Web
: http://mxb.cjb.net
Contact Me : [email protected] or [email protected]
Advanced ZIP Password Recovery 3.11
Type : Used to
recover lost love ...
Protection : ASProtect - Serial
Tech : Proc Patcher
Crack : This program is protected by ASProtect ...it has anti debugging
code.
It uses Melt Ice to detect Softice.
So in SICE BPX CREATEFILEA ....and run the program .....and trace back.
0x51E253 MOV EAX,[005242D4] ==>> "\\.\SIWDEBUG"
0x51E258 CALL 51E150
0x51E25D TEST AL,AL ==>> WE WILL REACH HERE _ ADDRESS WILL BE DIFFERENT
0x51E25F JNZ 51E29B ==>> AS IT USES DYNAMIC LOADING ...
............................
............................ ==>> HERE GOES OTHER CHECKS ...
............................
0x51E314 ADD BL,CH
0x51E316 ADD ECX,EBP
0x51E318 INT 03
0x51E319 JMP 0051E31D
0x51E31B JMP 033D4022
0x51E320 JMP 5B121724
0x51E325 POP ECX ======>> JUMP TO HERE i.e MAKE EIP = 51E325
0x51E326 POP ECX
First we want to find where S/N checking routine is found ... for this use the
"Register" button
and enter any fake S/N and in SICE BPX GETDLGITEMTEXTA
Press "Ok" button ... and trace ...
Main CALL
0x412BBD LEA EAX,[EBP-0100] >> FAKE S/N
0x412BC3 CALL 41270D
0x412BC8 TEST EAX,EAX
0x412BCA JZ 412C03 ======>> BAD
It seems that 41270D is used for checking ....so restart the program and escape
from
anti-debugging routine and put a BPX on REGQUERYVALUEEXA and when we break in
to
code of AZPR .... put a BPX at 41270D ....we can see that it is called 8 times
and if
we make EAX = 01 after this CALL we get a registered program ....but ....but
...
where will we place the patch ....it is packed with ASProtect which uses dynamic
loading
and also has memory image check .....our only hope is making a Proc Patcher
.....
Inside CALL 41270D
0x41271F CMP EAX,06
0x412722 JGE 41272B
.............................
0x41281E MOV EAX,00000001
0x412823 LEAVE
So our crack will be :
0x412722 JMP 0041281E | E9 F7 00 00 00
Proc Patcher For AZPR 3.11
//=========================Proc Patch ===============================
//gl_force.cpp
//GL_CrAck_F0rCe
//***********************************
//email : [email protected]
//web : www.glcrackforce.50megs.com
//***********************************
//===================================================================
#include <windows.h>
#include <stdio.h>
//===================================================================
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,
LPSTR lpCmdLine,int nShowCmd)
{
STARTUPINFO si;
char InfoText[] = "GL_CrAck_F0rCe - AZPR 3.11";
unsigned long i = 0;
unsigned long AddressOfPatch = 0x00412722;
char DataRead[2] = {0};
char* cl;
PROCESS_INFORMATION pi;
char FileName[] = "Azpr.exe";
//============================================================
//Patch Data
char scanbyte1 = 0x7D;
char scanbyte2 = 0x07;
//============================================================
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
cl = GetCommandLine();
if (CreateProcess(FileName, cl, NULL, NULL,FALSE,
NORMAL_PRIORITY_CLASS,NULL, NULL, &si, &pi))
{
ReadProcessMemory(pi.hProcess, (LPVOID) AddressOfPatch,
DataRead, 2, NULL);
for(;DataRead[0] != scanbyte1;)
{
ReadProcessMemory(pi.hProcess, (LPVOID) AddressOfPatch,
DataRead, 2, NULL);
}
//=======================================================
if(DataRead[0] == scanbyte1 && DataRead[1] == scanbyte2)
{
Sleep(300); //Wait for ASProtect to Check Mem
WriteProcessMemory (pi. hProcess,
(LPVOID) AddressOfPatch,
"\xE9\xF7\x00\x00\x00", 5, NULL);
}
//========================================================
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
}
else
{
MessageBox(NULL,"Unable to load program..exiting..",InfoText,MB_OK);
return 0;
}
MessageBox(NULL,"Program Loaded...",InfoText,MB_OK);
return 0;
}
//===================================================================