Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com


Main | Index

Max Format 1.22b2

Type : Disk Format Utility
Protection : Packed
Tech : Memory Dump


Crack : Here nothing is done with import table of the program
so our work is simple like unpacking ASPack.

1 Go to the end point of the unpacker routine.
2 Use a memory dumper like PE-Editor to dump the entire process
to a file.
3 Find out the Original Entry Point [ OEP ] of the program.
4 Changed the entry point of the dumped file with PE-Editor.

Entry Point = OEP - Image Base

Note : If the program does not break at start point in symbol loader -
Change the FLAG of TEXT Section to = E0000020

End point of the unpacker routine is shown below :

0x4594F1 POPAD
0x4594F2 JNZ 0x4594FC
.....................
0x4594FC PUSH 0x443578 >> OEP
0x459501 RET >> DUMP HERE : USE 'JMP EIP' HERE TO
FORM A INFINITE LOOP AND COME OUT
OF SICE.THEN DUMP FULL PROCESS.THEN
OPEN DUMPEDFILE IN HEX EDITOR AND
CHANGE 'JMP EIP' TO 'RET'.

Change the entry point of the dumped program file.

= 0x3F2E0 > 0x13BA0
S/N = 258784 i.e in decimal of 0x3F2E0


BE DIFFERENT
xxxxxxxxx JMP xxxxxxxx =========>> IN YOU COMPUTER AS IT USES
............................... =========>> DYNAMIC LOADING....
================= ******BE CARE FULL
=====SMC STUFF=== ******
=================
0x5627CA MOV AX,0004 | 66 B8 04 00 ===>> WHEN YOU REACH HERE RAISE EXCEPTION i.e

CHANGE 66 B8 ==>> 00 00 - THIS WILL RAISE AN EXCEPTION ...AND PROGRAM WILL NOT
DETECT SICE.

Now finding S/N for this program is realy simple.Enter any fake S/N and in SICE
BPX HMEMCPY ....trace ...

0x490CF8 CALL 4A72DC ==> MAIN CHECK
0x490CFD TEST AL,AL
0x490CFF JZ 490D6C

INSIDE CALL 4A72DC ...

0x4A75AE MOV EDX,[EBP-10] ==>> REAL S/N
0x4A75B1 MOV EAX,[EBP-08] ==>> FAKE S/N
0x4A75B4 CALL 403ECC
0x4A75B9 SETZ BL ===> FLAG SET

Registration Info :

Name = DHEERAJ
S/N = 556858-416753758-PP
LIC = SITE LIC


MPOP.TTY"