Paint Shop Pro 7.02 & Animation Shop 3.02

Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]

Paint Shop Pro 7.02 & Animation Shop 3.02

Type : Graphics
Protection : Date Check
Tech : Patching

Crack :

In this version also a simple date check is used but size of the program
file is huge .. let us see what API is used by program to set text in nag
screen.Use API Spy ... we will see an interesting function before date
check ....

CreateFontA

PSP 7.02 :

In SICE BPX CREATEFONTA

.... after 2 pop ups we will reach
main check ....

0x736BF5 CALL EBP | FF D5
0x736BF7 ADD ESP,04 | 83 C4 04
0x736BFA CMP ESI,EAX >> EAX = 0x1E = 30 DAYS | 3B F0
0x736BFC PUSH ESI >> ESI = COUNT | 56
0x736BFD JGE 0x736C0B >> BAD BOY | 7D 0C

Crack : Clear count :)

0x736BFA XOR ESI,ESI | 33 F6 OFFSET = 0x336BFA
0x736BFC PUSH ESI | 56
0x736BFD NOP | 90
0x736BFE NOP | 90

Animation Shop 3.02 :

In SICE BPX CREATEFONTA

... after 2 pop ups we will reach main
check :)

0x5437AC CALL EBP | FF D5
0x5437AE ADD ESP,04 | 83 C4 04
0x5437B1 CMP ESI,EAX >> EAX = 0x1E = 30 DAYS | 3B F0
0x5437B3 PUSH ESI >> ESI = COUNT | 56
0x5437B4 JGE 0x5437C2 >> BAD BOY | 7D 0C

Crack : Clear count :)

0x5437B1 XOR ESI,ESI | 33 F6 OFFSET = 0x1437B1
0x5437B3 PUSH ESI | 56
0x5437B4 NOP | 90
0x5437B5 NOP | 90

Psp 7.02 Crack Update:

Above crack only solved part of it ....after 60 days a nag box appeared ....which
can be cracked like ....

In SICE BPX GetSystemTime and start PsP ....when we break trace ....

0x6A59F7 PUSH 96D6D8 ---> "60" --- 60 DAYS !!!
0x6A59FC CALL EBP
0x6A59FE ADD ESP,04
0x6A5A01 CMP EDI,EAX =>3C --"60" ; EDI = NO: DAYS USED
0x6A5A03 JLE 6A5A67 = 7E 62 --> GOOD BOY OFFSET = 2A5A03
...........................................
NOW BPMB 96D6D8 X --- CONTINUE
...........................................
0x6A5F38 PUSH 96D6D8
0x6A5F3D CALL [872AF8]
0x6A5F43 ADD ESP,04
0x6A5F46 CMP EDI,EAX
0x6A5F48 JLE 6A5F6D = 7E 23 --> GOOD BOY OFFSET = 2A5F48

So all you want to do is to convert :
JLE ---> JMP i.e 74 ===> EB

Anim Shop 3.02 Crack Update:

Above crack only solved part of it ....after 60 days a nag box appeared ....which
can be cracked like ....

In SICE BPX GetSystemTime and start PsP ....when we break trace ....

0x40A69D PUSH 5F5A78 ---> "60" --- 60 DAYS !!!
0x40A6A2 CALL [005B42A8]
0x40A6A8 ADD ESP,04
0x40A6AB CMP EDI,EAX =>3C --"60" ; EDI = NO: DAYS USED
0x40A6AD JLE 40A70A = 7E 5B --> GOOD BOY OFFSET = A6AD
...........................................
NOW BPMB 5F5A78 RW --- CONTINUE
...........................................
0x40A942 PUSH 5F5A78
0x40A947 CALL [005B42A8]
0x40A94D ADD ESP,04
0x40A950 CMP EDI,EAX
0x40A952 JLE 40A973 = 7E 1F --> GOOD BOY OFFSET = A952

So all you want to do is to convert :
JLE ---> JMP i.e 74 ===> EB