|
Tutorial Cracking :
Aoao Video to GIF Converter v2.2
|
Target : Aoao Video to GIF Converter v2.2
Tool : OllyDebug DeFixeD
Exe Info PE
Quick Unpack v2.1
Video to GIF Converter is a capture selected frames of the video file and save them to animation GIF or JPEG, BMP, PNG, TGA formats. So you can easily create high quality GIF animation files from your video clips, and support all popular video format,as Avi, Mpeg, Wmv, DivX, Rmvb etc.
Scan Video to GIF.exe dengan Exe Info PE untuk melihat programnya diproteksi apa??
UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Gunakan Quick Unpack untuk membuka proteksinya.
Buka Video to GIF.exe (hasil unpack)nya dengan OllyDebug DeFixeD.
Di "CPU - main thread, module Videot~1", klik kanan pilih "Search for" terus "All Referenced Text Strings".
Geser keatas terus cari kata "Reg Code has incorrect".
Ketemunya.
0063C4A6 MOV EDX,0063C6F0 ASCII "Reg Code has incorrect."
Klik dua kali.
0063C46A FF97 C8020000 CALL DWORD PTR DS:[EDI+2C8]
0063C470 A1 E4E76700 MOV EAX,DWORD PTR DS:[67E7E4]
0063C475 8038 00 CMP BYTE PTR DS:[EAX],0
0063C478 74 29 JE SHORT 0063C4A3
0063C47A 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0063C47D BA 50C66300 MOV EDX,0063C650 ASCII "Register successful !"
0063C482 E8 9188DCFF CALL 00404D18
0063C487 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
0063C48A BA 84C66300 MOV EDX,0063C684 ASCII "Thank you for choosing our software.",CR
0063C48F E8 8488DCFF CALL 00404D18
0063C494 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
0063C497 BA BCC66300 MOV EDX,0063C6BC ASCII "Email:[email protected]."
0063C49C E8 7788DCFF CALL 00404D18
0063C4A1 EB 27 JMP SHORT 0063C4CA
0063C4A3 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8]
0063C4A6 BA F0C66300 MOV EDX,0063C6F0 ASCII "Reg Code has incorrect."
Beri breakpoint dialamat "0063C46A"
Trus jalankan Ollynya.
Isi registrationnya.
Olly akan break dialamat tersebut.
Masuk kedalam "CALL DWORD PTR DS:[EDI+2C8]" atau tekan "F7".
0064AF88 55 PUSH EBP
0064AF89 8BEC MOV EBP,ESP
0064AF8B B9 46020000 MOV ECX,246
0064AF90 6A 00 PUSH 0
0064AF92 6A 00 PUSH 0
0064AF94 49 DEC ECX
Trace kodenya kebawah lagi "F8"
0064B076 . E8 9D9CDBFF CALL 00404D18
0064B07B . 8D85 00EEFFFF LEA EAX,DWORD PTR SS:[EBP-1200]
0064B081 . B9 ACB96400 MOV ECX,0064B9AC ; ASCII "Setup.ini"
0064B086 . 8B55 A4 MOV EDX,DWORD PTR SS:[EBP-5C]
.
.
.
0064B0A8 . 50 PUSH EAX
0064B0A9 . B9 C0B96400 MOV ECX,0064B9C0 ; ASCII "UserName"
0064B0AE . BA D4B96400 MOV EDX,0064B9D4 ; ASCII "Reg"
0064B0B3 . 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-60]
Trace kodenya kebawah lagi "F8"
0064B338 50 PUSH EAX
0064B339 B9 C0B96400 MOV ECX,0064B9C0 ; ASCII "UserName"
0064B33E BA D4B96400 MOV EDX,0064B9D4 ; ASCII "Reg"
0064B343 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-60]
0064B346 8B18 MOV EBX,DWORD PTR DS:[EAX]
0064B348 FF13 CALL DWORD PTR DS:[EBX]
0064B34A 83BD E4EDFFFF>CMP DWORD PTR SS:[EBP-121C],0
0064B351 75 28 JNZ SHORT 0064B37B
Trace kodenya kebawah lagi "F8"
0064B37B 6A 00 PUSH 0
0064B37D 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
0064B380 50 PUSH EAX
0064B381 B9 1CBA6400 MOV ECX,0064BA1C ; ASCII "KeyCode"
0064B386 BA D4B96400 MOV EDX,0064B9D4 ; ASCII "Reg"
0064B38B 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-60]
0064B38E 8B18 MOV EBX,DWORD PTR DS:[EAX]
0064B390 FF13 CALL DWORD PTR DS:[EBX]
0064B392 6A 00 PUSH 0
0064B394 8D45 A8 LEA EAX,DWORD PTR SS:[EBP-58]
0064B397 50 PUSH EAX
0064B398 B9 C0B96400 MOV ECX,0064B9C0 ; ASCII "UserName"
0064B39D BA D4B96400 MOV EDX,0064B9D4 ; ASCII "Reg"
Trace kodenya kebawah lagi "F8"
0064B687 E8 F89BDBFF CALL 00405284
0064B68C 85C0 TEST EAX,EAX
0064B68E 0F8E F3000000 JLE 0064B787
0064B694 8B45 CC MOV EAX,DWORD PTR SS:[EBP-34]
0064B697 E8 A498DBFF CALL 00404F40
0064B69C 83F8 04 CMP EAX,4
0064B69F 0F85 E2000000 JNZ 0064B787
0064B6A5 C605 CCDA6800>MOV BYTE PTR DS:[68DACC],0
0064B6AC B8 F4010000 MOV EAX,1F4
0064B6B1 E8 8A7FDBFF CALL 00403640
Dialamat "0064B68E" kode "JLE 0064B787" diganti "NOP"
Dialamat "0064B69F" kode "JNZ 0064B787" diganti "NOP"
Restart OllyDebugnya.
Langsung menuju ke dua alamat diatas.
Beri "NOP" dikedua alamat tersebut.
Trus simpan perubahannya.
15/04/10
|