How to crack components for Delphi: AHM TritonTools 2000 Beta 1.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
URL: http://www.tritontools.com/index_e.html
Cracker: tKC/CiA '99
Many people asked me to write a tutor how to crack the components, and
I decided to write this quickly. There are many components with different
protections, most of 'em can be defeated on this way I'm teaching you below.
It's pretty easy, let's start! Oh wait, this time I'll use AHM2000 for D4
(Delphi 4) but it can be done with D3! ;)
Step 1. Run Delphi and install the components. (Components/Install Packages)
Step 2. Open a new form and put 1 of the AHM components on the form (let's
say we'll use AHMIEButton) and compile PROJECT1.EXE!
Step 3. Quit Delphi, run PROJECT1.EXE, looks fine, nothing happens.
Step 4. Set your date ahead to 2000 year, and run again PROJECT1.EXE.
Step 5. *boom* Expired! Also it loads your Netscape or IE4/5 or your default
web browser. Not nice eh? Ok, now we'll work..
Step 6. Copy PROJECT1.EXE to PROJECT1.W32, also copy to PROJECT1.EXX for backup.Step 7. Load your W32Dasm and open PROJECT1.W32, done? Ok, click Imported
Functions and double click on kernel32:GetLocalTime. Again double it.
Step 8. Now you'll see like:
* Referenced by a CALL at Addresses:
|:004443D3 , :004455BE
:00408440 83C4E8 add esp, FFFFFFE8
:00408443 8D442408 lea eax, dword ptr [esp+08]
:00408447 50 push eax
* Reference To: kernel32.GetLocalTime, Ord:0000h
:00408448 E85BD9FFFF Call 00405DA8
(The address might be different coz of your Delphi's runtime files)
Step 9. Now notice referenced calls above, we'll try Address 4455BE. Press
Shift-F12, type 4455BE and let's go!
Step 10. Now we get the following:
:004455BE E87D2EFCFF call 00408440 <--- that's where we were..
:004455C3 DC5DF4 fcomp qword ptr [ebp-0C]
:004455C6 DFE0 fstsw ax
:004455C8 9E sahf
:004455C9 7609 jbe 004455D4 <--- check if it expires
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004455D2(C)
:004455CB E818FEFFFF call 004453E8 <--- NAG and shell execute
:004455D0 84C0 test al, al your web browser!
Step 11. Ok, what now? We'll change JBE 004455D4 to JMPS 004455D4, the offset
address is 449C9, right?
Step 12. Run HIEW, open PROJECT1.EXE, press F5 and enter 449C9..
Step 13. Change 76 to EB by using F3, then save it (F9) and it'll look like:
000449C9: EB09 jmps 0000449D4 -------- (1)
000449CB: E818FEFFFF call 0000447E8 -------- (2)
000449D0: 84C0 test al,al
000449D2: 74F7 je 0000449CB -------- (3)
000449D4: 803B00 cmp b,[ebx],000 ;" "
Step 14. Now run PROJECT1.EXE. Kool, it doesn't expire! Is it done now? NO! ;)
Step 15. Run Delphi and UNINSTALL your AHM packages, then quit Delphi.
Step 16. Let's goto your AHM folder where you've installed your packages.
Remember we've used AHMIEButton from Enhanced components, we'll need
to find which file does it use. Let's try at AHMEnhancedD40.bpl..
Step 17. Run HIEW and open AHMEnhancedD40.bpl, press F7 to search for "76 09"
(in bytes). Now we find:
00004EFD: 7609 jbe 000004F08 -------- (4)
00004EFF: E818FEFFFF call 000004D1C -------- (5)
00004F04: 84C0 test al,al
00004F06: 74F7 je 000004EFF -------- (6)
Step 18. Change 76 to EB and save it. Open another file: AHMEnhancedClass.dcu..
Press F7 to search for "76 09" and we find:
000067E6: 7609 jbe 0000067F1 -------- (3)
000067E8: E80000 call 0000067EB -------- (4)
000067EB: 0000 add [bx][si],al
000067ED: 84C0 test al,al
000067EF: 74F7 je 0000067E8 -------- (5)
Step 19. Change 76 to EB and save it! Now run your Delphi and re-install your AHM
package and put AHMIEButton on the form again, compile it!
Step 20. Set your date to year 2000 (if you've changed back to 1999 earlier)
Run your compiled project. Does it expire? NO! Kool! Easy?! :)
Step 21. Now you can do with other components on the same way above.
Step 22. Enjoy it, tKC................email: tkc@reaper.org