Requirements :
IDA
Some asm knowlege
Information :
Target: DzSoft Perl Editor 3.0
Author: hEYWIRE
Download : http://www.dzsoft.com
About:
The purpose of this Tutorial is to offer help to anyone wishing to study the art of Reverse Code Engineering. Breaking protection systems in programs is an intellectual challenge, it should NOT be used to steal software. REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! . Peace hEYWIRE
Program Info:
DzSoft Perl Editor is the best tool for writing, editing and debugging Perl CGI scripts.Note that if you haven't registered DzSoft Perl Editor, you will see the warning when you start the program and you will not be able to edit scripts larger than 6 kilobytes. To register, click Help -> Registration in the main window or visit the Registration section at http://www.dzsoft.com
Registering :
Ok run the target program, we get a message box telling us that it is a unregistered program and there is a file size limit. Ok so scan the program with your favorite PE-identifier. We now know it’s packed with ASProtect. If you have never manual unpacked a program packed with this packer. Then go find all the tutorials you can find about manual unpacking this packer. If you have, then just get a program to unpack this program.
Got the program unpacked? Good. Now lets disassemble this program with W32DASM. You will notice that there is no Strings or Dialogs. So W32DASM is not dissembling the program fully. Let’s try it with IDA. Ok with IDA we have strings etc.. Now lets find the string we see in the message box at the start of this program.
|
aThisIsUnregist db 'This is unregistered trial version of DzSoft Perl Editor ',0Dh |
|
; DATA XREF: CODE:004BA485 <-- this is the call Click here |
|
db 0Ah |
|
db 'that does not supports files larger than 6 kilobytes. ',0Dh |
|
db 0Ah |
|
db 'After the registration you will be able to edit in ',0Dh |
|
db 0Ah |
|
db 'DzSoft Perl Editor all scripts without any size limits. ',0Dh |
You will land here:
|
CODE:004BA46C |
call sub_44492C |
|
CODE:004BA471 |
call sub_4AAE80 |
|
CODE:004BA476 |
test al, al |
|
CODE:004BA478 |
jnz short loc_4BA4DD <-- Are we registered |
|
CODE:004BA47A |
push 0 |
|
CODE:004BA47C |
mov cx, ds:word_4BA9C8 |
|
CODE:004BA483 |
xor edx, edx |
|
CODE:004BA485 |
mov eax, offset aThisIsUnregist ; "This is unregistered trial version of" |
|
CODE:004BA48A |
call sub_45AA80 |
|
CODE:004BA48F |
cmp eax, 6 |
|
CODE:004BA492 |
jnz short loc_4BA4A7 |
Yep its a simple jump that decides if where registered or not. So let’s change it to JE. So start the program and we get a Message box "ASProtect API not found! Running in unregistered mode." ok lets find this string in IDA. Found it? Good. Find where this string is pushed, You should be here:
|
CODE:004AAD9B |
call GetProcAddress_0 <-- Find ASProtect API |
|
CODE:004AADA0 |
test eax, eax <-- If found EAX = 1 |
|
CODE:004AADA2 |
jnz short loc_4AADC1 <-- API found no message box |
|
CODE:004AADA4 |
push 0 |
|
CODE:004AADA6 |
push offset dword_4AAE38 |
|
CODE:004AADAB |
push offset aAsprotectApiNo ;"ASProtect API not found! Runnin" |
|
CODE:004AADB0 |
push 0 |
|
CODE:004AADB2 |
call MessageBoxA_0 <-- call the message box |
OK you know what to do, change the JNZ to JE and that’s it. Run the program again and there should be no message box. We now have fully working program. No size limit on files and no message boxes at startup. All that’s left to do is get rid of the string "Registered to" or find where the program keep's the users registering details.
Final Notes :
That’s it for this Tutorial, hope you learned something, if there is any spelling mistake or grammar errors then forgive me, IM only human. Just a short note, REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! Peace hEYWIRE