|
@TechLord
Mahmoudnia's link still works.
@Mahmoudnia
It's a long story. Read my post at tuts4you for some hint.
In short, address 0130A21D is the Is_Registered_DWORD1.
1. It was initialized to FALSE (value 0x5B4E0215) at first.
2. Set to TRUE(value 0x7CBDC03A) if License File: RSA decryption and signature verification, decryptions for each fields and checksums all Okay. Else FALSE again, no go further.
3. Set to FALSE if HWiD not matches, error message, exit.
4. Decrypting each setions of the application, resolving imports, relocating, and so on.
What we do is find out the Is_Registered_DWORD1 address and TRUE/FALSE values, and patch it to TRUE at some place before the check.
Easy or difficult, depending on how much understanding for the Oreans' VM architecture.
|