Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
Ulead
GIF Animator 4.0 - VBOX 4.1
Type
: Animation
Protection : VBOX 4.1
Tech : Unpacking and memory dumping
Crack : I was realy afraid of VBOX.Recently I gave it a try ...an older
version ..VBOX 4.1
Program was Ulead Gif Animator 4.0.My trial period was over.Here we will see
how to remove
VBOX sucker.
IN SICE BPX DIALOGBOXPARAMA
Now run the program .....we will reach here ...after pressing "Quit"
button.
Inside VBOXT410 Module
0x70025C3 CALL DIALOGBOXPARAMA
0x70025C9 MOV ESI,EAX >> WE REACH HERE ....MAKE EIP = 0x70025DD
.................................
0x70025DD POP EDI
0x70025DE POP ESI
0x70025DF POP EBX
0x70025E0 RET
I found an interesting behaviour ..if we make EIP = 0x70025DD the program runs..even
if our trial
period is over.
Trace till we reach in GA_MAIN Module.....
0x4FC026 PUSH FFFFFFFF >> DUMP HERE ...
0x4FC02B CALL EAX ==>> EAX= 0x4CB41C - OEP
Use PEditor and change EP of dumped file.
EP = 4CB41C - 400000 = CB41C
Now we can run this dumped file :)