Target : Blaze Media PRO
2002 Revision M
Target URL : http://www.mystikmedia.com
Tools : PEiD v0.8 or PE-Scan
v3.13, ArmKiller v2.6 Beta
1, Import Reconstructor v1.4.2, HIEW
Tools URL : http://protools.cjb.net
INTRODUCTION
Welcome to my fourth tutor for the Phrozen Crew. This tutor focuses the
more advanced side of cracking and deals with the unpacking and rebuilding
of the unpacked version of this target.
IDENTIFICATION
Like with all other target programs, it is an advantage to know whether
or not an application is packed with a encryption/protection scheme and
if so, with which one. For this reason I recommend the PEiD (PE iDentifier
v0.8) coded by snaker & Qwerton or PE-Scan v3.13 by Snyper.
I also recommend that if you use PEiD that you turn on the HARDCORE scanning option number 2 ON. The reason for this is that a lot of the more advanced packers/encryptors will try and fake identifiers by using other packers/cryptors' identification strings as well as virtually no identification markings at all. This will limit those chances to allmost none!
By the way, it IS packed with the Armadillo SPS v2.53+, making
it a very "tough" target for most crackers! So how will we go
about cracking this application? Wel first install it into a directory
of choice and extract the Armkiller.Exe and Arm.Dll files into the main
application directory.
UNPACKING
Execute ArmKiller and select the main BMP.Exe executable.
Congratulations! - You have successfully cracked Blaze Media PRO! ArmKiller
will do its work and you will be greeted with the following message "The
FIRST dump (dump.exe) is read...".
Click the OK button and wait for the second message box to pop up saying
"The SECOND dump (dump.exe) is ready. You can now rebuild...".
Do NOT click the this OK button before we are totally finished rebuilding
the mangled dump.exe!
Now run the Import Reconstructor and select the first BMP.Exe ProcessID
you see...
s
Before you can continue to rebuild it, look in BMP directory, you'll se
a small eip.bin file had been created. This little file contains the OEP
(Original Entry Point) - this is the essential part to making the target
run!
Please remember the following before u even *try* and use this OEP to
rebuld the file, it IS the right OEP, in this case B4 14 but its in REVERSE
order, you need to fix this so paste the following into the Import Reconstructor
OEP box, ie. 14 B4, then click the "IAT Autosearch" button and
you'll get a "Found something!" message box.
s
Click the OK button and now click the "Get Imports"
button to load the import table to be fixed. Click the "Fix Dump"
button, and select the DUMP.Exe file and wait for it to succesfully save
it to DUMP_.Exe. Now you can exit Import Reconstructor and click the OK
button on the leftover ArmKiller message box to close it. All you need
to do now is delete or rename the original BMP.Exe, delete the .bin file,
delete the unecessary DUMP.Exe and then rename the DUMP_.Exe file to BMP.Exe
and your all done!
Enjoy!
Valek / Phrozen Crew
PS: Click on the Phrozen Crew logo to visit our website or on my logo
to contact me via email
