Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]

Main | Index

ACDSee Trial 3.0 - 1209

Type : Image viewer
Protection : Date check and ASPack
Tech : Run Time Patching


Crack : ASPack is not a power full packer.It can be unpacked easliy.
Or we can use run time patching.Attack point should be found after
the packer has done its job.

0x5554BC POPAD
0x5554BD JNE 0x5554C7
0x5554BF MOV EAX,0x01
0x5554C4 RET 0x00C
0x5554C7 PUSH 0x00
0x5554CC RET
0x5554CD MOV EAX,[EBP+0x4437C4]
0x5554D3 LEA EAX,[EBP+0x4437FD]
0x5554D9 PUSH ECX
0x5554DA PUSH EAX
This code it the end part of the packer.Here we will implement
our crack.
How we can avoid program from exiting...

0x4045A4 MOV EAX,[ESI+70]
0x4045A7 PUSH EAX
0x4045A8 CALL 0x433830
0x4045AD ADD ESP,0x04
0x4045B0 TEST EAX,EAX
0x4045B2 JNE 0x4045C6 >> GOOD BOY

So we must jump to 0x4045C6

To Crack : 0x4045A4 JMP 0x4045C6 | EB 20
To patch : 0x5554CC MOV [0x4045A4],EB | C6 05 A4 45 40 00 EB
0x5554D3 MOV [0x4045A5],20 | C6 05 A5 45 40 00 20
0x5554DA MOV [0x4045A6],90 | C6 05 A6 45 40 00 90 >> COMPENSTATION
0x5554E1 NOP | 90
.....FILL WITH NOP.........
0x5554ED RET | C3
Offset : 0x868C0[C] - 0x868E0[D]