD2CE FF150C114000     Call dword ptr [0040110C]
:004AD2D4 85C0                      test eax, eax           <= We don't like that. Note the offset AD2D4
:004AD2D6 0F85CC000000     jne 004AD3A8
:004AD2DC 8B0E                     mov ecx, dword ptr [esi]

 

Double click again the "Unregistered" reference to land elsewhere

 

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004AE07A(C)   <= See this?
|
:004AE0BF 8B06                  mov eax, dword ptr [esi]
:004AE0C1 56                      push esi
:004AE0C2 FF9010030000  call dword ptr [eax+00000310]
:004AE0C8 8D4D9C            lea ecx, dword ptr [ebp-64]
:004AE0CB 50                      push eax
:004AE0CC 51                      push ecx

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
|
:004AE0CD FF15AC104000  Call dword ptr [004010AC]
:004AE0D3 8BF8                    mov edi, eax

* Possible StringData Ref from Code Obj ->"Unregistered"
|
:004AE0D5 6898024200         push 00420298

Go to Goto->Goto Code Location and enter 4AE07A. You'll see this code

* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h
|
:004AE072 FF150C114000 Call dword ptr [0040110C]
:004AE078 85C0                  test eax, eax     <= We don't like that. Note the offset AE078
:004AE07A 7543                  jne 004AE0BF
:004AE07C 8B16                 mov edx, dword ptr [esi]

 

We are done now. Time to make the changes. Run Hiew and open the exe file. Press F4 to go to Decode Mode, F5 and enter the first offset (AE113), press F3 and change the 0F84BC010000 to 0F85BC010000, press F9 to save, F5 again and enter AD2D4 and change the 85C0 to 85C9, F9 again and once more F5 and AE078, change the 85C0 to 85C9, F9 and press <ESC> to leave. Run the program now. No unregistered. I have not tested if all functions work correctly, but if you see any bug about registration, then mail to me.

Thanks for reading this tut.

For any questions you can reach me on EF-Net #cracking and #cracking4newbies, or on GR-NET in #cracking (that’s mine,hehe) with the nick iNFRA .

My e-mail is dmitspan@usa.net

Goodbye my friends.

 

                                                                                                                                                            Written by: Mitsaras Nuker®