Acid_Cool_178
presents he's
#19 Tutorial |
For Hellforge |
This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.
Athour Information |
acid_cool_178@hotmail.com | ||
Age | 17 | |
Web Page | http://acidcool.cjb.net/ | |
Date | Febuary 2K | |
Member in | Hellforge | Flying Horse Cracking Force |
Groups Web Page | Hellforge Login | FHCF Login |
Program Infromation |
Name | Get Right Version 3.3.4 | |||
getright.exe | ||||
Athour | Michael Burford / Headlight Software | |||
Where to Downlaod | www.getright.com | |||
Size | 1256KB | |||
Tools used | Regestry Monitor W32Dasm (Normal) Hiew |
Downlaod At | ||
1. Player Tools | ||||
2. Programmer Tools | ||||
What kind of a program | Crackme | Shareware | ||
Skill | Easy | Not so easy | Hard | X-pert |
Information about the Protection I |
this program only got one code to enter. and nothing else :)
Before we start |
Nothing much to say, lets begin the essay shall we ?
The Process |
I started the program and i got no NAG about regestering so i went to ABOUT-->About
GetRight and there i coud see this text "Enter Code" and so i did. But i have
heard from other cracker that GetRight are storing the code in the windows regestry so i
started Regestry Monitor. and entered a dummy code as 10. And i pressed OK and in Regestry
Monitor i founded something strange
20:11:06 Getright QueryValueEx HKCU\Software\HeadLight\GETRIGHT\Config\RegistrationCode
NOTFOUND
Open regedit.exe and goto the address HKCU\Software\HeadLight\GETRIGHT\Config\ and create a new vaule called RegistrationCode and in the Vaule Data i entered 2951 in decimal. Exit regedit and start getright again and it still don't help.
That means that the real code must be in the getright.exe file.
Now. open getright.exe in W32Dasm and on "String Data References" can you
fins this string. "Registered Version"
click on that and you will land here
* Possible Reference to String Resource ID=00327: "Registered Version."
|
:0040162A 6847010000 push 00000147
<-- You land here and here are the good code
:0040162F 8D4DF0 lea ecx, dword ptr [ebp-10]
:00401632 E85E1C0800 call 00483295
:00401637 FF75F0 push [ebp-10]
Scroll up and you can see this.
:00401628 7443 je 0040166D
* Possible Reference to String Resource ID=00327: "Registered Version."
Tha jump got an offset at A28.
Not open getright.exe in Hiew and press enter twice, now you will be in "Decode"
mode. If not, press F4 and choose "Decode"
Goto (F5) A28 and change
Loaction | Orginal Bytes | ASM Code |
00401628 | 7443 | je 0040166D |
and change that to
Loaction | Orginal Bytes | ASM Code |
00401628 | 9090 | je 0040166D |
If you don't now on how to change that. then press F3 (Edit) and just enter 9090.
Update the file (F9) and exit (F10 or Escape)
Rin Getright.exe and it's registered. :)
Ending |
Nothing to say..
Information about the Protection II |
You got one Code encrypted in the file and i don't now what the key are..
Whe you have entred the correct key the will getright save it in the windows registry
Greetings |
LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ and all the other i have forgotten