Ulead Photo Express 3.0

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Ulead Photo Express 3.0

Type : Image Editing
Protection : Date Check
Tech : Patching

Crack : Hunt from starting.

0x4A3679 MOV EDX,[EBP+6C]
0x4A3688 CALL 0x6349CE >> NAG SCREEN
0x4A368D ADD ESP,10 >> RESTORE STACK
0x4A3690 TEST EAX,EAX
0x4A3692 JZ 0x4A38E5 >> BAD BOY
....................
0x4A369D CALL 0x6349DA
0x4A36A2 TEST EAX,EAX
0x4A36A4 JNZ 0x4A36F4 >> GOOD BOY

To crack :
0x4A3679 JMP 0x4A36F4
File = ipe30.exe
Offset = 0xA3679
MOV | 8B 55 6C ==>> JMP | EB 79 90

>> WE REACH HERE ....MAKE EIP = 0x70025DD
.................................
0x70025DD POP EDI
0x70025DE POP ESI
0x70025DF POP EBX
0x70025E0 RET

I found an interesting behaviour ..if we make EIP = 0x70025DD the program runs..even if our trial
period is over.

Trace till we reach in GA_MAIN Module.....

0x4FC026 PUSH FFFFFFFF >> DUMP HERE ...
0x4FC02B CALL EAX ==>> EAX= 0x4CB41C - OEP

Use PEditor and change EP of dumped file.
EP = 4CB41C - 400000 = CB41C

Now we can run this dumped file :)

1 >> BAD BOY
....................
.................... >> SIMILAR ONE OR TWO CHECK
....................
0x411317 LEA EAX,[EBP-00D0] >> REAL S/N
0x41131D PUSH EAX
0x41131E LEA EAX,[EBP-0090] >> FAKE S/N
0x411325 CALL 48B3C0 >> ANOTHER CHECK
....................
0x41132B TEST EAX,EAX
0x41132E JZ 411340 >> GOOD BOY

May be program is using many set of S/N ... that is why registration details is checked
many times.
Our S/N seems to be working ... but after some days the program is self deleting
registration file "Uedit32.reg" ... why ??? is it a protection or bug ...

Registration Info :

Name = DHEERAJ
S/N = U5T4T-M0P4V-07Z2I-C1P00

4
015F:0041DF97 6689AEC0000000 MOV [ESI+000000C0],BP <-- Flag Set

Fix :

015F:0041DE98 66BD0200 MOV BP,0002 - Offset = 1DE98
015F:0041DE9C 90 NOP
015F:0041DE9D 90 NOP
015F:0041DE9E 6683FD02 CMP BP,02
015F:0041DEA2 0F8EEA000000 JLE 0041DF92

Name : Set your name ....

REGEDIT4

[HKEY_CURRENT_USER\Software\MGShareware\Screen Saver Builder]
"User"="DHEERAJ"

D EAX,000000FF
0x41715F CMP EAX,14
0x417162 JNZ 41733F

Many other interesting encryption are also there which i am not explaining .... just
go inside it and explore.

Registration Info :

Reg Key = 555555555555555555555555B8M3HH28B22B427701MDLUH0
Concurrent Users = 32
Expiration Date = None
Processors = 3
********************************************************
Reg Key = 55555555555555555555555567M3HH28B22B427701MDLUH0
Concurrent Users = 247
Expiration Date = None
Processors = 3
********************************************************
Reg Key = 55555555555555555555555567M3LD28B22B427701MDLUH0
Concurrent Users = 24700
Expiration Date = None
Processors = 1
********************************************************
Reg Key = 55555555555555555555555555555555B2MB4277BODH56HX
Concurrent Users = 3520180
Expiration Date = None
Processors = 4

his