| Page 1 of 1 |
|
|
 Posted: Thu, 28th Jan 2010 22:15 Post subject: Dll file content problem... |
|
 |
I have a dll file which is part of a registry/acceptance file which contains text data which has to match users name in the app its used on.
The file can be loaded into say dll export viewer etc but it shows no data.. all other dll's do, what sort of protection is used to stop a dll viewer seeing this?
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 02:42 Post subject: |
|
|
ah thanks for reply..
well this is what I see openig dll with reshacker.
somewhere in there is a name tag of sorts called "G8IHT" and i want it to be "M6ZOO"
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 12:25 Post subject: |
|
|
RCDATA is a simple resource element, a txt file could be used instead too. If it contains licence data i am quite sure its encrypted. Its all i can say without knowing more about that app.
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 12:57 Post subject: |
|
|
Post the thingy !
Anyway, what's stopping you from cracking the app to accept any username as valid ?
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 19:13 Post subject: |
|
|
knowledge vga, i can probably use tools to look for where etc but im not superb at changing data..
it is just apparenly a simple check on what u enter into a info box in the app. its basic as can be im sure... its not main stream stuff..
the app is a radio amateur app for decoding digital modes...
http://mixw.net/index.php?j=downloads
v2.19 is latest at bottom..
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 20:39 Post subject: |
|
|
App is standard MS C++, not packed.
Sense Amid Madness, Wit Amidst Folly
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 21:00 Post subject: |
|
|
Hehe, this program isn't THAT simple to crack. Anyways, a quick peak reveals the reg routine here:
0044E3B3 |. E8 D3B51400 CALL MixW2.0059998B
0044E3B8 |> A1 2CAC6600 MOV EAX,DWORD PTR DS:[66AC2C]
0044E3BD |. 33F6 XOR ESI,ESI
0044E3BF |. 3BC6 CMP EAX,ESI
0044E3C1 |. 75 39 JNZ SHORT MixW2.0044E3FC
If 0066AC2C is set to 1, program is registered. Program checks this bool multiple times, so best just set 66AC2C to 1 instead of patching JMPs.
When I did this the UNREGISTERED COPY box disappeared, and the about box says registered to: " ". I assume this is what you want? There might be other secret checks...
Sense Amid Madness, Wit Amidst Folly
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 21:42 Post subject: |
|
|
ah well what happens is where its set to 1 maybe just a switch but usually where it says registered to it will have ur call in it like "G8IHT" etc instead of "." if u go into options in the app and enter sommething in format of Letter/number/ then 3 more letters see if it shows what u entered in the info part where it says registered to again.. 
think its under logging info or call log info its at top in the menu somewhere.,. all u need to to is enter the call sign as format i stated...
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 29th Jan 2010 21:57 Post subject: |
|
|
I couldnt get it dissasembled at all using some apps, what you use tainted ?
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 30th Jan 2010 00:37 Post subject: |
|
|
www.ollydbg.de
And I'm not sure I quite understand what you're trying to say with the "registered to" and "call sign" stuff.... can you be a bit more specific?
Sense Amid Madness, Wit Amidst Folly
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 30th Jan 2010 00:46 Post subject: |
|
|
well, i have a dll file sent to me from a fellow ham operator and his call sign is in the dll as part of the reg dll they send u.,, now i can use it *( he sent me it to use)* but it makes all the macros and anything else auto feature show his callsign when i transmit,, so thats not good lol,, i want my call sign in it  which is what i wanted to start hunting for,,
as it seems if u change his callsign in the personal info part it de-registers, if u then change it back u look at about info its back registered, so its why i thought it must be fairly simple thing to locat and change..
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
