                   HOW TO CRACK Dz PERL Builder v2.01
                   get this from http://www.dzsoft.com


by +DzA kRAker (Regele Piratilor)
dzakraker@yahoo.com


       Perl (perl - Practical Extraction and Report Language ) is one of my favorites  languages,and i think
there are many others like me.
       Perl is an interpreted language optimized for scanning arbitrary text files, extracting information from those text files, and printing reports based on that information. It's also a good language for many system management tasks. The language is intended to be practical (easy to use, efficient, complete) rather than beautiful (tiny, elegant, minimal). It combines (in the author's opinion, anyway) some of the best features of C, sed, awk, and sh, so people familiar with those languages should have little difficulty with it. (Language historians will also note some vestiges of csh, Pascal, and even BASIC-PLUS.) Expression syntax corresponds quite closely to C expression syntax. Unlike most Unix utilities, Perl does not arbitrarily limit the size of your data--if you've got the memory, Perl can slurp in your whole file as a single string. Recursion is of unlimited depth. And the hash tables used by associative arrays grow as necessary to prevent degraded performance. Perl uses sophisticated pattern matching techniques to scan large amounts of data very quickly. Although optimized for scanning text, Perl can also deal with binary data, and can make dbm files look like associative arrays (where dbm is available). Setuid Perl scripts are safer than C programs through a dataflow tracing mechanism which prevents many stupid security holes. If you have a problem that would ordinarily use sed or awk or sh, but it exceeds their capabilities or must run a little faster, and you don't want to write the silly thing in C, then Perl may be for you. There are also translators to turn your sed and awk scripts into Perl scripts.
      Enough definitions , let's talk about our target...
      DzSoft Perl Editor is a tool for writing, editing and debugging Perl CGI
scripts for Windows and Unix.Soundz good ,heh?...well,what do u think about
this:"Note that if you haven't registered DzSoft Perl Editor, you will see the
warning when you start the program and you will not be able to edit scripts
larger than 6 kilobytes. To register, click Help -> Registration in the main
window or visit the Registration section at http://www.dzsoft.com"
     So we have to deal with 1.The ugly "scroller nag" wich will show for about
10 seconds before starting the progie 2.The most important: remove that damn limitation.
     TOOL WE WILL NEED:
     W32DASM 8.9
     Softice 4.x
     HEXEDITOR (i use HIEW 6,but any other HEXEDITOR will do the job)
     Exescope 5
     1.THE NAG
     I will not insist very much on how i removed the stupid nag,bcoz nags are
very easy to do in most cases.The typical method of removing nags (wich will
work on Dz Soft Perl Editor also) is to put a breakpoint on some API wich is
very used by the target application,then run your progie and wait Softice to break
(i always use bpx regqueryvalueexa).After Softice breaks,and u are not in the
target process (in our case ,pleditor.exe),press F12 until u are.Now start tracing
with F10 until u meet the right call (the one wich will create the nag).How do u
know wich call will create the nag? Well,when it's executed , u will be kicked
from the debuger...and the nag will show...after u press the "try" button,the
debugger will pop again,just after that call.Now the only thing u have to do it's
type in TRW : d adress_of_the_call and write down the bytes (6 bytes),now go in HIEW,press F7,
look for those bytes,when u found them , nop them (nop=90).For our nag : d 4A97E5 ,
u should look for FF 92 D8 00 00 00 (u will find many references,but nop only the one
from 4A97E5).
     2.THE 6kb LIMITATION
     Try to do a source wich is bigger than 6kb,a message will pop:"U can't edit file
larger than 6 kilobytes in the unregistered version.Please register".Now,maybe u will say:
"Why don't we win32dasm pleditor.exe and look for that string?".It won't work...there
are now strings! Same thing with IDA...
     Bpx messageboxa does not work...seems like a desperate situation...
     hEy,wait...there is a  API we can breakpoint succesfully! Listen to your
speaker...now try to do something larger than 6kb...do we hear the beep from
our speaker right when the limitation message shows?Hehe,now we can start tracing
the code properly,coz we have our secret weapon : bpx messagebeep.
     Enter Softice,type bpx messagebeep,now try to do something larger than 6kb
again,hehe Softice pops in user32,now return to the caller with F11 ,in pleditor.exe.
u will see the folowing code:
     0040C361 E8BE7BFFFF              call 00403F24
     0040C366 81C494000000            add esp, 00000094
     0040C36C C3                      ret
     0040C36D 8D4000                  lea eax, dword ptr [eax+00]
     0040C370 6A00                    push 00000000
     0040C372 E861AEFFFF              Call USER32!MESSAGEBEEP
     Good...now that we know this a dead listing of pleditor.exe will be VERY usefull.
     So,disassemble pleditor.exe...after the listing is ready,press goto/goto code location
and enter the offset  u saw in softice (wich is 40C372).
     Heh,the listing is looking far better than what we have in softice,take a look:
     :0040C361 E8BE7BFFFF              call 00403F24

     * Referenced by a (U)nconditional or (C)onditional Jump at Address:
     :0040C32D(C)

     :0040C366 81C494000000            add esp, 00000094
     :0040C36C C3                      ret


     :0040C36D 8D4000                  lea eax, dword ptr [eax+00]

     * Referenced by a CALL at Address:----->>HEHE..THIS IS SOMETHING IMPORTANT
     :004A5BFC

     :0040C370 6A00                    push 00000000

     * Reference To: user32.MessageBeep, Ord:0000h
                                  |
     0040C372 E861AEFFFF              Call 004071D8


     Ok,we see the reference from the call at 4A5BFC....let's go there and see what
happens:). Again,click goto/goto code location,and enter 4A5BFC.
     If u have entered the offset corectly,u should see:
     :004A5BE3 E85051FDFF              call 0047AD38
     :004A5BE8 5A                      pop edx
     :004A5BE9 E8C250FDFF              call 0047ACB0
     :004A5BEE 83FB06                  cmp ebx, 00000006-----compares ebx,wich is our current
source size,with 6 (the limit)
     :004A5BF1 7E60                    jle 004A5C53---if less or equal to 6 don't jump and
execute eventually the bad call.
     :004A5BF3 803D4AE64A0000          cmp byte ptr [004AE64A], 00---i wonder...is the user
registered?
     :004A5BFA 7557                    jne 004A5C53---if it's not registered, i will execute
this nasty call wich follows.
     :004A5BFC E86F67F6FF              call 0040C370
      So if we modify the jle at 4A5BEE in a jmp (EB),or the jne at 4A5BFA ina a jmp
or je.Let's try to edit something wich is bigger than 6kb...worx perfectly now!
     Thus the job is not 100% done...try to open a perl source bigger than 6kb,a nag with
4 buttons will show...let's quickly remove the nag:) open pleditor.exe in exescope...
click ressource/rcdata...Hum...what's this:"TSIZELIMITFORM"? the nag form,ofcourse,
click it,write down the offset (e9978).Hexedit pleditor.exe and go to offset e9978.
The hex code of the nag begins with "TPF0"...let's see what happens if the proggie does
not longer find the nag ressource...rename TPF0 in what do u wannt or simply nop the code.
Cool,no more nag...just a message box with ok button sayng "invalid stream format"...after u click ok
the proggie loads your source perfectly ( not truncated!).Now our final task is to remove
the stupid message box wich might become annoyng (easy).Just do a bpx messageboxa in softice
just before you insert your "over-sized source",softice will pop...press F11...back to messagebox...press ok,back in softice,u should see:
     44D415 push eax
     44D416 call user32!messageboxa
     Replace push eax 50 with a nop (90) and the messageboxa will not show.
     see ya in my next tut!









