Web
: http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com
DzSoft Perl Editor 5.2 Build 7/8/02
Type : Nice Perl Editor
Crack :
I think cracking involves luck ... it was realy hard to find the reg check in this new version as they have put it in some other thread or something .... it was just hard to trace and also it was packed with ASProtect.But i think it was born to be cracked.
CALL 53AE94
Now just put BPX ON 53AE94 .It is call twice at start up and when the user click "About Box"
Startup :
54C45D CALL 53AE94
About Box
53B4F4 CALL 53AE94
All we need is that CALL 53AE94 should return AL = 01.Lets look inside this CALL ...
53AF10 MOV AL,[EBP-01] = 8A 45 FF
As this baby is packed we must use a Loader to patch it like ....
53AF10 XOR EAX,EAX = 33 C0
That is all [ Please refer to DzSoft Perl E
Protection : ASProtect .. Serial
Tech : Loader
As i told it was realy hard ... used many techniques but failed ... An idea came to my mind "why not dump the program running on the pc and use w32dasm".We can't use w32dasm on exe file as it is packed.Will w32dasm work with the dump file ... i don't know what programs real OEP is.Will it work ..."who cares ..lets do it".So i did was to do a plain dump of the running program using PEditor.And used w32dasm on this dump with all section flags set to E0000020 of this dump file[other wise w32dasm will not show you any thing].
To my surprise it worked .... search for string "unregistered" ... now just look few lines up you can see the reg check call ....
TEST AL,AL --- MAKE AL = 01 GOOD BOY
JZ 53B5EE
54C462 TEST AL,AL
54C464 JNZ 54C533
53B4F9 TEST AL,AL --- MAKE AL = 01 GOOD BOY
53B4FB JZ 53B5EE
53AF13 MOV ESP,EBP = 8B E5
53AF15 POP EBP
53AF16 RET
53AF12 INC EAX = 40