I'm attempting to crack a 30-day time limited program with no nags. The program works fully featured until the final day in which a box will come up indicated that the trial expired.

What are the known methods used (especially on more expensive software packages) to store this information? If anyone has some experience with this, please feel free to share your advice with a newbie so I don't go re-inventing the wheel. Since i'm very unexperienced, I'm looking for some suggestions as to how they are monitoring the date. What can I breakpoint on to see whats going on?

Thanks for any input!!
NF

Try "bpx GetLocalTime". For VB progs, "bpx rtcGetPresentDate" also works, perhaps this function is implemented with GetLocalTime.

Try bpx gettickcount

Also another important note:

If you change the date forward and then start the program, It reflects the increase by decreasing the number of trial days left. If you change the system clock back, you will now get the "trial expired" message box and no program.

Also, for example if I had 30 days left in the trial and I uninstalled and then reinstalled OR just reinstalled, I would get the "trial expired" box.

Isn't it true that this information MUST be stored in a file or registry for it to remember even if it's program directory has been deleted.

If this information adds anything new that could help me limit down what I should be looking for, please let me know!!

Thanks
NF

In this case you really out to check out the registry and local file system.
Use RegMon and FileMon and see what this program stores and where. Once you find out where it's storing the info, you can experiment all you want

LS

Another way (easy way out in some cases).....

BPX MessageBoxA....set your clock ahead....when expired message pops sice...F11 back to proggie code

above the call for the MessageBox you'll probably see a Call (or if you're lucky the compare itself)....trace through & find the DaysLeftInTrial compare and patch it ;-)

You guys are good!! I succeded at patching one of the six applications included in the "suite". The one I started with was the smallest and probably the easiest.

I initially started out using Reg and Filemon, but saw nothing that looked anything like either writing or reading date information. zI then tried the various Time APIs, but they were called too frequently and it was difficult to figure out which one was a good place to break in. I then used MessageBoxA and traced back. Found the byte and nop'd it. Works so far.

I started to do the next one, but so far no luck. It must be deeper than I think...I'll keep looking though. I guess It is pretty normal for the actual call to be embedded much further in the code than a couple of page ups right?

Thanks for your help!! This is the first program I ever attempted to crack.

Thanks!!
CC

Some General Suggestions.
I an not an expert as other people that have answered your post before, but I have been in similar woods as you are now.

When you set bpx on time-related API functions, is not unusual that softIce breaks a bunch of times. Many of the calls are not coming from your target application! Make sure to deactivate as many apps as possible from the system tray and from the system in general. Real Player, for instance calls a GetsytemTime like every second. GetRight does it too. Trim down windows to the Bare bones. Then the Time API call breaks may be more relevant.
2- Some times the Protection obtains the current time by creating or modifying a file and then quering the file time stamp. BPX on the Usual windows time API calls will not catch this. CreateFileA may do the trick.
3- Do all Applications on the suite time out simultaneously when you advance your computer clock? or each one seems to keep its own 'time of instalation' record. You may get away with cracking the time keeping files or dll devices instead of cracking each App individually.

I did find the section of code by bpxing the GetLocalTime API finally. I do know that it creates two temporary files and deletes them within the startup, don't know if that helps me at all.

I'm currently wading through the code prior to the call to MessageBox. It's difficult to find the place where the comparison is made on the remaining 5 programs. The one that I did crack seems to be completely different than the other 5. The 5 all have the same "format" and once I find one of them, I should be able to fix all 5 using the same method. Haven't had much time to mess with it, but I'll play with it on the weekend.

Yes, all 6 of the applications time out on the same date. Unfortunatly, I can't find where it's getting the time info in either the Registry or a file. I setup filemon and regmon on another computer and installed the software there. I saved the logs. I keep seeing that it's accessing a few keys that have the words "cryptography" and "seed". Is this some area that is hidden? Is this where the date information could be?

Thanks!
CC