|
|
|
|
#1
12-21-2004, 17:15
|
|||
|
|||
|
So far i haven't seen that *. msi install file that needs password for installation .
Most of the time is used InstallShield with greyed OK button , and when it is ungreyed (or correct password is entered) , msi installer starts (you can see this with looking \temp folder). Try with bp like "lstrcmpA" and similar . However have you tryed with some msi extractors like : MsiEx 0.2 [tulipfan] (hxxp://www.wasm.ru/all.php?mode=tool) ? Works fine for me  (after you have *.msi file from \temp of course)
|
|
#3
12-21-2004, 22:27
|
|||
|
|||
|
Try the following:
- Check for a temp directory where the instalation bootstrap files are located. The dll is probably there, at least if you're stopped at the error box. - Debug the install process an set ot break o LoadLibrary or on GetProcAddress, it should occur when you press next with an invalid serial. In a process monitor you won't see the dll in the loaded modules list, because it normally is loaded when the function is called, executed, and then freed - hence the 2 breakpoints I have suggested. The dll isn't actually linked with the installation process, so it's only loaded when needed.
|
|
#4
12-27-2004, 21:08
|
|||
|
|||
|
I suggest to try the Windows Installer Editor from Wise Package Studio.
So far I found that it is the best tool for editing .msi installer files (delete, replace components, edit scripts, etc). Custom dlls for authorization can be found in "Project definitions\resources"- simply reverse existing one, write your own with necessary features, replace original dll (somtimes it's possible to simply delete original security dll).
|
|
#6
01-02-2005, 14:58
|
|||
|
|||
|
Mkz,
thanks for you tips. Sorry I haven't replied in a long time as I was away for christmas - I have some questions though In Olly, I did a bpx LoadLibrary and GetProcAddress but there seem to be too many places from which this is happening. Any tips for how I should go about this under Ollydbg? Also, I can't find any temp dirs being created or accessed (although I can use winrar to look into the .msi archive - though none of the dlls there seem to be the ones with check serial function but I could be mistaken on this) I have yet to look at the russian site, I should probably do that. Thanks Quote:
|
|
#7
01-03-2005, 18:06
|
|||
|
|||
|
Did you activate the BPX's from the start, or only in the screen immediately before the check, just before pressing Next and getting the error?
|
|
#8
01-03-2005, 21:43
|
|||
|
|||
Use ORCA instead
A debugger for .msi is overkill...
Also you would have to break in msiexec.exe (the Installshield executable that runs the .msi) It's a mess! Alot easier way is to use ORCA (msi tables editor available with the MS Platform SDK) The SDK is available for free from Microsoft but it is unfortunately a mammoth download. So... Get ORCA here: /h--p://www.patchlink.com/downloads/support/orca.msi Install it and use it to open your .msi Now on the left side you'll see all the installer tables. Locate your username/password dialog and look at the conditions for next/ok button. Because there are a lot of tables in an .msi, focus on "ControlCondition", "ControlEvent", "Property" and "CustomAction" tables. Generally look around in there and you'll soon get the meaning. Post with more info (maybe even the program you're trying to crack) if you get in trouble and I'll try to give more details... PS. You were on the right path with your first post. Don't stray from that! Just look at your conditions a little better and you'll get it. It doesn't matter that the verification is done by an external dll, this is then evaluated by the installshield script. If you find where you can tell it to be happy with the result you're OK. Hope it helps.
|
|
#9
01-05-2005, 13:55
|
|||
|
|||
|
Actually i downloaded Orca a couple of days ago and it seemed very similar to the Installshield developer tool.
In anycase this is what I have so far with Orca (based on your instruction) I've attached a jpg with the tables of Control, ControlEvent, ControlCondition and CustomAction. Actually its kinda neat that Orca isolates everything (a little annoying as well as you don't get a visual representation that Installshield gives you ).I've only included the relevant table entries to reduce space so let me know if you feel you need more information. Control - The entry in question is CustomerInformation - this is where you enter the serial number. In fact the variable name "SERIALNUMBER" is right there for everybody to see. ControlCondition - Under CustomerInformation there are 2 entries, SerialNumberEdit and SerialNumberLabel, these don't look very interesting since I think they are just to edit the serial number. The Conditions "LicenseOK="1" looks interesting but I'm not sure where its set ControlEvent - Under CustomerInformation again, the Next has a DoAction which points to a LicenseCheck with condition 1. Changing the condition to "0" gives me the following error "The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2803" CustomAction - Here LicenseCheck is actually called _CheckLicense@4 and appears in TKCommonAct. So this is pretty much where I was when I posted the message initially. Hopefully I've included more details that might be helpful. I think it maybe easier to just post the msi file but I think it might invite the wrath of the admin. Thanks for all of your help. PS: I read the articale in wasm.ru, its pretty good except that the tool they suggest m_extract to extract any function calls in the msi file didn't work for me.
|
|
#10
01-05-2005, 13:20
|
|||
|
|||
|
Mkz,
I didn't know which bpx to activate as there were too many. I've included a jpg of the screen which lists locations for bpx LoadLibrary. Thanks Sailor_EDA Quote:
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
