|
Genesis Pro v2 Photoshop plug-in Flares and Stripes Forever |
||
| Date 1/2/2001 |
by
Sojourner/Jomamameister
|
|
|
There is a crack, a crack in everything. That's how
the light gets in.
|
||
| Rating |
(x)Beginner ( )Intermediate
( )Advanced ( )Expert
|
This one was way
too easy!
|
|
Ah, Genesis has been around many years. Earlier incarnations were used in Photoshop and 3DS Max from Kinetix. Even now, the 3DS Max flare looks like it was based on this product. Additionally, there is no Max plug-in for this product, although there is a Lightwave plug. Go figure! What it does is produce some very exceptional flares and other similar types of effects. Try it, you'll like it! Mikey even likes it!
|
|
w32dasm 8.x--your choice of flavors
not needed--hex editor needed- UltraEdit 7.xx or whatever you want to use
not needed--resource editor- Restorator 2.5
|
|
Just go to this site and then download what you need.
|
|
What to do - Register this baby!!
|
|
Alright, here we go to the heart of this job. Have you downloaded this prog yet? C'mon,
go get it and then come back, otherwise we really can't play together. Once you've
downloaded and installed the program, run it through Photoshop or Corel, whichever. It
won't really matter as far as we're concerned. For practical matters though, since we
will run everything through w32dasm, it would be best to tackle the smaller executable
which in this case is Photoshop. We have to run through the parent calling program,
otherwise we cannot follow the code in the plug, which is what we really need to do
anyway. Disassembling Photoshop will take a little bit of time, but once it's done you
can save it for future reference. Ah, what a great life we have. Knowledge frees you
from certain drudgery friends. Now, back to work. After you've played awhile and seen
how the program works, you can get down to the basic reason why we're here today. Read
"What to do" above.
Are you ready? Good. Come along into the code forest with me. It's not too dark today.
One of the things I initially did after unfolding the program was to look for important
strings or dialogs. There are actually some valuable ones that I found. Most importantly
are:
"Your trial period has ended. Please register GenesisV2PRO."
"You are on day %d of your %d day trial."
"Registration information incorrect!"
Dialog: DialogID_00D1, CONTROL_ID:049B, "Register"
Running through w32dasm, we will have to load the genV2PRO.8bf after we have success-
fully started the Photoshop program, so be sure to disassemble genV2PRO.8bf before
actually doing this, otherwise you'll have a delay with your work. Another little
tidbit, you won't actually be able to load genV2PRO.8bf until you call it forth in
Photoshop in the Filters menu choice. It doesn't even show up until then in the .dll
section.
Let's take a little tour of some of my string nuggets.
1."Your trial period has ended. Please register GenesisV2PRO."
If you investigate somewhat above this string, you'll find some calls. Two of them will
take you to the time checking routines, which will see what's left on the day timer.
So, of course conceieveably, you could fix this here somewhere if you need to. You
will, nevertheless, have to deal with the lame nag which always pops up at the start
of our prog unless you register this baby.
1."You are on day %d of your %d day trial."
At 1001169D 85ED test ebp, ebp
1001169F 7524 jne 100116C5
you see this setup. As long as ebp has at least a one in it, this guy will keep on
jumping like a good energizer bunny. So you get the general idea about it.
Now jump way past this stuff with this little link.
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1001160F(C), :10011642(C)
|
:10011654 B9F84D0410 mov ecx, 10044DF8
:10011659 E8F2F9FFFF call 10011050
:1001165E 83E001 and eax, 00000001
:10011661 8BE8 mov ebp, eax
:10011663 85ED test ebp, ebp
:10011665 741A je 10011681
:10011667 B9F84D0410 mov ecx, 10044DF8
:1001166C E86FFBFFFF call 100111E0
:10011671 85ED test ebp, ebp
:10011673 7428 je 1001169D
:10011675 B9F84D0410 mov ecx, 10044DF8
:1001167A E8A1FAFFFF call 10011120
:1001167F 23E8 and ebp, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10011665(C)
|
:10011681 85ED test ebp, ebp
:10011683 741C je 100116A1
:10011685 8D44241C lea eax, dword ptr [esp+1C]
:10011689 B9F84D0410 mov ecx, 10044DF8
:1001168E 50 push eax
:1001168F E8CCFBFFFF call 10011260
:10011694 83F801 cmp eax, 00000001
:10011697 1BC0 sbb eax, eax
:10011699 F7D8 neg eax
:1001169B 23E8 and ebp, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10011673(C)
|
:1001169D 85ED test ebp, ebp
:1001169F 7524 jne 100116C5
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10011683(C)
|
* Possible StringData Ref from Data Obj ->"Your trial period has ended. Please "<--HERE
->"register GenesisV2PRO."
|
:100116A1 688C300410 push 1004308C
* Possible Reference to Dialog: DialogID_00D1, CONTROL_ID:0513, "(c) Copyright 1999
Future Fantastic. All"
|
:100116A6 6813050000 push 00000513
:100116AB 56 push esi
:100116AC FFD3 call ebx
:100116AE 6A00 push 00000000
* Possible Reference to Dialog: DialogID_00D1, CONTROL_ID:04C3, "Evaluate"
|
:100116B0 68C3040000 push 000004C3
:100116B5 56 push esi
* Reference To: USER32.GetDlgItem, Ord:00EBh
|
:100116B6 FF151C450610 Call dword ptr [1006451C]
:100116BC 50 push eax
* Reference To: USER32.EnableWindow, Ord:00ABh
|
:100116BD FF1520450610 Call dword ptr [10064520]
:100116C3 EB23 jmp 100116E8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001169F(C)
|
:100116C5 8B44241C mov eax, dword ptr [esp+1C]
:100116C9 6A1E push 0000001E
:100116CB 8D4C2424 lea ecx, dword ptr [esp+24]
:100116CF 50 push eax
* Possible StringData Ref from Data Obj ->"You are on day %d of your %d day "
->"trial."
|
:100116D0 6864300410 push 10043064
:100116D5 51 push ecx
:100116D6 FFD7 call edi
:100116D8 8D4C2430 lea ecx, dword ptr [esp+30]
:100116DC 83C410 add esp, 00000010
:100116DF 51 push ecx
* Possible Reference to Dialog: DialogID_00D1, CONTROL_ID:0513, "(c) Copyright 1999 Future Fantastic. All"
|
:100116E0 6813050000 push 00000513
:100116E5 56 push esi
:100116E6 FFD3 call ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100116C3(U)
|
:100116E8 C7050C97051000000000 mov dword ptr [1005970C], 00000000
:100116F2 E9BA010000 jmp 100118B1
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:100116F2(U), :10011714(U), :10011736(U), :1001176B(U), :10011780(U)
|:1001178D(C), :1001185A(U), :1001186D(U), :1001187F(U)
|
:100118B1 B801000000 mov eax, 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:10011405(U), :10011425(U)
|
:100118B6 5D pop ebp
:100118B7 5F pop edi
:100118B8 5E pop esi
:100118B9 5B pop ebx
:100118BA 81C434020000 add esp, 00000234
:100118C0 C21000 ret 0010
Past.
Good. You made it. Going through the code woods can be a bit confusing at times.
Let's look at one more little string.
"Registration information incorrect!" Go see!
This is THE most important reference we have fellow reversers. If you work your way way
back up the food chain here you may run across some references to variables which you
think might help. Don't worry too much at this point, because the answer is closer than
you think. You see that little cmp opcode at:
10017309 3BF0 cmp esi, eax
Yes, this one. All you need to do is look in both registers to find what you need. Now
you may make the appropriate entry into the code requirement and your obedient prog will
register itself and never bother you again.
The end!
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001724D(C)
|
:100172F2 6A0B push 0000000B
* Possible StringData Ref from Data Obj ->"1234567890"
|
:100172F4 68E8300410 push 100430E8
:100172F9 689A970510 push 1005979A
* Reference To: MSVCRT40.strncpy, Ord:044Eh
|
:100172FE FF1570440610 Call dword ptr [10064470]
:10017304 83C40C add esp, 0000000C
:10017307 33C0 xor eax, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100172F0(U)
|
:10017309 3BF0 cmp esi, eax <--HERE
:1001730B 741D je 1001732A
:1001730D 6A00 push 00000000
:1001730F 8B4508 mov eax, dword ptr [ebp+08]
* Possible StringData Ref from Data Obj ->"Error"
|
:10017312 6860200410 push 10042060
* Possible StringData Ref from Data Obj ->"Registration information incorrect!" <--HERE
|
:10017317 68D8310410 push 100431D8
:1001731C 50 push eax
* Reference To: USER32.MessageBoxA, Ord:0188h
|
:1001731D FF150C450610 Call dword ptr [1006450C]
:10017323 C745DC00000000 mov [ebp-24], 00000000
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1001718A(C), :100171A2(C), :1001730B(C)
|
:1001732A C745E401000000 mov [ebp-1C], 00000001
:10017331 837DDC00 cmp dword ptr [ebp-24], 00000000
:10017335 742B je 10017362
:10017337 8D45E4 lea eax, dword ptr [ebp-1C]
:1001733A 8B4D14 mov ecx, dword ptr [ebp+14]
:1001733D 50 push eax
:1001733E 8B5510 mov edx, dword ptr [ebp+10]
:10017341 51 push ecx
:10017342 8B450C mov eax, dword ptr [ebp+0C]
:10017345 52 push edx
:10017346 8B4D08 mov ecx, dword ptr [ebp+08]
:10017349 50 push eax
:1001734A 51 push ecx
:1001734B 8D8D1CFFFFFF lea ecx, dword ptr [ebp+FFFFFF1C]
:10017351 E80AE3FFFF call 10015660
:10017356 C745FCFFFFFFFF mov [ebp-04], FFFFFFFF
:1001735D E81E000000 call 10017380
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10017335(C)
|
:10017362 8B45E4 mov eax, dword ptr [ebp-1C]
:10017365 8B4DF4 mov ecx, dword ptr [ebp-0C]
:10017368 64890D00000000 mov dword ptr fs:[00000000], ecx
:1001736F 5F pop edi
:10017370 5E pop esi
:10017371 5B pop ebx
:10017372 8BE5 mov esp, ebp
:10017374 5D pop ebp
:10017375 C3 ret
The end!
|
|
This was a simple lesson, and fun. Not too difficult to figure out. Until later. If you have any questions please feel free to contact me at jomamameister@yahoo.com
|
|