Contact Me : dheeraj_np@usa.net or gl_force@usa.net
             www.glcrackforce.50megs.com
Main | Index

Offline Explorer Pro 1.4.322 SR 1

Type       : Offline Explorer
Protection : Serial & ASPack
Tech       : Unpacking and Patching


Crack File : Click here to download ...


Crack : In this version finding S/N is little bit harder.But it can be easily
cracked by setting a flag.

(1) Unpacking :

    Change the flag of CODE section to = E0000020 so that it will break in symbol
loader at entry point[Use PE Editor].And now trace...

...............................
0x5614EB MOV [EBP+0x443EA1],EAX     >> EAX = 0x507F90 --> OEP
0x5614F1 POPAD
0x5614FC JNZ 0x5614FC
.....................
0x5614FC PUSH 0x507F90
0x561501 RET                        >> DUMP FULL MODULE HERE - USE 'JMP EIP'

Now change the EntryPoint of the program by using PE Editor.

EP = OEP - BASE ADD = 507F90 - 400000 = 107F90

Now our dumped file will run and it is unpacked too.Now we can patch
it.

(2) Patching :

    We must find where the program is setting flag for registration.
For this we put a BPX on the deep inside the S/N validation algorithm
and then restart the application :) If it uses the same routine at
start up also we will break in to it.


S/N validation main CALL :

0x4CF622 CALL 0x4F67DC
0x4CF627 TEST AL,AL
0x4CF629 JZ 0x4CF6A9               >> BAD BOY

INSIDE CALL 0x4F67DC

0x4F67E0 CALL 0x4F62CC
              ||||
              vvvv
         0x4F67E0 CALL 0x4F62CC    >> BPX HERE,ENOUGH DEEP :)

Now restart the program..we will break here now trace back...
Till we reach here ..

0x4F664D MOV AL,[EBP-01] | 8A 45 FF >> MAKE AL = 1 TO CRACK
0x4F6650 POP EDI

Patch :

0x4F664D INC EAX     | 40 OFFSET = 0xF664D
0x4F664E NOP         | 90
0x4F664F NOP         | 90