Name : Quick View Plus Trial Version : 5.1 Editor : JASC Target : qvp51.exe Tools : W32Dasm Snooper Hiew Brain Cracker : LW2000 Tutorial : No.37 http://www.jasc.com/ --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- 1. Ok, after the 15 day trail Quick View Plus greets you with a nag, without the continue option. You can deinstall the proggy, or exit it. This is not what we want *g*. So let's snoop a bit. Mhmm, Qvp.dll, quite interesting. Let's make a deadlisting in W32Dasm. Mhhm, no interesting SDR, but what's about the Export/Import Functions? You should see this: [...] DllCanUnloadNow DllGetClassObject FVGetDocObjectView QVPManager QVPTrialWareStart <<<--- nice *g* 2. Let's go to QVPTrialWareStart. Doubleclick on this string and close the E/I Window. * Referenced by a CALL at Address: |:208058D7 <--- here we go Exported fn(): QVPTrialWareStart - Ord:000Bh :20805650 81EC28010000 sub esp, 00000128 :20805656 53 push ebx :20805657 55 push ebp :20805658 56 push esi :20805659 33DB xor ebx, ebx :2080565B 57 push edi :2080565C 891D340A8220 mov dword ptr [20820A34], ebx :20805662 E8E9FEFFFF call 20805550 :20805667 3C51 cmp al, 51 :20805669 88442413 mov byte ptr [esp+13], al :2080566D 7417 je 20805686 :2080566F 3C73 cmp al, 73 :20805671 740F je 20805682 :20805673 33F6 xor esi, esi :20805675 8BC6 mov eax, esi :20805677 5F pop edi :20805678 5E pop esi :20805679 5D pop ebp :2080567A 5B pop ebx :2080567B 81C428010000 add esp, 00000128 :20805681 C3 ret 3. Goto 208058D7 to see what's going on. * Reference To: QVP.QVPTrialWareStart :208058D7 E874FDFFFF call 20805650 <<-- jmp to function QVPTrialWareStart :208058DC 83C404 add esp, 00000004 :208058DF 85C0 test eax, eax <<-- test is ok if eax =1 :208058E1 0F84DD060000 je 20805FC4 <<-- If test fails jump to expired :208058E7 8B4508 mov eax, dword ptr [ebp+08] :208058EA A3280A8220 mov dword ptr [20820A28], eax :208058EF E86C240000 call 20807D60 :208058F4 8BF0 mov esi, eax :208058F6 A144058220 mov eax, dword ptr [20820544] :208058FB 33FF xor edi, edi 4. Ok, let's beat this babe! To fake the trailperiod simply fill eax with 1 by 20805650 and then return. To do this, note the offset, start hiew and goto the offset with F5. Then press F3 for editmode and F2 to enter asm commands. Then type: mov eax, 1 [Enter] ret [Enter] [Esc] Save your work and try to use Quick View Plus. Congratulation! You have beaten the trail! FINISH! Easy, or? cu LW2000 Any comments? Mail me LW2000@gmx.net !!! ---- tKC, thx for your tutors! I started with tutor 1 and i still read them... they are the best!