Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Need some help with cracking an .msi install file
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-05-2005, 19:40
Mkz Mkz is offline
Friend
  
Join Date: Jan 2002
Posts: 98
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 25 Times in 17 Posts
Mkz Reputation: 2
Activate the "kernel32.GetProcAddress" BP after you inserted the serial and before you press Next.
You'll hopefully catch it retrieving the address of that "CheckLicense" function, amongst others. Then you can BP that function, and see what it does and which module it comes from in the file system.
Reply With Quote
  #2  
Old 01-05-2005, 20:52
zebediah
 
Posts: n/a
orca continuing..
I cannot download attachements yet.
Consider uploading your screenshot at some free webspace
(eg. /h--p://us.imageshack.com/)
or your whole .msi to some similar
(eg. /h--p://www.yousendit.com or /h--p://www.ezshare.de)
and posting the links so I can get the files.
In the meantime:
If you look at the "ControlEvent" table you'll see several columns.
Does Next have more than one entries?
It probably has (one with the license check and another(s) with the next action
should license check passed succesfully)
The last column "Ordering" specifies which Next Action is executed first (smaller order)
Also if the DoAction you're referring to has the form "LicenseCheck=1" (I'm just guessing here
as I can't see the screenshot) don't bother to change the "=1" to "=0".
Just replace the whole "LicenseCheck=1" with "1" (true) and give it a try.
I can probably help more if you post the files somewhere I can get them...
Think simple
Reply With Quote
  #3  
Old 01-11-2005, 13:21
Sailor_EDA Sailor_EDA is offline
Friend
  
Join Date: Nov 2004
Posts: 68
Rept. Given: 8
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 50
Thanks Rcvd at 4 Times in 2 Posts
Sailor_EDA Reputation: 2
Here is a link to an image of the orca msi tables
http://img50.exs.cx/img50/7523/orcamsitables9nb.jpg
And here is a link to an image of calls I get when I do a bpx kernel32.GetProcAddress in Olly
http://img5.exs.cx/img5/1949/intermodularcalls1kw.jpg

Thanks for all of your help.
Sailor_EDA
Last edited by Sailor_EDA; 01-11-2005 at 13:30.
Reply With Quote
  #4  
Old 01-11-2005, 16:38
hksonngan
 
Posts: n/a
I found this useful h**p://wxw.reteam.org/papers/e42.pdf
Reply With Quote
  #5  
Old 01-13-2005, 04:26
zebediah
 
Posts: n/a
quick fix with orca
The image below shows the minimal changes in msi tables needed to
bypass the serial.
You will notice that the custom setup dialog is displayed twice.
This can be corrected, but some more table editing is required and I'd rather
not devote the time as the main thing is accomplished.

A little explaining:
This setup was a little more clever in that the Next button had a DoAction of
resubmitting itself [CustomerInformation_Next] until a valid serial.
But .msi is always the weak link as you can change the action to display another
dialog (in this case CustomSetup) further down the installation sequence.

Look at the picture with "before"->"after" comparison and you'll understand what
I mean.
Regards.
Attached Images
File Type: jpg toolkit.JPG (31.0 KB, 31 views)
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 07:05.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )