VLMenuPlus 5.00.0058 patching help!!!

[Newbie_Cracker]

Oh, last version is 5.0.0.59. Above address is for this version.

Look at the patched code :

Code:

1102C723   .  E8 F8470100   CALL VLMenu.11040F20     ->Reg check
1102C728   .  8B7D D0       MOV EDI,DWORD PTR SS:[EBP-30]
1102C72B   .  8D4D E8       LEA ECX,DWORD PTR SS:[EBP-18]
1102C72E   .  F7D7          NOT EDI
1102C730   .  FF15 7C120011 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeO>;  MSVBVM60.__vbaFreeObj
1102C736   .  66:85FF       TEST DI,DI
1102C739      74 1B         JE SHORT VLMenu.1102C756	      -> patch to jump over NAG sub-routine
1102C73B   .  8B16          MOV EDX,DWORD PTR DS:[ESI]
1102C73D   .  56            PUSH ESI
1102C73E   .  FF92 84080000 CALL DWORD PTR DS:[EDX+884]              ;  VLMenu.1100889D  -> Shows Nag

Reg check

Code:

11040F20   $  55            PUSH EBP
11040F21   .  8BEC          MOV EBP,ESP
11040F23   .  83EC 08       SUB ESP,8
11040F26   .  68 46380011   PUSH <JMP.&MSVBVM60.__vbaExceptHandler>  ;  SE handler installation
11040F2B   .  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
11040F31   .  50            PUSH EAX
...
...
...
11040FC2   .  8D55 D4       LEA EDX,DWORD PTR SS:[EBP-2C]
11040FC5   .  68 DCD90011   PUSH VLMenu.1100D9DC                     ;  UNICODE "Unknown"
11040FCA   .  52            PUSH EDX
11040FCB   .  FFD6          CALL ESI                                 ;  <&MSVBVM60.__vbaStrToAnsi>
11040FCD   .  50            PUSH EAX
11040FCE   .  8D45 D8       LEA EAX,DWORD PTR SS:[EBP-28]
11040FD1   .  68 CCD90011   PUSH VLMenu.1100D9CC                     ;  UNICODE "User"
11040FD6   .  50            PUSH EAX
11040FD7   .  FFD6          CALL ESI                                 ;  <&MSVBVM60.__vbaStrToAnsi>
11040FD9   .  50            PUSH EAX
11040FDA   .  8D4D DC       LEA ECX,DWORD PTR SS:[EBP-24]
11040FDD   .  68 14950011   PUSH VLMenu.11009514                     ;  UNICODE "VLMenu2"

Find these unicode strings. This sub-routine is called by 5 Call + 1 JMP. First Call is which we want.
If you cann't find it, use following sig to find NAG sub-routine. Maybe this is applicable :

Code:

FF 15 ?? ?? ?? ?? 83 EC ?? B9 ?? 00 00 00 8B DC B8 ?? ?? ?? ?? 83 EC 10 8B 3E 89 0B 8B 4D ?? 8B 17 89 4B

Patch the first instruction to RETN 4.

Please check this sig too, for finding above mentioned JE :

Code:

FF 15 ?? ?? ?? ?? 66 85 FF ?? 1B 8B ?? 56 FF ?? ?? ?? ?? 00 85 C0 7D ?? 68

Please upload the OCX for more analysis, if these worked or not.

Regards.