Results 1 to 14 of 14

Thread: Demo software

  1. #1
    Signum
    Guest

    Demo software

    I am trying to crack a demo program that only lets your run it 4 times before it expires. anyone have any idea on what I need to be looking for to make it run more than that?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Probably the most usefull tool around is Google.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  3. #3
    Signum
    Guest
    i found some tuts but i dont think they will work with the prog i am working on but o well
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    RegMon and FileMon are very useful for observing the overall activity of the program.

    For more in-depth reversing, SoftICE and IDA.

    Remember, cracking is not just about following tutorials, it's about using your brain to figure out how things work and how to change how things work.

  5. #5
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    For the most basic procedure,

    i would suggest let your programm run the times needed to expire.
    Then write down the message shown. Open up IDA, and search for that message to be pushed...
    Then scroll a bit up and search for some condition. Mostly a compare or decrease, increase stuff or a test, like test eax,1 etc.
    If the condition is only check one time just patch the jump if the condition
    is check more than one time i would suggest you to patch the call.

    This basic steps will world at almost many targets in the hood out there,
    so try it and you will see

    Cheers,

    PAPi
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  6. #6
    In general, I find it a good idea to use an installation monitor whenever I install programs that I know are time or runtimes protected (well, it's a good exercise in general too). That way you'll have a good idea as to what you'll be looking for. If you do use one of these (and it's too late for you anyway, if you already installed it), make sure that you run the program at least once before stopping the monitoring.

    Fake

  7. #7

    Refer to relative tuts~~~

    i think that you must refer to the relative tuts....
    in internet websuffing, look for the necessary tuts and read
    so you find them that more better long time use
    good luck!!!
    by

  8. #8
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Think about this:

    The program has to keep the count of "times ran", somewhere.
    A file, a registry key. . .
    That place has to be updated (Written to) every time you run the program:


    SO: with filemon and regmon, keep trak of what things the program writes everytime it starts (without doing doing any anything else),
    Also, unless you have 20 computers to do your experiments search about virtual machines so you can install and reinstall your app as many times as necessary to figure this out, without having to reformat your HD every 4 times!

  9. #9
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    It's also usefull to note the time you last ran the program, search the windows dir, (including subdirectories), by date, for files written on that date and time, ignore regular windows logs and pre-fetch files, look mostly for files labeled .dat or (less frequently .dll), rename any written at that time .bak and see if it renews your trial, if not name them back to what they were - you can also do this in the documents and settings directory - this can buy you time - opening the file in Ollydbg just to see how many runs you have left will usually let you check to see how many are left then exit Olly, not the prog so you won't use one up - also you can run the prog. and close it using task manager intead of exit and that might buy you unlimited runs.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  10. #10
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    The best no fail method for doing this is to use RegShot. Search google for RegShot. Now, run Regshot BEFORE you run the time limited program. Tell it to also compare the C:\ drive. Take the first snapshot. Now run the protected program. Take the second snapshot with regshot and do a compare. Every change will show up. It is much easier and more reliable because it's a static list, and also some programs know you will use RegMon, so they just pump out tons of useless data. I very rarely if ever use REgMon anymore. RegShot is 100% more useful for time limited programs.

    -nt2o

  11. #11
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Nikola---,

    Great tip, I've never used regmon - simply because of all the garbage - I have tried Installwatch, but you don't have the after run option, so it's pretty useless.

    @Signum - First on your list is to get PEiD - you need to know if you're dealing with a packed prog - changes the whole ballgame, let us know, there are ways to renew your demo if it's packer generated.

    SiGiNT
    Last edited by SiGiNT; May 14th, 2006 at 17:13.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  12. #12
    Perhaps you all may have failed to notice the Signum has joiner the "Goners" classification. That means he is banned for repeated violation of the Rules, despite repeated warnings.

    Your comments should still be and still are useful to anyone doing research on the Forums on these subjects and will be available for later review also. I'm simply pointing out that "Signum" will not be coming back as a registered member to appreciate your efforts, even though the are helpful.

    Regards,
    JMI

  13. #13
    Howdy,

    My thinking was he was a troll. I gave him some specific instructions that are the most basic for anyone with some common sense. (reg entries).

    He still felt the need to submit this same topic again for the fourth time.

    Woodmann

  14. #14
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,143
    Blog Entries
    5
    Quote Originally Posted by sigint33
    I've never used regmon - simply because of all the garbage
    Uhm, I wrote a Regmon Duplicate Remover that removes some of that garbaginous based on a chosen filter level, might be useful to some. It could probably use an upgrade/revamping, but that's why I included the source..

    http://www.woodmann.com/forum/showthread.php?t=4162

    Cheers,
    Kayaker

Similar Threads

  1. New Hex-Rays Demo
    By Hex Blog in forum Blogs Forum
    Replies: 1
    Last Post: March 12th, 2008, 21:47
  2. Coding Digest of the Demo Scene
    By 0xf001 in forum Off Topic
    Replies: 2
    Last Post: May 14th, 2006, 07:38
  3. Demo watermark in printout and object copy
    By MuT in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: December 26th, 2004, 21:53
  4. ASProtect 1.23 RC4 Demo
    By squidge in forum Malware Analysis and Unpacking Forum
    Replies: 12
    Last Post: October 12th, 2003, 12:18
  5. Demo Shield reversing
    By myAvatar in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: November 28th, 2000, 23:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •