WannaSpeedCom
06-23-2010, 10:46 PM
I've run across a trial .net program that uses intelilock. You enter your serial, it then checks online to verify correct serial. If yes it apparently downloads a license file containing the correct serial information.
I am unable to open the program in .net reactor as the intellilock also injects invalid metadata into the NT header. Ollydebug is very little help although after much effort I managed to find the memory location for the registration popup. I was then able to open it up in Hiew and fumble around enough to make changes to the registration box. I manager to remove the icon, change some text, even break the "enter key" button.
CFF Explorer opens it and gives me lots of fun information that appears useful to someone that knows more about .net programs. I tried to correct the metadata using CFF but .net reactor just found new errors.
IDA pro opens it up, but I don't know how to use the program and where to begin.
So, any ideas on a program to use, and where to go about Reverse engineering this overly protected file? Its lots of fun, I've been trying for a week now.
EDIT:
I made some progress. I was able to remove 1 error from .net reflector using CFF explorer. The first error was "Invalid number of data directories in NT header"
now I have another error "contains zero or multiple module definitions". I found this site that address' the problem, but I don't think his native language is english so i'm not exactly sure what to do. I kinda followed it but not all of it works out the way he says.
http://hi.baidu.com/dreamzgj/blog/item/5cd5f1456fedc388b2b7dc8a.html
[Please DO NOT reply to yourself. Use Edit button if you have something to add to your post]
I am unable to open the program in .net reactor as the intellilock also injects invalid metadata into the NT header. Ollydebug is very little help although after much effort I managed to find the memory location for the registration popup. I was then able to open it up in Hiew and fumble around enough to make changes to the registration box. I manager to remove the icon, change some text, even break the "enter key" button.
CFF Explorer opens it and gives me lots of fun information that appears useful to someone that knows more about .net programs. I tried to correct the metadata using CFF but .net reactor just found new errors.
IDA pro opens it up, but I don't know how to use the program and where to begin.
So, any ideas on a program to use, and where to go about Reverse engineering this overly protected file? Its lots of fun, I've been trying for a week now.
EDIT:
I made some progress. I was able to remove 1 error from .net reflector using CFF explorer. The first error was "Invalid number of data directories in NT header"
now I have another error "contains zero or multiple module definitions". I found this site that address' the problem, but I don't think his native language is english so i'm not exactly sure what to do. I kinda followed it but not all of it works out the way he says.
http://hi.baidu.com/dreamzgj/blog/item/5cd5f1456fedc388b2b7dc8a.html
[Please DO NOT reply to yourself. Use Edit button if you have something to add to your post]