Now this looks good :) compare ebx with 2 .. 0..1..2 that's 3 chars :) heh
and jump if greater to 4039EE (jg 004039EE). We really don't want it to
jump to that location so we just nop line 403896. Normally we would find
the correct entry point in the packed file, and make a little patch that
would nop this hole line, but this tut I'm gonna use r!sc's process patcher
Which is really easy to use ...
Just make a new file with a text editor called zipkey.rpp. Please read his
documentation to use it if you're having trouble using it. I'll just show
you some of the many cewl commands he has made available.
[File: zipkey.rpp]:
; Woody's crack for zip key 2.11.0
f=zipkey.exe:
o=w-zipkey.exe:
p=403896/0f,8f,52,01,00,00/90,90,90,90,90,90:
$
To explain these commands ..
f=zipkey.exe:
This is the org. file that has to be patched.
o=w-zipkey.exe:
This is the file r!sc's process patcher will create.
p=403896/0f,8f,52,01,00,00/90,90,90,90,90,90:
First the data offset where it will patch, then the org. bytes in the org.
file, then the new bytes replacing the bad ones ;)
:00403896 0F8F52010000 jg 004039EE
You can see at line 403896 the hex codes is 0f8f52010000, and we wanted to
nop that hole line, and a nop is the hex 90. So the new hex codes would be
909090909090. easy right ? :)
End the file with a $ sign. Now that's it ! the only thing you have to do
now is "compile" the script file zipkey.rpp. Run r!sc's program and find
the script file, and compile it. Now r!sc's program creates the file w-zipkey.exe
which will patch the program when executing it. r!sc's program doesn't patch
it permanent ofcause, it's a process patcher. So the user has to execute the
patch every time he wants to use the zipkey.exe program.
Run the patch now and check if the program doesn't care about passwords larger
than 3 chars. does it ?? ofcause not :) Was that easy or what :))
-wOODY^dRN