hi guys,
i have been using the reversing tools for some time and managed to understand something and do some patching and reversing. even managed to create a license for a dongled software.

i have downloaded the pe-explorer (v1.99) which is 30 days evaluation version. so i thought i will try to use the skill on it to remove its 30 days limitations.

PEID finds it as Delphi program which is not packed but has encrypted sections. the program starts with a banner screen and a statement it is a 30 day evaluation.

string search brings out a "30 day evaluation" string but it appears to be a decoy. in memory the string location is different. though i find a TLS section i am not able to find a call before the EP. though i did allow the program to decrypt itself and got a dump, the iat positions are different though the PE header is same!

any one tried and any information?

Definitely an advanced target, look for something simpler to start with.

Git

hi
dactuner.exe is a PC based guitar tuner compiled in C++; apparerently not packed.

there are essentially calls everywhere instead of jumps. The software allows 10 trials. it has an "applic.dll" which has a 8 letter string BCFNCDAE (it varies from computer to computer) ; the letter N is the count for the trials (M means 10 trials left, N means 9 left, O means 8 left, etc and W means all used up;

if we HEXEDIT the file to modifiy the letter, (say after 5 trials. the letter is R; if we change it say N), it disables "continue to use without register" option. That means, it has the record of use somewhere else also; not in the main program (i have hex compared the unused version and exhausted version)

there is a file called English.idm (which lists the strings used in the various Tforms) the relevant one is

[(r)fmSolicitar]
lblRegistroSoftware=This is a non registered version.
lblExplicacao=Choose one of the options below and click on 'Proceed'.
radioCompreiCD=Comprei o CD e quero ativar!
radioQueroComprar=I want to register!
radioAtivarSoftware=I already bought and want to activate!
radioComprarDepois=Register later...
lblTempoRegistrar=This software needs to be registered.
lblTempoUso=You may use this software
lblTempoVez=time.
lblTempoVezes=times.
hintBtnAjuda=To know how to register your software.
hintBtnFechar=Quit

the variable lblTempoVez contains the number of times the trials are left. i am trying to find where in the system files, the trial count is normally stored. (software.log or application.log?)
any ideas or suggestions are welcome

regards
knr

Maybe it is stored in a small file in system32 directory?. Try sorting by date and see what appears near the top.

Git

hi
thanks git; using the api break at registry query, i located a registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Afinador_SA
which has the same value as in applic.dll

so by resetting the file and the key, i am able to get the trial runs restart. but still i am trying the find the code section where the initial splash and the end splash are shown.

i will look more in the code today and see what i can do

regards
knr