Acid_Cool_178
presents he's
| #22 Tutorial |
| For Hellforge |
This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.
| Athour Information |
| acid_cool_178@hotmail.com | ||
| Age | 17 | |
| Web Page | http://acidcool.cjb.net/ | |
| Date | Febuary 2K | |
| Member in | Hellforge | Flying Horse Cracking Force |
| Groups Web Page | Hellforge Login | FHCF Login |
| Program Infromation |
| Name | Get Right 4.1.2 | |||||
| getright.exe | ||||||
| Size | 1759KB (Only the EXE file) | |||||
| Athour | Michael Burford / Headlight Software, Inc. | |||||
| Where to Downlaod | www.getright.com or www.download.com | |||||
| Tools used | W32Dasm Hiew |
Downlaod At | ||||
| 1. Player Tools | ||||||
| 2. Programmer Tools | ||||||
| What kind of a program | Crackme | Shareware | ||||
| Skill | Easy | Not so easy | Hard | X-pert | ||
| Information about the Protection I |
Thos protection only got one code to enter.
| The Process |
Open getright and find "about getright" in the menu. Ther you can see "*
* * * Please do not pirate this software * * *" and a "Code" button
When the program are registered then will the code buttan dissapear and "* * * *
Please do not pirate this software * * * " will be raplaced with registered
Now, open getright.exe in W32Dasm and search for "regstered" and you will fins
this adter some time.
:004016D5 85C0 test eax, eax
:004016D7 7451 je 0040172A
<-- jump to bad code.
:004016D9 8D45EC lea eax, dword ptr [ebp-14]
* Possible Reference to String Resource ID=00327: "You Have Registered GetRight.
Thank You!"
|
:004016DC 6847010000 push 00000147
<-- Start og
good code
:004016E1 50 push eax
:004016E2 E81CE80900 call 0049FF03
Now, scroll to the jump and in W32Dasm you can see the @Offset. The jump are at offset AD7
Close getright.exe and open it in Hiew, Press enter twice and you will now be in
decode mode. If you now are in decode mote then press F4 and choose "Decode"
Goto (F5) the offset and enter inn AD7 [ENTER] and you will now stand at
the jump.
Edit the code by pressing F3 and enter inn 9090.
Now you have NOP'ed the jump. NOP means No OPeration and now the program will jump
over the jump and start on the good code.
Update the file by pressing F9 and exit by pressing F10 or Escape
Run getright.exe and you can see the the "code" button are gone. Thets good but
you can still see "* * * * Please do not pirate this software * * * "
Lets remove that. search for "please do not" and you will land here.
:00401745 85C0 test eax, eax
:00401747 7509 jne 00401752
<-- Jump to the start og bad code.
:00401749 E8673A0900 call 004951B5
:0040174E 85C0 test eax, eax
:00401750 7451 je 004017A3
<-- Jump to good code
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401747(C)
|
:00401752 8D45EC lea eax, dword ptr [ebp-14]
* Possible Reference to String Resource ID=00459: "* * * * Please do not pirate this
software * * * *" <-- You land here
|
:00401755 68CB010000 push 000001CB
<-- Bad
code.
The jump at 00401747 has the @Offset B47 and that all you need to now.
What we will do now are to NOP the JNE and change JE to JMP so the program always will
jump to the good code :)
Close getright and open it in Hiew.
Toto decode mode and press F5 and enter B47 [ENTER]
Edit the code (F3) and enter 9090.
Update the file (F9) and goto the JE jump
When you are stanting at the JE jump then press F3 (Edit) and F2 (Edit ASM code)
change JE to JMP [ENTER]
Update the file and exit.
Now are getright registered :)
| Ending |
Nothing mutch to say, hars serial to find in SI. I have tried with no success.
| Greetings |
LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ and all the other i have forgotten