|
hm
In the brief minute that I looked at this app I see two things. First is I patched a few random bytes on the original file and it did not crash. The fact I was even able to patch any bytes tells me it is not packed. Also I just loaded it in ida, and with the exception of some weird segment names and some ida msg, the file looks comphrensible and not packed. Why do you think it is upx? Although I could be wrong, I would suggest delete your unpack version, make a copy of the original app and just dissamble it in ida and have fun should run fine and be patchable. To answer your original question, just about any algo can be a crc algo. The most likely algos to be a crc are usually hash algos. And when you do encounter these, they are easy to spot as they either read from disk or read from memory the pe file, so just break on approriate apis, readfile, readmem etc. I dont think you have to do anything here but install the app and then patch the registration check.
|