View Single Post
  #3  
Old 12-12-2002, 02:32 AM
crUsAdEr crUsAdEr is offline
Member
 
Join Date: Dec 2002
Posts: 7
Default

Hi rmlobvx,

I downloaded the program... the protection itself is really weak like you said... It makes no attempt to hide any information from us crackers... PE-header is intact... (gosh, i was scratching my head and thinking LordPE was buggy, when i select BreaknEnter with bpint3 and the program runs on without breaking ...

After a while i concluded that the DLL does the job of decrypting the exe... to unpack the exe is simple.. I put a bpm on OEP then let it run, the second time the programbreaks, the exe is fully decrypted only IAT redirected with a simple xor scheme...

I look for the IAT redirection routine and found that it uses a DLL created at run time, store in temp directory... so i dump and rebuild this dll, disassemble it and find where to patch the IAt redirection, once done our IAT will not be redirected and Imprec rebuilds for me fine...

Now the easy part is over, i attempt to look for license checking routine but alas i found none??? Filemon and regmons both dont give anything... i foudn where the Nag is called but the routine is REALLY long... the variables list itself is already about 3 pages on IDA :/... and the dll that i dump form temp directory is more than 1Mb :/... I must admit that i am not accustomed to playing with overly bloated code... simple routines looks like MD5 hash now :/... and here i am kinda stumped and unable to locate the license checking routine...

:/... how should i find the license checking routine?

Thanks
crUs...

PS : i am going on a holiday so i'll be back in a short while... keep it up and i'll catch up with ya hopefully ...
Reply With Quote