|
|
|
|
|
|
|
|
O.k ... This program needs an Unlock Code !! , to make it full version , now in this tutorial we will patch the exe file to any Unlock COde that we supply , it is not a long tutorial but the patching is alot !!!
|
O.k ... Run Xara , and you will get a message with two buttons , purchase and continue , hey let's click on purchase , o.k kool a screen will popup asking us to supply an UNLOCK CODE , so let's give it , in my case i wrote 24676 , and clik o.k , and *boom* there you have it !!! our error message !! , o.k you know the way , copy the file X3D.exe to W32DASM Dir to dasm it !!! , and when it's finished click on the SDR and find the error message , double click on it , scroll up a little bit and you should see something like this :
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040FA34(C), :0040FA48(C), :0040FA64(C), :0040FA80(C), :0040FA9C(C)
|:0040FAB8(C), :0040FAD4(C), :0040FAF0(C), :0040FB5D(C) <-- Hmm !!! Lot's of address let's check them
* Possible Reference to Dialog: DialogID_0133, CONTROL_ID:00FF, ""
:0040FC16 6AFF push FFFFFFFF
:0040FC18 6A10 push 00000010
* Possible Reference to String Resource ID=03005: "You entered an invalid unlock code.
The program has not been"
:0040FC1A 68BD0B0000 push 00000BBD
:0040FC1F E803EA0700 call 0048E627
As you can see this message is called from nine locations , hmmm !! . let's check the first one , that is at address 0040FA34 . o.k click on find in win32dasm and enter the address , when you get there scroll up a little bit till you are at this code :
:0040FA1C E83F22FFFF call 00401C60
:0040FA21 83F801 cmp eax, 00000001
:0040FA24 0F85FA010000 jne 0040FC24
:0040FA2A 8B842440010000 mov eax, dword ptr [esp+00000140]
:0040FA31 3958F8 cmp dword ptr [eax-08], ebx
:0040FA34 0F85DC010000 jne 0040FC16 <-- first jump
:0040FA3A 0FBE10 movsx edx, byte ptr [eax]
:0040FA3D 52 push edx
:0040FA3E E89D7E0500 call 004678E0
:0040FA43 83C404 add esp, 00000004
:0040FA46 85C0 test eax, eax
:0040FA48 0F84C8010000 je 0040FC16 <-- Second jump
:0040FA4E 8B842440010000 mov eax, dword ptr [esp+00000140]
:0040FA55 0FBE4801 movsx ecx, byte ptr [eax+01]
:0040FA59 51 push ecx
:0040FA5A E8817E0500 call 004678E0
:0040FA5F 83C404 add esp, 00000004
:0040FA62 85C0 test eax, eax
:0040FA64 0F84AC010000 je 0040FC16 <-- Thrid jump
:0040FA6A 8B942440010000 mov edx, dword ptr [esp+00000140]
:0040FA71 0FBE4202 movsx eax, byte ptr [edx+02]
:0040FA75 50 push eax
:0040FA76 E8657E0500 call 004678E0
:0040FA7B 83C404 add esp, 00000004
..........
.........
........
.......
......
.....
....
...
..
.
I don't have to list all the code !! do i ??
o.k so i think you got the picture !!! yes !! that is right !! patch the nine checks where you find a jump if equal patch it to jump if not equal that is 74 -- 75 , and where you find jump is not equal patch it to jump if equal and that is 75 -- 74 , and i also don't have to tell you how to patch or how to run and use Hiew !!! right
|
go to the following address to patch :
:0040FA34 jne ---> je
:0040FA48 je ---> jne
:0040FA64 je ---> jne
:0040FA80 je ---> jne
:0040FA9C je ---> jne
:0040FAB8 je ---> jne
:0040FAD4 je ---> jne
:0040FAF0 je ---> jne
:0040FB5D jne ---> je
o.k so you have done it , copy back X3D.exe to it's installed dir and run it , o.k enter any code you want as your unlock code !! and there you have it !!
|
O.k there you have it , i hope you have enjoyed this tutorial as much as i did writeing it !! , and cya in another
tutorial !!!
FaT[BiT]_FaTsO GreetZ :
tKC ( you really Showed us the LIGHT !!! thanx alot )
LW2000 ( Thanx !!! i now use my brain !!)
Xasx (Hola !! the Best founder ever)
Sir_dReAm ( Nice CrackME !!! )
Bonez (Thanx for the support !! )
and to all TNT!CRACK!TEAM! members
cya FaT[BiT] \ TNT!