|
Tutorial Cracking :
WinCHM v4.05
|
Target : WinCHM v4.05
Tool : OllyDebug DeFixeD
Exe Info PE
WinCHM is a very easy-to-use help authoring tool. Not needing to learn too much, you can be master of creating HTML help(CHM), Web help, PDF and Word documents. Using WinCHM you can not only make help files with nothing, but also convert a set of HTML files into a CHM file.
Buka winchm.exe dengan Exe Info PE.
"Borland Delphi 6.0 - 7.0"
Load winchm.exe di OllyDebug.
Langsung cari Referenced Text Strings dengan kata "illegal"
Ketemunya :
0050FD6E MOV EDX,0050FE84 ASCII "Illegal registration code!"
Klik dua kali.
0050FD69 EB 0D JMP SHORT 0050FD78
0050FD6B 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0050FD6E BA 84FE5000 MOV EDX,0050FE84 ASCII "Illegal registration code!"
Trace kodenya keatas.
0050FD05 E8 F6F9FFFF CALL 0050F700
0050FD0A A1 C4A15400 MOV EAX,DWORD PTR DS:[54A1C4]
0050FD0F 8338 00 CMP DWORD PTR DS:[EAX],0
0050FD12 74 57 JE SHORT 0050FD6B
0050FD14 8B0D C4A15400 MOV ECX,DWORD PTR DS:[54A1C4] ; winchm.0054C1F0
0050FD1A 8B09 MOV ECX,DWORD PTR DS:[ECX]
0050FD1C 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
0050FD1F BA F8FD5000 MOV EDX,0050FDF8 ; ASCII "Thank you for purchasing our product!",CR,LF,CR,LF,"License type: "
Beri breakpoint dialamat "0050FD05".
Run Ollynya atau F9.
Isi registernya trus klik ok.
Olly akan break dialamat "0050FD05".
Step Into ollynya atau F7
0050FCF2 BA E8FD5000 MOV EDX,0050FDE8 ; ASCII "RegCode"
0050F700 55 PUSH EBP
Step Over ollynya atau F8
0050F818 72 0B JB SHORT 0050F825
0050F81A 74 15 JE SHORT 0050F831
0050F81C 2D 0E270000 SUB EAX,270E
0050F821 74 1F JE SHORT 0050F842
0050F823 EB 2E JMP SHORT 0050F853
0050F825 A1 C4A15400 MOV EAX,DWORD PTR DS:[54A1C4] ; Case 0 of switch 0050F815
0050F82A E8 194BEFFF CALL 00404348
0050F82F EB 3E JMP SHORT 0050F86F
0050F831 A1 C4A15400 MOV EAX,DWORD PTR DS:[54A1C4] ; Case 1 of switch 0050F815
0050F836 BA E8F85000 MOV EDX,0050F8E8 ; ASCII "Single-user License"
0050F83B E8 5C4BEFFF CALL 0040439C
0050F840 EB 2D JMP SHORT 0050F86F
0050F842 A1 C4A15400 MOV EAX,DWORD PTR DS:[54A1C4] ; Case 270F of switch 0050F815
0050F847 BA 04F95000 MOV EDX,0050F904 ; ASCII "Unlimited-user License"
0050F84C E8 4B4BEFFF CALL 0040439C
Berhubung acara mancing serial codenya batal, gak ketemu, hehehhh....
Akhirnya cari HOT SPOT buat patch!
Dialamat "0050F818" kode "JB SHORT 0050F825"
Ganti dengan :
Kode "JMP 0050F842"
Simpan perubahannya.
Sukses sudah....!!!
Nb:
Kalau WinCHM masih versi Starndart, kamu bisa patch menjadi Pro.
Dialamat "0050FD31" kode "JNZ" diganti "NOP"
17/03/10
|