Macromedia® Firework MX 2002

Macromedia® Firework MX 2002 (Part A--nag screen)

By +Jonathan

6-23-2002

*Price: $300 (not include tax)

*Download: www.macromedia.com (PS If you do not know how to setup—see my tutorial Basic Computer concept)

*Protect: nag screen & 30-days tryout

Ok. Now I will show you the best way to crack this while right now there’re no patch for almost all Macromedia MX products on the Internet ^_^ Also notice that it is an extremely important chapter!!

You will learn the MB command in order to destroy the Nag Screen directly. So, wherein should we start?

The nag screen :-) Let us start the program and you will see:

Obviously, there exists a counter within this program in order to notice the time. Let Break Point on this nag screen or use the String Ref., and I prefer using my own fixed W32Dasm CS (not the original 8.93 kind)

The reason why check “Other reference” is, the dead-listing is too huge!!! And using this why we can quickly land here:

* Reference To: USER32.MessageBoxA, Ord:01DCh

:00B07E21 8B35C0C7D000 mov esi, dword ptr [00D0C7C0]

:00B07E27 7D04 jge 00B07E2D *Want try more time?

:00B07E29 B301 mov bl, 01 *mov BAD Flag

:00B07E2B EB04 jmp 00B07E31

:00B07E2D 84DB test bl, bl

:00B07E2F 742D je 00B07E5E *Jump if you are a nice guy

:00B07E31 6A02 push 00000002

:00B07E33 6A0A push 0000000A

:00B07E35 6A07 push 00000007

:00B07E37 8D4C2464 lea ecx, dword ptr [esp+64]

* Possible StringData Ref from Data Obj ->"This version of Fireworks expired "

->"on %ld/%ld/%.2ld. Please contact "

->"Macromedia for a newer version!" * “%” means an integer

:00B07E3B 68E489E900 push 00E989E4

:00B07E40 51 push ecx

:00B07E41 E8F95B0E00 call 00BEDA3F

:00B07E46 83C414 add esp, 00000014

:00B07E49 8D542458 lea edx, dword ptr [esp+58]

:00B07E4D 6A30 push 00000030

:00B07E4F 681C81EA00 push 00EA811C

:00B07E54 52 push edx

:00B07E55 FFD7 call edi

:00B07E57 50 push eax

:00B07E58 FFD6 call esi

:00B07E5A 84DB test bl, bl

:00B07E5C 752F jne 00B07E8D

:00B07E5E 6A02 push 00000002 *push year 2002

:00B07E60 6A0A push 0000000A affect “%” *push date 10

:00B07E62 6A07 push 00000007 *push month 7 (or July)

:00B07E64 8D842464040000 lea eax, dword ptr [esp+00000464]

* Possible StringData Ref from Data Obj ->"This version of Fireworks will "

->"expire on %ld/%ld/%.2ld."

:00B07E6B 68AC89E900 push 00E989AC

:00B07E70 50 push eax

:00B07E71 E8C95B0E00 call 00BEDA3F

:00B07E76 83C414 add esp, 00000014

:00B07E79 8D8C2458040000 lea ecx, dword ptr [esp+00000458]

:00B07E80 6A30 push 00000030 * push MB style!!!!!!!!!!!!

:00B07E82 681C81EA00 push 00EA811C

:00B07E87 51 push ecx

:00B07E88 FFD7 call edi

:00B07E8A 50 push eax

:00B07E8B FFD6 call esi *Call nag screen*

:00B07E8D 33C0 xor eax, eax

First of all, we need to change je 00B07E5E and jge 00B07E2D into JMP, then disable the nag screen:

OK but what is nag screen?----message box

C++ Language—Win API 32

int MessageBox(hwndParent, lpszText, lpszTitle, fuStyle)

HWND hwndParent;        /* handle of parent window           */

LPCSTR lpszText;        /* address of text in message box    */

LPCSTR lpszTitle;       /* address of title of message box   */

UINT fuStyle;           /* style of message box              */

The MessageBox function creates, displays, and operates a message-box window.

The message box contains an application-defined message and title, plus any

combination of the predefined icons and push buttons described in the fuStyle

parameter.

<<Parameter   Description>>

hwndParent     Identifies the parent window of the message box to be created.

               If this parameter is NULL, the message box will have no parent

               window.

LpszText       Points to a null-terminated string containing the message to

               be displayed.

LpszTitle      Points to a null-terminated string to be used for the dialog

               box title. If this parameter is NULL, the default title Error

               is used.

fuStyle           Specifies the contents and behavior of the dialog box.

               This parameter can be a combination of the following values:

Value Meaning

:00B07E80 6A30                            push 00000030

6A30                                 6A31

6A32                                 6A33

6A34                                 6A35

6A36                                 6A37 to 6A3F

N/A

If you change the 3—6A30 It will change the type ex:

6A30 is “!”  but  6A10 is  “X”,  6A20 is “?” ......

Therefore we only need to change:

:00B07E80 6A37                            push 00000030

Now my friends you have already disable the nag screen, but

we are not yet finish! We still need to destroy the Time

Limit which is in Part B