Help-Inline Patching ASPACK 2.12(System Mechanic 4.0h)

I found the serial earlier today too Ferrari, this is how I found it:

Point H & Call stack didn't seem to help with this program, so I used by a bit of lateral thinking for a solution, and in this case it fucking worked!!!, in fact I got a serial when I thought I'd just be finding where to crack the trial, don't know how well it will work on other targets, with long routines it may pay to press ctrl & F8 to bring up the evaluation screen sooner:


F8 till evaluation screen opens, happens at:

006966D4 . E8 B7F3FFFF CALL SysMech4.00695A90

Restart, F8 till above, then F7, then F8 till evaluation screen opens, happens here:

00695AD6 |. E8 81F0FFFF CALL SysMech4.00694B5C

Restart, Trace with F8, then F7, then F8 till above, then F7 into, code here looks more interesting, some tests, so lets trace into some of these calls, and see which ones are worth a breakpoint:

This one looks like it tests for past crackers and serial cracks, lets not bother with this for now:

00694B7E . E8 D919E4FF CALL SysMech4.004D655C


This one just seems to check whether it is a first run, I don't think we will bother with that:

00694B9F . E8 1817E4FF CALL SysMech4.004D62BC


This one looks real prommising, has strings mentioning serials:

00694BBA > E8 ED17E4FF CALL SysMech4.004D63AC


This one deals with the trial period, and when it expires, lets not worry about this for now:

00694BE2 . E8 6D15E5FF CALL SysMech4.004E6154

The evaluation screen opens in this call, so let us not look any further.


So let us put a breakpoint on 004D63AC, and restart program in Olly, and run until evaluation screen comes up, enter your name and fake serial, and the bad cracker message comes up, oh bugger it didn't break, you think you are back to the drawing board, but when you hit ok to this message, Olly does break here:


004D63AC /$ 55 PUSH EBP

Now look in the memory dump window, we can see our fake details, and a valid serial for your username is shown at 0012F894, for Pompeyfan it is 71686-S4670-0635881907

If I hadn't grabbed a serial, I would have investigated the trial and first run calls, to try and kill the trial.

@ SvensK
Your solution worked my friend
Thnx once again

@Pompeyfan

you got the serial. I didn't think of putting the BP at 004D63AC few lines above where i patched the program coz i was too excited to see my patching work and so i didn't bother. I'm glad that it didn't click for me orelse i would have not learned inline patching Aspack I wasted alot of time cracking this app trying everyother way to beat it including F7 at 006966D4(i'l tell what i did in this call to get rid of the nag ) . I was really fed up. I'l explain how i finally got to that address 004D6423(kiddie way ) in my tutorial in detail if our fellow team member Enforcer is ready to upload the software to our ftp. But i feel i should write a tut on this one anywayz...hell of an experience

Regards,

I agree mate, a tut is certainly worth doing, and I for one am looking forward to reading it, as I don't know much about inline patching, so you will be teaching me something new.