Web : http://kickme.to/mxbnet Contact Me : dheeraj_xp@yahoo.com Main | Index DzSoft Perl Editor 5.2 Build 7/8/02 Type : Nice Perl Editor Protection : ASProtect .. Serial Tech : Loader Crack : I think cracking involves luck ... it was realy hard to find the reg check in this new version as they have put it in some other thread or something .... it was just hard to trace and also it was packed with ASProtect.But i think it was born to be cracked. As i told it was realy hard ... used many techniques but failed ... An idea came to my mind "why not dump the program running on the pc and use w32dasm".We can't use w32dasm on exe file as it is packed.Will w32dasm work with the dump file ... i don't know what programs real OEP is.Will it work ..."who cares ..lets do it".So i did was to do a plain dump of the running program using PEditor.And used w32dasm on this dump with all section flags set to E0000020 of this dump file[other wise w32dasm will not show you any thing]. To my surprise it worked .... search for string "unregistered" ... now just look few lines up you can see the reg check call .... CALL 53AE94 TEST AL,AL --- MAKE AL = 01 GOOD BOY JZ 53B5EE Now just put BPX ON 53AE94 .It is call twice at start up and when the user click "About Box" Startup : 54C45D CALL 53AE94 54C462 TEST AL,AL 54C464 JNZ 54C533 About Box 53B4F4 CALL 53AE94 53B4F9 TEST AL,AL --- MAKE AL = 01 GOOD BOY 53B4FB JZ 53B5EE All we need is that CALL 53AE94 should return AL = 01.Lets look inside this CALL ... 53AF10 MOV AL,[EBP-01] = 8A 45 FF 53AF13 MOV ESP,EBP = 8B E5 53AF15 POP EBP 53AF16 RET As this baby is packed we must use a Loader to patch it like .... 53AF10 XOR EAX,EAX = 33 C0 53AF12 INC EAX = 40 That is all [ Please refer to DzSoft Perl Edt 4.0 tut for info about making Loader]

Thanks IMPREC ...

I have tested it on different PC with Win98 and WinXP .... and it is working fine ... So we have ripped of VBOX 4.622 ..... and it is time to celebrate ....

NB : Special thanks to [yAtEs] for his wonderfull essay on IAT.Special thanks to Kilby for his wonderfull essay on Copylok IAT and many many thanks for MackT/uCF2000 for his excellent tool ImpRec.

===========================================================
if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted Lic File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
GetWindowsDirectory(windir,sizeof(windir));
strcat(windir,"\\Vbox\\Licenses\\ _5.51.277_5044.prf");

if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted Prf File ...",InfoText,MB_OK);
error = true;
}
//================================================================
if(!DeleteFile(sysdir))
{
MessageBox(NULL,"Unable to deleted OCX File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
//Delete os*****.bin
GetWindowsDirectory(windir,sizeof(windir));

for(i=0;i < MAX_PATH;i++)
{
if(windir[i] == '\\')
{
windir[i] = '\0';
}
}
strcat(windir,"\\os291494.bin");

if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted BIN File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
if(error ==false)
{
MessageBox(NULL,"Removed VBOX Files and Registry Keys ...",InfoText,MB_OK);
}

//===============================================================
//Execute VSetupT.exe
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
cl = GetCommandLine();

if (!CreateProcess("VSetupT.exe",cl, NULL, NULL,FALSE,
NORMAL_PRIORITY_CLASS,NULL, NULL,&si, &pi))
{
MessageBox(NULL,"Unable to load \"VSetupT.exe\" ...",InfoText,MB_OK);
error = true;
}else
{
MessageBox(NULL,"Loaded \"VSetupT.exe\" ...",InfoText,MB_OK);
}
//===============================================================

return 0;

}
//===================================================================================