Web : http://kickme.to/mxbnet Contact Me : dheeraj_xp@yahoo.com Main | Index DzSoft PHP Editor 1.0 Type : PHP Editor + Debugger Protection : ASProtect -- 30 DAY LIMIT Tech : Loader Crack : ASProtect is a real mess.Unpacking has become harder.But a loader can be used. This program has 30 day limit.It seems that it uses code of ASProtect for this.It is interesting to note that after 30 day the address of Nag Box changes. 0x5AA60B CALL [005AF80] --- SHOW NAG Now content of [005AF380] will decide to run or not to run in 30 Day trial. IF [005AF80] == 005A9BC4 --- IT WILL RUN IN 30 DAY TRIAL IF [005AF80] == 005A9DF0 --- EXPIRED ... KICK ASS .... Now these values are filled by ASProtect.First API call made by this program is GetStartupinfoA.If we put a BPX GETSTARTUPINFOA and look at 005AF80 we can see that it is already filled by sucker ASProtect after checking if 30 DAY is left or not.So if your 30 DAY limit is over then [005AF80] == 005A9DF0.It is interesting to see that at the break of first API if we change [005AF80] ---> 005A9BC4 ..... it RUNS ... Now a loader can be easily made.With delay = 200ms. Another interesting point is that we can reset its 30 DAY count if we delete this key : [HKEY_CURRENT_USER\Software\ASProtect\Data] @="BA4587DAF7366F35"

015F:0053ABBE EBEB JMP 0053ABAB
015F:0053ABC0 8A45FF MOV AL,[EBP-01] <<-- Flag Set
015F:0053ABC3 8BE5 MOV ESP,EBP
015F:0053ABC5 5D POP EBP
015F:0053ABC6 C3 RET

Fix :

015F:0053ABBE EBEB JMP 0053ABAB
015F:0053ABC0 B001 MOV AL,01
015F:0053ABC2 90 NOP
015F:0053ABC3 8BE5 MOV ESP,EBP
015F:0053ABC5 5D POP EBP
015F:0053ABC6 C3 RET

That is all [ Please refer to DzSoft Perl Edt 4.0 tut for info about making Loader]

Thanks IMPREC ...

I have tested it on different PC with Win98 and WinXP .... and it is working fine ... So we have ripped of VBOX 4.622 ..... and it is time to celebrate ....

NB : Special thanks to [yAtEs] for his wonderfull essay on IAT.Special thanks to Kilby for his wonderfull essay on Copylok IAT and many many thanks for MackT/uCF2000 for his excellent tool ImpRec.

===========================================================
if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted Lic File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
GetWindowsDirectory(windir,sizeof(windir));
strcat(windir,"\\Vbox\\Licenses\\ _5.51.277_5044.prf");

if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted Prf File ...",InfoText,MB_OK);
error = true;
}
//================================================================
if(!DeleteFile(sysdir))
{
MessageBox(NULL,"Unable to deleted OCX File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
//Delete os*****.bin
GetWindowsDirectory(windir,sizeof(windir));

for(i=0;i < MAX_PATH;i++)
{
if(windir[i] == '\\')
{
windir[i] = '\0';
}
}
strcat(windir,"\\os291494.bin");

if(!DeleteFile(windir))
{
MessageBox(NULL,"Unable to deleted BIN File ...",InfoText,MB_OK);
error = true;
}
//===============================================================
if(error ==false)
{
MessageBox(NULL,"Removed VBOX Files and Registry Keys ...",InfoText,MB_OK);
}

//===============================================================
//Execute VSetupT.exe
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
cl = GetCommandLine();

if (!CreateProcess("VSetupT.exe",cl, NULL, NULL,FALSE,
NORMAL_PRIORITY_CLASS,NULL, NULL,&si, &pi))
{
MessageBox(NULL,"Unable to load \"VSetupT.exe\" ...",InfoText,MB_OK);
error = true;
}else
{
MessageBox(NULL,"Loaded \"VSetupT.exe\" ...",InfoText,MB_OK);
}
//===============================================================

return 0;

}
//===================================================================================