REVERSING ADVANCED GIF OPTIMIZER V 2.2 stupid programer -------> stupid protection by +DzA kRAker dzakraker@yahoo.com u can get the shareware at www.gold-software.com/ago.html welcome to another newbie tutorial... this will be a short one... tools: we will use the AWESOME filemonitor from System Internals (there r hundreds of proggies that can be cracked only with this little tool) the protection:the author of the protection,a german,surely knows what a cracker is and has protected his proggie with the common tricks (exe ,dll encryption,Meltice will detect if softice is loaded,registration code will validate only after the program restarts).In the first 10 minutes of cracking i was thinging that this programmer is a smart guy....but it's just an idiot like MANY others; the crack :The target is limited to 15 uses...let's see if the target stores somewhere the number of times we started the proggie...First make the target expire. Now open filemon, run the expired target...enter filemon,click ctrl+e (capture) now take a close look at the files aog.exe reads...there are two suspicious files : winfile.dat (notice that tricky name),and volapi.crc.....both "hidden" in windowze folder.Those files may contain what we r looking for... open winfile.dat with notepad or whatever...and...what we have here?...GUESS WHAT!?...the only thing this file contains is the number 15....this is , offcourse the number of times we started the proggie...and the file is not encrypted (what an idiot!)...so modify the 15 with 0....run the proggie... OOPS!...still expired.This means there is a check elsewhere 2....let's take a look at that volapi.crc file , open it in notepad,hum this one is encrypted... anyway,we don't need this one...delete it! ok,let's see what happens... run ago.exe.And the application thinks that we just started our evaluation period... the same thing happens if we simply delete the winfile.dat and volapi.crc...now to simplify our work ,enter notepad and write the folowing lines: del c:\windows\system\volapi.crc del c:\windows\winfile.dat save it to a bat file (eg. restoretrial.bat)..and we run it each time advanced gif optimizer expires.And there will be a looooooong evaluation period for us.....So we cracked this without decrypting the exe,without tricking meltice, without loosing our time finding the correct reg code...anyway it can be done this way 2 (TIP: ago stores the registration string in HCKU/SOFTWARE//KEY, enter as string value 12345678 or whatever (our fake reg number)...offcourse ago will check this string at startup to see if it is good....he will use regopenkeya to accest the string in registry..u will need 2 trick meltice (bpx createfilea),or simply use frog's ice...ago opens many keys in registry,so it will take some time....) p.s. : this is just a unlimited uses crack...the nag is still there. #C0C0C0">This is my forth tutorial and more to come. cya