Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
DzSoft Perl Editor 4.0
Type : Perl Editor
Protection : ASProtect - 6KB file limit
Tech : Loader
Crack : This ASProtect sucker is becoming a real problem....now unpacking
this
stuff is not so easy ....but here we will make a loader to load and patch our
target.
First of all we must find where to patch ...for this observe DzSoft Perl Editor.
It is showing "UNREGISTERED" in status bar ... this will be our attack
point.
In SICE BPX GETSTARTUPINFOA
When we break in to programs code ....search for "UNREGISTERED" ...
s -a 0 l ffffff "UNREGISTERED"
Now use - BPR xxxxxxxx xxxxxxxx RW - where you found "UNREGISTERED"
Now continue ....
As soon as program reads this memory we break in to SICE ....look up wards ..
we will see ...
0x4C8324 CALL 4BC144
0x4C8329 TEST AL,AL
0x4C832B JNZ 4C8397 | 75 6A ----> GOOD BOY must jump - this will solve every
thing
So we must make : JNZ = 75 6A ---> JMP = EB 6A
We wil make a simple loader .....
Loader :
//=========================Proc Patch ===============================
//loader.cpp
//MxB
//***********************************
//email : [email protected]
//web : mxb.cjb.net
//***********************************
//===================================================================
#include <windows.h>
//===================================================================
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,
LPSTR lpCmdLine,int nShowCmd)
{
STARTUPINFO si;
char InfoText[] = "MxB NET - DzSoft Perl Editor 4.0";
unsigned long i = 0;
unsigned long AddressOfPatch1 = 0x004C832B;
char DataRead[2] = {0};
char* cl;
PROCESS_INFORMATION pi;
char FileName[] = "Pleditor.exe";
//============================================================
//Patch Data
char scanbyte1 = 0x75;
char scanbyte2 = 0x6A;
//============================================================
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
cl = GetCommandLine();
if (CreateProcess(FileName, cl, NULL, NULL,FALSE,
NORMAL_PRIORITY_CLASS,NULL, NULL, &si, &pi))
{
//=====================================================
//=====================================================
//Patch
ReadProcessMemory(pi.hProcess, (LPVOID) AddressOfPatch1,
DataRead, 2, NULL);
for(;DataRead[0] != scanbyte1;)
{
ReadProcessMemory(pi.hProcess, (LPVOID) AddressOfPatch1,
DataRead, 2, NULL);
}
//=======================================================
//sleep till asprotect do memchk
Sleep(300);
//=======================================================
if(DataRead[0] == scanbyte1 && DataRead[1] == scanbyte2)
{
//===================================================
WriteProcessMemory (pi. hProcess,
(LPVOID) AddressOfPatch1,
"\xEB\x6A", 2, NULL);
//====================================================
}
//========================================================
//====================================================
//========================================================
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
}
else
{
MessageBox(NULL,"Unable to load program .. exiting",InfoText,MB_OK);
return 0;
}
//============================================================
//============================================================
return 0;
}
//==================================================================