Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

I`m going insane with Tabledit 2.60d

First timers and new learners, this forum is for you. Please use the search function to see if your question has already been answered.
Locked
ste_ger

I`m going insane with Tabledit 2.60d

Post by ste_ger »

I`ve been reversing the latest version of tabledit (2.60d), a guitar tab demo.
I`ve managed to fix the save limit of only 16 bars, also fixed the ascii, html and abc 16 bar limit for export. Got it saying im the licenced user and all the nags are fixed, print watermark now gone too.

But I`m stuck on the midi export limit, i cant understand why i cant find the checks, cause i thought it would be the same as the other limits.
There are hundreds of bits mislead cracker code in this prog, its taken me over 40 hours to get as far as i`ve got, and another 20 hours trying to find this last check.

I`m going insane!!!
DakienDX

Post by DakienDX »

Hello ste_ger !

I'm sorry you're going insane.
But did you just want to tell us you're going insane or do you have any questions?
We have an Off Topic Forum for small talk. ;)
ste_ger

Post by ste_ger »

Well, with the previous 16 bar limit checks, I used a combination of lwrite, lread and hmemcpy bpx`s, and did some reversing on the files saved. Got some valuable info from the saved tab files, found the offset in the saved files of the amount of bars in the tab file. Then I searched for all occurences of this to find where in the prog the number of bars got written and traced back from there to get the jump if above 16 bars (ja 10).

But with the midi files it isn`t as easy because I cant find any reference in the saved midi, that shows how many bars have been saved, all the checks are probably done before its saved.

My question is, could someone please give me some advice on what is the best method to use, what bpx would be best to start with.

And how do I set a bpx right after I click save?

Thanks
DakienDX

Post by DakienDX »

Hello ste_ger !

You must find the WndProc (already discussed here, please search before asking).
There is a difference between a button pressed and a menu call. So you must break on "WM_COMMAND", where lParam is 0 and the low word of wParam contains your MenuID.
ste_ger

Post by ste_ger »

I finally have finished it, had some more probs with the save check, there was another check that couldn`t save a tab of more than 48 bars, fixed that.

And I eventually found the midi export check using Wdasm`s debugger, kept my eye on the Operations display to see where it compared against 10h.

Found a lot of answers searching this forum, I find it easier to learn from other peoples q&a on here than most tutorials I`ve found.

Many thanks
ReaL|sTy

Post by ReaL|sTy »

bpx on sendmessagea or dialogboxparama if i haven't forgot......it will drive you to the call of the first nag...... this program authors likes to bother alot nagging and nagging.. some functions are maybe not disable but most of them will give you a nag.... save funtion is disable.. i guess ;) all those nag are coming from just one place counting now.. you need exactly 2 bytes to make it good some additional bytes could count to remove some text like demo... the first start up nag at the beggining replace it with EB06 that's all so the program won't crash, that nag is made with the user32.dll.. ok now go to one of the options that has the program that usually display the demo dialog bpx on postmessage to make sure i will catch, the dialog will be displayed as usual after you press ok Sice will break.. good.. trace until you're on the program CODE stop there.. look the address go to W32dasm or IDA go up.. not down! then you will see lots of call all those call are the demo dialog and actually the one that prevent to save.. you only need to change a Push(55) to a Ret (C3) hex the file now try it :D

RVA's:

0041AE40

0041AF12 <--- there's a Push 68...... change 68 to C3 to remove the demo text at the top. usually will appear if you check the about feature and press ok..

0044A9C0

done!
Locked