home *** CD-ROM | disk | FTP | other *** search
-
- Cracking for newbies #1 - done by woody^drn
-
- In Vaczine #3 I talked about nags and splash screens, this is just to
- complete the tutorial.
-
- How do we know what to break on in softice? is it a messagebox or
- a dialogbox .. or something else? Take a look at the style of the nag
- sceen, is the close button in the top right disabled ? then it's
- probably a messagebox, if not it's a dialogbox. We can also check the
- buttons that are on the nag screen, does it have yes, no, ok or cancel?
- probably a messagebox then, if not ... messageboxes have icons on them
- too, ( ! ) / ! \, it's the standard icons for windows.
- The break for a messagebox in softice is "bpx messageboxa" if it's a
- 32bit program, if not remove the a "bpx messagebox". For a dialogbox
- "bpx dialogboxparama" or just use the normal "bpx getwindowtexta" or
- "bpx getdlgitemtexta".
-
- Messageboxes waits for you to push a button, when you do it will use
- goto the nearst ret (return) command. What you can do here is, to find
- the place where it called or jne/je (jumped) to this location, just
- nop the je/jne or patch that byte with C3 (ret), so it thinks that you
- pressed the button.
-
- But there's several types of nag screens, not just messageboxes or
- dialogboxes, but also splash screens that uses pictures instead of
- normal text. Here we have to break on "bpx loadbitmapa", now softice
- will break when it's ready to display the image/splash screen.
- One thing that comes with splash screens is a timer. If the author wants
- his splash screen to show for 10 seconds. That command is SetTimer.
-
- What we should do here is find the loadbitmapa and find the push nearest
- that. The opposite of SetTimer is KillTimer, find the killtimer and
- patch the push to a jmp, so it jumps direcly to the killtimer command.
- This defeats most splash screens.
-
- -wOODY^dRN
-
-
