Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]

Main | Index

Advanced ZIP Password Recovery 3.51

Type : Used to recover lost love ...
Protection : ASProtect - Serial
Tech : Loader ...

Crack : In this release they have not implemented debugger checking ... why ???

Enter fake S/N and in SICE BPX GETDLGITEMTEXTA ... TRACE ....

0x4171BD LEA EAX,[EBP-0100]
0x4171C3 CALL 416D0D.......................MAIN CHECK
0x4171C8 TEST EAX.EAX
0x4171CA JZ 4A203

So BPMB 416D0D X and then restart the program ....when we pop up trace ...back....

0x416EF9 CALL 416D0D
0x416EFE LEAVE.......................HERE MAKE EAX = 01 .... TO CRACK
0x416EFF RET

So we will patch inside CALL 416D0D

0x416D18 CALL 426C50
...............................
0x416D22 JGE 416D2B
0x416D24 XOR EAX,EAX
0x416D26 JMP 416E23 | E9 F8 00 00 00
.............................
0x416E1E MOV EAX,00000001
0x416E23 LEAVE

Crack : 0x416D26 JMP 416E1E | E9 F3 00 00 00......this patch makes a small bug in the program as same algo
is used by program in other places ....

Patch : Make a simple loader ....

//=========================Proc Patch ===============================
//gl_force.cpp
//MxB
//***********************************
//email : [email protected]
//web : http://mxb.cjb.net
//***********************************
//===================================================================

#include <windows.h>

//===================================================================
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,
LPSTR lpCmdLine,int nShowCmd)
{

STARTUPINFO si;
char InfoText[] = "MxB - AZPR 3.51";
unsigned long i = 0;
unsigned long AddressOfPatch = 0x00416D27;

char DataRead[2] = {0};
char* cl;
PROCESS_INFORMATION pi;
char FileName[] = "Azpr.exe";
//============================================================
//Patch Data
char scanbyte1 = 0xF8;
char scanbyte2 = 0x00;

//============================================================
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
cl = GetCommandLine();

if (CreateProcess(FileName, cl, NULL, NULL,FALSE,
NORMAL_PRIORITY_CLASS,NULL, NULL, &si, &pi))
{
//=====================================================
//=====================================================
//Patch
ReadProcessMemory(pi.hProcess, (LPVOID) AddressOfPatch,
DataRead, 2, NULL);
for(;DataRead[0] != scanbyte1;)
{

ReadProcessMemory(pi.hProcess, (LPVOID) AddressOfPatch,
DataRead, 2, NULL);
}
//=======================================================
if(DataRead[0] == scanbyte1 && DataRead[1] == scanbyte2)
{
Sleep(300); //Wait for ASProtect to Check Mem
//===================================================
WriteProcessMemory (pi. hProcess,
(LPVOID) AddressOfPatch,
"\xF3\x00", 2, NULL);
//====================================================
//Remeove Patch
Sleep(5000);

WriteProcessMemory (pi. hProcess,
(LPVOID) AddressOfPatch,
"\xF8\x00", 2, NULL);

//===================================================


}
//========================================================

CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);

}
else
{
MessageBox(NULL,"Unable to load program..exiting..",InfoText,MB_OK);
return 0;
}

MessageBox(NULL,"Program Loaded...",InfoText,MB_OK);

return 0;
}
//===================================================================