Results 1 to 3 of 3

Thread: teleport pro

  1. #1
    digyoubetterdead
    Guest

    teleport pro

    I cracked a program by forcing a serial number on it, but when I close and open the same program again, I get a message stating that a possible virus was detected and that the program will not run. What is causing this and how can i disable it?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Hiya,

    Likely there is a CRC check within the proggy which detects if any bytes have been altered by patching. You'll need to locate this routine and disable it.

    Realizing this, a good approach would be to...

    Run an API monitor to log the file operation API's. CreateFileA, ReadFile, OpenFile, _lopen, _hread, _lcreat, MapViewOfFile... those are the main ones.
    There is a good chance that one or more of these API's will be used to open the file / map it into memory so it can be read and the CRC calcuation can be performed. Once you've found the when and where from the monitor, set a bpx on the suspicious function. SICE should *hopefully* break close to the CRC routine.

    If not, a backtrace between CreateFile (or whatever API it uses) and the error MessageBox could be another useful tatic.

    Likewise, I'd suggest doing a search right here on the local Fravia mirror for CRC checks. There are at least a handful of essays on the topic which could prove insightful.

    Hope this helps

    Regards,
    Clandestiny

  3. #3
    digyoubetterdead
    Guest
    thanx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •