Posted by Bonkers on 1/28/2000, 11:18 pm
216.41.28.127
<b>IV.1</b>
Sorry I didn't comment this code, but if you've gotten this far I'm sure you can understand this. Links at bottom. I used Lazarus' keygen template for the base of this one, and most of the rest of the code was ripped straight from Acoustica.<b>IV.2</b>
I looked in IDA and found where the two Invalid Key messages were and found two spots. 446FAB and 4472CF. And contrary to what my previous posts mentioned where I said that one was a decoy, it seems to be that some system info is used to decide which one to use so we just patch both of these. All that needs to be done is patch the pushes and both those addresses to push 73f068 which is where the good reg is after the IsAppRegged function returns. This patch is: 0x468CF 6857A14900 -> 6868F07300 and 0x465AB 6890A04900 -> 6868F07300<b>IV.3</b>
Still a little clueless on this one, some help here Lazarus? ;)<a href="http://www.gis.net/~pumpkin/Task_IV.zip">Masm Source</a>
<a href="http://www.gis.net/~pumpkin/Task_IV_exe.zip">Executable</a>