|
January 1999 |
"Uninstall Manager v2.60" (Locating a simple cmp) |
Win '95/'98 PROGRAM Win Code Reversing
|
|
|
by Punisher |
|
|
|
Cracking 4 Newbies |
|
|
Program Details Program Name: um260.zip Program Type: Uninstall Management Program Program Location: http://www.softseek.com/ Program Size: 458 KB |
||
|
Tools Used: Soft-Ice -- Debugger |
||
|
Rating |
Easy ( X ) Medium ( ) Hard ( ) Pro ( ) |
There is a crack, a crack in everything. That's how the light gets in. |
Uninstall Manager v2.60
(Locating a simple cmp)
Written by Punisher
|
Introduction |
" Getting files off of your system is a lot harder than installing them. Megabytes of junk files on your hard disk waste space, slowdown your system, and conflict with software. The solution to this overcrowded mess is Uninstall Manager. Uninstall Manager is the program that lets you safely remove unwanted software and return your system to its original state. "
|
About this protection system |
This program makes use of a startup nag screen through which you can register or through the about menu item. The Registration dialog has two fields to enter:-
Registration Name :
Registration Key :
|
THE ESSAY |
Install Uninstall Manager and run it. You are immediately bombarded with an ugly nag screen with two buttons, one to register and one to continue evaluating.
Click the regidter button and the register dialobox pops up. Enter your name and a fake regkey.
Go into Soft-Ice by pressing ctrl-d. Set a breakpoint on hmemcpy.
Leave Soft-Ice by pressing ctrl-d. Now click the Ok button in the rgistration dialogbox. Soft-Ice breaks in kernel at hmemcpy.
Since Uninstall Manager makes six calls to hmemcpy we are going to pass over the first five calls to get to the sixth one. We do this by typing x and pressing the [ENTER] button five times.
We are now in hmemcpy for the sixth time. Press F11 to get back to the caller. Now press f12 six times to get to Uninsman code.
Now Single step using F10 until you get to this piece of code.
0137:0045B9B9 CALL 00407434 ; Call that calculates real regkey
0137:0045B9BE CMP EBX, EAX ; compare of fake(eax) and real key (ebx)
0137:0045B9C0 JNZ 0045B9C6 ; bad_cracker_jump
Step past CMP EBX, EAX using F10 and have a look at the contents of EBX. Do this by:-
>>> ? EBX
You will see three sets of numbers on soft-ice command line. The one in the middle is the real regkey. Write it down.
Clear all break points.
>>> bc *
Let the program run by typing x and pressing the [ENTER].
A messagebox pops telling you wrong regkey. Get rid of it and enter the key you wrote down.
A messagebox pops telling you thanks for registering.
I will like to say thanks to +Fravia, Sandman, CrackZ, Cruehead, Iczelion and all the others out there who help by providing the knowledge to make this possible.