Allaire Cold Fusion Studio 4.5.1

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Allaire Cold Fusion Studio 4.5.1

Type : Web development tool
Protection : ASPack - 30 Day trial
Tech : Runtime Patching ...

Crack : This baby is packed with ASPack....this can be easily unpacked ..but we will follow runtime patching
First we want to find the end point of ASPack.For this change the CODE section flag to E0000020 by using
PEditor.Now fire up Symbol Loaer and load ColdFusion.Now trace till you find POPAD....

END POINT OF PACKER
*****************

0x9214F3 POPAD
0x9214F4 JNZ 9214FE | 75 08 ==>> APPLY RUNTIME PATCH HERE ...
.............................
0x9214FE PUSH 759B18 ==>> OEP
0x921503 RET

30 DAY TRIAL CHECK - INSIDE COLD FUSION
*********************************

0x759BE1 CALL 683964
0x759BE6 TEST AL,AL
0x759BE8 JZ 00759C37 | 74 4D ===>>> GOOD BOY

So our crack will be :
0x759BE8 JMP 00759C37 | EB 4D

Patch :

0x9214F4 MOV BYTE PTR [00759BE8],EB | C6 05 E8 9B 75 00 EB OFFSET = 16E0F4
0x9214FB NOP | 90
0x9214FC NOP | 90
0x9214FD NOP | 90

.........................
0x4245EC CMP ECX,06 --- COMPANY >= 6 CHAR
..............................
0x4245F1 TEST EBX,0000FFFF --- SEE IF LAST SET OF S/N IS 32 BIT
0x4245F7 JZ 424649
0x4245F9 TEST EBX,FFFF0000
0x4245FF JZ 424649
...........................
0x424640 CMP ECX,EBX --- LAST SET COMP
======================================================
0x4240EF XOR BX,[ESP+04] ---- SIMPLE XOR - ADD LOGIC
0x4240F3 ADD EBX,0000FFFF
0x4240F7 LEA EAX,[EBX-0F]
0x4240F9 TEST EBX,FFFF0000
0x4240FC CMP EAX,4BC
................................
0x424116 ADD EBX,0F
0x424119 CMP EBX,4BC
0x42411F JGE 424134

Now this S/N part is over ... but when we restart CDRWin we get a message that we
have used pirated S/N .... so there is another check at start up .... more work ....
To find this point put a BPX at above comparision points and restart ....CDRWin.

0x4034EA CALL 424D80
INSIDE THIS CALL ....
0x424DA5 CMP [004ADD96],AX --- SECOND LAST SET ..... SO RESTART FISHING WITH THIS NEW VALUE :)

Registration Info:

Name : DHEERAJ
Company : MxBNET
Unlock key : 1234-5678-16533450-30E1E554
Check Key : 30E1F760-444C-16536228-26B2D104

CDRWin 4.0A

Name : DHEERAJ
Company : MxBNET
Unlock key : 1234-5678-16533423-30E1E554
Check Key : 30E1F760-444C-1653625B-26B2D177

277";
long lResult = 0;
HKEY hKey =0;
int i =0;

char windir[MAX_PATH];
char sysdir[MAX_PATH];
bool error = false;
PROCESS_INFORMATION pi;
STARTUPINFO si;
char* cl;
//===============================================================
char firstkey[] = "{EADF629A-E6FB-4AE5-8D2E-B6F995A7C0A8}";
char seckey[] = "{C2CD9A01-9F53-4411-35FA-3ECCB27B86B3}";
//===============================================================
//Delete Registry Keys
//===============================================================
//First Key
lResult = RegOpenKey(HKEY_CLASSES_ROOT,"CLSID",&hKey);

if(lResult != ERROR_SUCCESS)
{
MessageBox(NULL,"Unable to open Registry..exiting",InfoText,MB_OK);
return 0;
}
lResult = RegDeleteKey(hKey,firstkey);
if(lResult != ERROR_SUCCESS)
{
MessageBox(NULL,"Unable to deleted First Key ...",InfoText,MB_OK);
error = true;
}

RegCloseKey(hKey);
//================================================================
//Second Key
lResult = RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Classes\\.ini",&hKey);

if(lResult != ERROR_SUCCESS)
{
MessageBox(NULL,"Unable to open Registry..exiting",InfoText,MB_OK);
return 0;
}

lResult = RegDeleteKey(hKey,seckey);
if(lResult != ERROR_SUCCESS)
{
MessageBox(NULL,"Unable to deleted Second Key ...",InfoText,MB_OK);
error = true;
}

RegCloseKey(hKey);

//===============================================================
//Delete Files ...
GetWindowsDirectory(windir,sizeof(windir));
GetSystemDirectory(sysdir,sizeof(sysdir));
strcat(windir,"\\Vbox\\Licenses\\ _5.51.277_5044.lic");
strcat(sysdir,"\\ws057043.ocx");
//===============================================================
if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted Lic File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
GetWindowsDirectory(windir,sizeof(windir));
strcat(windir,"\\Vbox\\Licenses\\ _5.51.277_5044.prf");

if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted Prf File ...",InfoText,MB_OK);
error = true;
}
//================================================================
if(!DeleteFile(sysdir))
{
MessageBox(NULL,"Unable to deleted OCX File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
//Delete os*****.bin
GetWindowsDirectory(windir,sizeof(windir));

for(i=0;i < MAX_PATH;i++)
{
if(windir[i] == '\\')
{
windir[i] = '\0';
}
}
strcat(windir,"\\os291494.bin");

if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted BIN File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
if(error ==false)
{
MessageBox(NULL,"Removed VBOX Files and Registry Keys ...",InfoText,MB_OK);
}

//===============================================================
//Execute VSetupT.exe
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
cl = GetCommandLine();

if (!CreateProcess("VSetupT.exe",cl, NULL, NULL,FALSE,
NORMAL_PRIORITY_CLASS,NULL, NULL,&si, &pi))
{
MessageBox(NULL,"Unable to load \"VSetupT.exe\" ...",InfoText,MB_OK);
error = true;
}else
{
MessageBox(NULL,"Loaded \"VSetupT.exe\" ...",InfoText,MB_OK);
}
//===============================================================

return 0;

}
//===================================================================================