Results 1 to 5 of 5

Thread: Driverstudio2.5 timelimit

  1. #1
    Braindead
    Guest

    Driverstudio2.5 timelimit

    Hi all,

    Does anybody know how to remove the time limit for driverstudio 2.5RC1?
    I mean something else then setting the system time back.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    MeteO
    Guest
    This is dissasembled code by cr0aker

    DSConfig: Time-limit checking procedure:

    Calling from here...

    call ds:GetSystemTime
    lea eax, [esp+390h+SystemTime]
    test eax, eax
    jnz short loc_403A68
    mov eax, offset sub_405D60
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403A68: ; CODE XREF: sub_403790+2CFj

    mov ax, [esp+390h+SystemTime.wDay]
    cmp ax, 3
    jnb short loc_403A7A
    mov eax, offset sub_405BE0
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403A7A: ; CODE XREF: sub_403790+2E1j

    cmp ax, 6
    jnb short loc_403A87
    mov eax, offset sub_405C60
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403A87: ; CODE XREF: sub_403790+2EEj

    cmp ax, 9
    jnb short loc_403A94
    mov eax, offset sub_405CE0
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403A94: ; CODE XREF: sub_403790+2FBj

    cmp ax, 0Ch
    jnb short loc_403AA1
    mov eax, offset sub_405D60
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403AA1: ; CODE XREF: sub_403790+308j

    cmp ax, 0Fh
    jnb short loc_403AAE
    mov eax, offset sub_405DE0
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403AAE: ; CODE XREF: sub_403790+315j

    cmp ax, 12h
    jnb short loc_403ABB
    mov eax, offset sub_405E60
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403ABB: ; CODE XREF: sub_403790+322j

    cmp ax, 15h
    jnb short loc_403AC8
    mov eax, offset sub_405EE0
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403AC8: ; CODE XREF: sub_403790+32Fj

    cmp ax, 18h
    jnb short loc_403AD5
    mov eax, offset sub_405F60
    jmp short loc_403AE5

    ; ---------------------------------------------------------------------------

    loc_403AD5: ; CODE XREF: sub_403790+33Cj

    cmp ax, 1Bh
    mov eax, offset sub_405FE0
    jb short loc_403AE5
    mov eax, offset sub_406060

    loc_403AE5: ; CODE XREF: sub_403790+2D6j
    ; sub_403790+2E8j ...

    push eax ; lpTimerFunc ; PREDEFINED PROCEDURE!!!
    push 2710h ; uElapse
    push 1962h ; nIDEvent
    push esi ; hWnd
    call ds:SetTimer
    jmp short loc_403B0B

    Anyway, we set timer and break in one of predefined procedure. All these
    procedeures have the same format.

    Calling checking procedure:

    sub_405EE0 / sub_405BE0 / sub_405C60 / sub_405CE0 / sub_405D60 / sub_405DE0 /
    sub_405E60 / sub_405EE0 / sub_405F60 / sub_405FE0 / sub_406060


    sub esp, 20h
    mov eax, [esp+20h+uIDEvent]
    push esi
    mov esi, [esp+24h+hWnd]
    push eax ; uIDEvent
    push esi ; hWnd
    call ds:KillTimer
    lea ecx, [esp+24h+SystemTime]
    push ecx ; lpSystemTime
    call ds:GetLocalTime
    lea edx, [esp+24h+FileTime1]
    lea eax, [esp+24h+SystemTime]
    push edx ; lpFileTime
    push eax ; lpSystemTime
    mov [esp+2Ch+FileTime2.dwLowDateTime], 0D57AFA20h ; PREDEFINED
    mov [esp+2Ch+FileTime2.dwHighDateTime], 1C15522h ; TIME LIMIT
    call ds:SystemTimeToFileTime
    lea ecx, [esp+24h+FileTime2]
    lea edx, [esp+24h+FileTime1]
    push ecx ; lpFileTime2
    push edx ; lpFileTime1
    call ds:CompareFileTime
    test eax, eax
    jl short loc_405F4A
    push 0 ; lParam
    push 0 ; wParam
    push 10h ; Msg
    push esi ; hWnd
    mov dword_41DC9C, 1
    call ds:PostMessageA ; TIME EXPIRED!!!

    loc_405F4A: ; CODE XREF: sub_405EE0+51j

    pop esi ; ALL IS OK!
    add esp, 20h
    retn 10h

    sub_405EE0 endp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    MeteO
    Guest
    Winice95: Time-limit checking procedure:

    Calling from here... :

    loc_111D8: ; CODE XREF: start+1Dj

    call sub_113EE ; THIS ONE!!!
    jb loc_111EC ; JMP if bad date
    mov si, offset aWin_com ; "win.com"
    call sub_164E6

    loc_111E5: ; CODE XREF: start+27j

    call sub_174A9
    jnb loc_111F0

    loc_111EC: ; CODE XREF: start+2Dj

    mov ah, 4Ch
    int 21h ; DOS - 2+ - QUIT WITH EXIT CODE (EXIT)
    ; AL = exit code

    Calling this checking procedure...


    sub_113EE proc near ; CODE XREF: start+2Ap

    mov ah, 2Ah
    int 21h ; DOS - GET CURRENT DATE
    ; Return: DL = day, DH = month, CX = year
    ; AL = day of the week (0=Sunday, 1=Monday, etc.)
    cmp cx, 2001 ; YEAR
    jnz loc_1140F
    cmp dh, 9 ; MONTH
    jbe loc_11418
    cmp dh, 10 ; MONTH
    ja loc_1140F
    cmp dl, 15 ; DAY
    jb loc_11418

    loc_1140F: ; CODE XREF: sub_113EE+8j
    ; sub_113EE+16j

    mov ah, 9
    mov dx, offset aThisVersionOfW ; "This version of WINICE.EXE is no longer"...
    int 21h ; DOS - PRINT STRING
    ; DSX -> string terminated by "$"
    stc
    retn

    ; ---------------------------------------------------------------------------

    loc_11418: ; CODE XREF: sub_113EE+Fj
    ; sub_113EE+1Dj
    clc
    retn

    sub_113EE endp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    SuckerX
    Guest
    Hi,

    Using NT. Where is this timecheck located?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    MeteO
    Guest

    NTICE 2.5 RC1

    See subroutine at .init.14730e(hex offset 13730e) - this sub must return zero.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. vbox 4.6.2 timelimit
    By venom925 in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: June 12th, 2004, 22:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •