Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Team Project: PHP Processor v1.2???
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #8  
Old 02-21-2004, 20:44
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
  
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
padawan, you used stripper??? then i understand. look here:

005996BA |. 8945 D4 MOV DWORD PTR SS:[EBP-2C],EAX ; |
005996BD |. C645 D8 0B MOV BYTE PTR SS:[EBP-28],0B ; |
005996C1 |. 8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C] ; |
005996C4 |. 33C9 XOR ECX,ECX ; |
005996C6 |. B8 74975900 MOV EAX,_PHPProc.00599774 ; |ASCII "Can't load language library: %s.lng"
005996CB |. E8 7016E7FF CALL _PHPProc.0040AD40 ; \_PHPProc.0040AD40
005996D0 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
005996D3 |. E8 A4B8E6FF CALL _PHPProc.00404F7C
005996D8 |. 8BD0 MOV EDX,EAX
005996DA |. B9 98975900 MOV ECX,_PHPProc.00599798 ; ASCII "Error!"
005996DF |. A1 D0735A00 MOV EAX,DWORD PTR DS:[5A73D0]
005996E4 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005996E6 |. E8 9162EDFF CALL _PHPProc.0046F97C
005996EB |. E8 48B2E6FF CALL _PHPProc.00404938
005996F0 |> FF15 2C6F5A00 CALL DWORD PTR DS:[5A6F2C] if you use stripper, this DWORD will be 00598F3C. this means: program expired (this dword is set by aspr). you have to modify this offset to 00598E28 and all works perfect.
005996F6 |. A1 D0735A00 MOV EAX,DWORD PTR DS:[5A73D0]
005996FB |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005996FD |. E8 EA60EDFF CALL _PHPProc.0046F7EC
00599702 |. 33C0 XOR EAX,EAX
00599704 |. 5A POP EDX
00599705 |. 59 POP ECX
00599706 |. 59 POP ECX
00599707 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
0059970A |. 68 24975900 PUSH _PHPProc.00599724
0059970F |> 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24]
00599712 |. BA 05000000 MOV EDX,5
00599717 |. E8 D4B3E6FF CALL _PHPProc.00404AF0
0059971C \. C3 RETN
0059971D .^E9 0AADE6FF JMP _PHPProc.0040442C
00599722 .^EB EB JMP SHORT _PHPProc.0059970F

MaRKuS TH-DJM / SnD TeaM

PS: it doesn't use any APIs like you mentioned. but all the parameters (or lets say: DWORDS) for the program are set while ASProtect unpacks the target. so it is able to lead the code to other location (like here) where the program says: unregistered. so you can't find a way to crack it. but as you see, it is possible.
Last edited by MaRKuS-DJM; 02-21-2004 at 20:48.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Intel Processor Tracing Computer_Angel General Discussion 3 12-04-2015 03:36
Full version of Project-52 and Project-AVR Yaumen General Discussion 0 08-10-2004 16:27


All times are GMT +8. The time now is 23:40.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )