Microangelo 5.02

Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]

Microangelo 5.02

Type : Icon editor
Protection : CRC Check - Date check
Tech : Patching

Crack : First of all,all CRC check is done by a file named "MUAPP.DLL"
If we mess up with its routine by redirection and all it will take some time
to crack this baby as this same file is used by other set of programs in Microangelo....

1. By passing CRC shit in "MUAPP.DLL"
****************************
Use W32DASM and just look at export functions of this file ...we can see
an important function --- "MUAPPEntry" --- at 0x64001000
So in SICE --- BPMB 64001000 X -- RESTART ...

0x64001020 JE 640015EA -- 0F 84 C4 05 00 00 -- DON'T JUMP
0x64001026 DEC EAX ------ 48
0x64001027 JZ 6400104D -- 74 24 -- DON'T JUMP --- CRC SHIT ! BYPASS IT

So disable it by filling it with NOP = 90
OFFSET = 1020 --- 9 NOP

2. STUDIO - "Studio.exe"
******************
Use API Spy we can see it is reading three registry keys - "Eval1 - Eval2 - Eval3"
starting from address 0x00416D76 ...
So in SICE BPX 416D76 ...TRACE ....

0x416F0E MOV EAX,[00438D64]
0x416F13 MOV [00438C08],EBX
0x416F19 CMP EAX,1E = 30 DAYS
0x416F1C JLE 416F28

So it is storing no: of days at 0x00438D64 ....So in SICE
BPMB 438D64 RW ---- Restart ....

0x416ED7 CALL 416C70
...............................
0x416EE1 SUB EAX,ESI ---- 2B C6
0x416EE3 INC EAX -------- 40
0x416EE6 MOV [00438D64],EAX => STORE NO: DAYS :)
0x416EEB JLE 416EF2

So our crack will be :

0x416EE1 XOR EAX,EAX - 33 C0 - OFFSET = 16EE1

3. ANIMATOR - "Animator.exe"
*********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = 201A1

4. EXPLORER - "Muexplor.exe"
********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = 1531

5. LIBRARIAN - "Librarian.exe"
**********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = ADF1

6. ON DISPLAY - "Mupanel.exe"
***********************
Use API Spy we can see it is reading three registry keys - "Eval1 - Eval2 - Eval3"
starting from address 0x004091E6 ...
So in SICE BPX 4091E6 ...TRACE ....

0x40937D MOV EAX,[0041AD10]
0x409382 JNZ 00409393
0x409384 CMP EAX,1E = 30 DAYS

So it is storing no: of days at 0x0041AD10 ....So in SICE
BPMB 41AD10 RW ---- Restart ....

0x409355 TEST EAX,EAX
0x409357 MOV [0041AD10],EAX --- STORE NO: OF DAYS :)
0x40935C JLE 40936C

So our crack will be :

0x409355 XOR EAX,EAX - 33 C0 - OFFSET = 9355