On requested, I'm writing this tutor to show you how to crack
Delphi components. I've explained in old Tutor #20 how we cracked,
but this is another example. It doesn't matter if you have Delphi 3, 4
or 5, this will do the same way, just different addresses.
Ok, let's go..
What we'll need:
ZipTV v2.5210 Build 10 - http://www.ziptv.com
W32Dasm v8.93 - http://w3.to/protools (yes, no SoftiCE needed!)
HIEW v6.20, or any HEX editor - http://w3.to/protools
Windows Commander v4.01 - http://www.ghisler.com (oh my my my.... fav app)
And Delphi 5 (3 or 4 is okay)
Step 1. Run Delphi and install the components.
Step 2. Open a new form and put any 1 of the ZipTV components on the
form and compile PROJECT1.EXE!
Step 3. When you run PROJECT1 in Delphi, the NAG won't pop up. So quit
Delphi, run PROJECT1.EXE, ah ugly NAG, unregistered...
Step 4. Ok, copy PROJECT1.EXE to PROJECT1.W32, also copy to PROJECT1.EXX
Step 5. Load your W32Dasm and open PROJECT1.W32, done? Ok, click SDR,
search for "Unregistered", doubleclick on it.
Step 6. Now you'll see like:
* Possible StringData Ref from Code Obj ->"Unregistered "
:00449621 BA289A4400 mov edx, 00449A28
:00449626 8B45F0 mov eax, dword ptr [ebp-10]
Step 7. Trace back, you'll see "&Close", "&Web Page", "Courier New" etc.
Those are what you have seen them in the NAG, right?
thank you jiangtao!
i want a Email file about how to..
please Email to email@example.com
Step 8. Go ahead with tracing back till you see:
* Referenced by a CALL at Addresses:
:00449DC5 , :00449E0A , :0044AE30
:00449300 55 push ebp
:00449301 8BEC mov ebp, esp
:00449303 B908000000 mov ecx, 00000008
Step 9. Ok, kool, this is where it creates the NAG. No need to goto
referenced calls' address, so we'll patch here.
Step 10. Ok, what now? We'll change 55 at 449300 to C3. The address might
be different coz of Delphi' runtime files!
Step 11. Run HIEW, open PROJECT1.EXE, press F5 and enter 48700. This
offset address is where you have got in W32Dasm!
Step 12. Change 55 to C3 by using F3, then save it (with F9).
Step 13. Why C3? When the procedures call this address, it'll tell him to
go back! (C3 means Return).
Step 14. Now run PROJECT1.EXE. Kool, it works! Is it all?? NO! :)
Step 15. Don't quit W32Dasm, just run Delphi and UNinstall your ZipTV
package. Also don't quit Delphi yet.
Step 16. Ok, let's goto your ZipTV folder where you have installed your
package. I use Windows Commander to search for strings in files,
with ALT-F7. So now in WC, press ALT-F7, click Find Text and
enter "unregistered", then search!
Step 17. In Search results box, we find TZIPTV5.BPL and ZTVMAIN.DCU. We
ignore *.BPL, Delphi will create new BPL, so we'll work on DCU
file. Ok, run HIEW and open ZTVMAIN.DCU.
Step 18. Look in W32Dasm, at the 449300 address, we take 55, 8B, EC, B9,
08, 00 bytes. In HIEW, press F7 to search, in HEX field, type:
55 8B EC B9 08 00. Search!
Step 19. Ok kool, we find this:
00004CE3: 55 push bp
00004CE4: 8BEC mov bp,sp
00004CE6: B90800 mov cx,00008 ;" ?"
00004CE9: 0000 add [bx][si],al
00004CEB: 6A00 push 000
00004CED: 6A00 push 000
00004CEF: 49 dec cx
00004CF0: 75F9 jne 000004CEB -------- (3)
00004CF2: 53 push bx
00004CF3: 56 push si
Step 20. Does this match with bytes in W32Dasm? Yes! Kool, let's change
the byte at 4CE3. Change 55 to C3 by using F3, then save it.
Step 21. Back in Delphi, open *.DPK and re-compile the pack. Create a new
form again with any ZipTV component, compile the project!
Step 22. Run your compiled project. Kool, no NAG! :)
With this way, you can defeat other protections in another components.
Easy, right? Yup.......
Enjoy it, tKC....................firstname.lastname@example.org
thank u Jiangtao very much!