In this article we take a close look to ACProtect v1.32 and we manage to write our own inline function inside its code in order to bypass the checks of the license system of the packer.
Download: Inlining ACProtect v1.32
Enjoy,
H_T_P
Inlining ACProtect v1.32
Inlining ACProtect v1.32
I have Inlined Truth into Well-Packed lies. (Hack_ThE_PaRaDiSe)
Re: Inlining ACProtect v1.32
Thanks mate this is really great artic.
keep coming
I have one question, I tried to apply the tut. It works fine for the version you used but it dose not for the new version
The code still same just small changes in addresses. When you injected your code and run the prog. it works and close so is that because of crc please help
keep coming
I have one question, I tried to apply the tut. It works fine for the version you used but it dose not for the new version
The code still same just small changes in addresses. When you injected your code and run the prog. it works and close so is that because of crc please help
Re: Inlining ACProtect v1.32
I am sorry, but I don't have the time to check what you are asking for.
However, if you are sure that this is because of a CRC check then, you should take a look at the stack window as soon as the process terminates and use the info regarding the last calls to trace back and find the point where the CRC check is done.
I have to point out, that there was a reason why in my inline function I have added some more lines in order to restore back the original code where the first part of the inline function has written some jumps.
I had noticed that the next time the function regarding the activation status is called, the EBX value must not be changed to 1, otherwise the program terminates, and that's why we restore back the original code and remove the jumps to our code cave.
Probably this is your case too, so check those things first. :O)
However, if you are sure that this is because of a CRC check then, you should take a look at the stack window as soon as the process terminates and use the info regarding the last calls to trace back and find the point where the CRC check is done.
I have to point out, that there was a reason why in my inline function I have added some more lines in order to restore back the original code where the first part of the inline function has written some jumps.
I had noticed that the next time the function regarding the activation status is called, the EBX value must not be changed to 1, otherwise the program terminates, and that's why we restore back the original code and remove the jumps to our code cave.
Probably this is your case too, so check those things first. :O)
I have Inlined Truth into Well-Packed lies. (Hack_ThE_PaRaDiSe)
Re: Inlining ACProtect v1.32
Thanks for your reply. I did think that no body will care.
Your efforts are really appreciated.
In regard of the injection code you made for the old version, it works fine as there is no crc I beleive. Also if you set bp on the first jmp to the code cave and another bp on part where you want a value of one to be moved to ebx you'll notice that the code will pass through the first loop three times or so then will move to the part of (move eax,ebx) which became a jump to the cave and never go back to the previous loop. This means you do not need the two lines you wrote in the injection code:
006D7CCB C705 01729400 8>MOV DWORD PTR DS: [947201], 18246C8D
006D7CD5 C605 05729400 5>MOV BYTE PTR DS: [947205], 5E
unless you want to return that part to its original as well.
For the new version, it seems that they notice this and make a crc which will terminate the progii as soon as a change is detected.
Anyway, i'll try to trace back the crc hope I find something useful.
Your efforts are really appreciated.
In regard of the injection code you made for the old version, it works fine as there is no crc I beleive. Also if you set bp on the first jmp to the code cave and another bp on part where you want a value of one to be moved to ebx you'll notice that the code will pass through the first loop three times or so then will move to the part of (move eax,ebx) which became a jump to the cave and never go back to the previous loop. This means you do not need the two lines you wrote in the injection code:
006D7CCB C705 01729400 8>MOV DWORD PTR DS: [947201], 18246C8D
006D7CD5 C605 05729400 5>MOV BYTE PTR DS: [947205], 5E
unless you want to return that part to its original as well.
For the new version, it seems that they notice this and make a crc which will terminate the progii as soon as a change is detected.
Anyway, i'll try to trace back the crc hope I find something useful.
Re: Inlining ACProtect v1.32
This means you do not need the two lines you wrote in the injection code:
006D7CCB C705 01729400 8>MOV DWORD PTR DS: [947201], 18246C8D
006D7CD5 C605 05729400 5>MOV BYTE PTR DS: [947205], 5E
unless you want to return that part to its original as well.
That's exactly what we want. After the first time we go to the 2nd part of our inline function we *have* to restore back the code where there is the jump that brings as here.
Otherwise, later on the process will terminate and that's why there is another check later on that actually wants to take 0 as a result and not 1.
I think maybe this is your case. Make sure that you have correctly added these 2 lines.
I have Inlined Truth into Well-Packed lies. (Hack_ThE_PaRaDiSe)
Re: Inlining ACProtect v1.32
That's exactly what we want. After the first time we go to the 2nd part of our inline function we *have* to restore back the code where there is the jump that brings as here.
Otherwise, later on the process will terminate and that's why there is another check later on that actually wants to take 0 as a result and not 1.
I think maybe this is your case. Make sure that you have correctly added these 2 lines.
That's ok, I understood what you mean from the beginning. Due to the fact that I do not like apply some techniques or ideas that I do not know how they work and therefore I traced every single point in your inline code. This code is applicable to the version you used but for the later version I think a revison should be made as I tried to apply it fruitless.
I do beleive that the crc is behind the problem. Upto now I could not locate it in the code ): but still trying
On the other hand, have you made any such inline tut's on the other protectors such as armadillio or asprotect etc...
The reason behind my question is that most of available tut's are not clear to follow.
Re: Inlining ACProtect v1.32
Maybe I will take a look at the new version, just in case.
Regarding other inline tutorials, I haven't written much..., the truth is that I don't even have the time anymore, but I will do something more in the future.
Regarding other inline tutorials, I haven't written much..., the truth is that I don't even have the time anymore, but I will do something more in the future.
I have Inlined Truth into Well-Packed lies. (Hack_ThE_PaRaDiSe)
Re: Inlining ACProtect v1.32
Please don’t think I am here just to download and ask people to crack staffs. I do want to learn.
Without any compliment, I found your inline tut the most useful one I have ever read out. It is really beneficial as it presenting the idea in a very simple way. Thus, I asked about the other inline tut’s.
I am very keen on MUP and inline patching so I hope that you carry on……
In regard of our target I’ll keep you updated if I achieve some thing new and pls do so
Without any compliment, I found your inline tut the most useful one I have ever read out. It is really beneficial as it presenting the idea in a very simple way. Thus, I asked about the other inline tut’s.
I am very keen on MUP and inline patching so I hope that you carry on……
In regard of our target I’ll keep you updated if I achieve some thing new and pls do so
Re: Inlining ACProtect v1.32
Don't worry man I don't think that you are here just for asking other people to crack something for you.
In any case, if you believe in your self and keep on trying you will achieve your goals in the end.
I am not a great unpacker or inliner either, but that's alright because at least I know that everything I do I know why I do it and I don't keep just copying stuff.
I am sure you are the same...,so just go for it and everything will be fine.
In any case, if you believe in your self and keep on trying you will achieve your goals in the end.
I am not a great unpacker or inliner either, but that's alright because at least I know that everything I do I know why I do it and I don't keep just copying stuff.
I am sure you are the same...,so just go for it and everything will be fine.
I have Inlined Truth into Well-Packed lies. (Hack_ThE_PaRaDiSe)
Re: Inlining ACProtect v1.32
That's true, I am not here for this reason. I was googling and found one of your tut's so I came to this fourm
Anyway, I cannot beleive you're not good inliner cause the way you wrote the inline code is professional
I have read several inline tut's and beleive or not 90% of which are rubbish as the authors either wanted to hide some thing or they are not sure (just copy and paste).
I really do want you to carry on so pls whenever you have spare time be generous to share what you have
Thanks again and so sorry for bothering you
Anyway, I cannot beleive you're not good inliner cause the way you wrote the inline code is professional
I have read several inline tut's and beleive or not 90% of which are rubbish as the authors either wanted to hide some thing or they are not sure (just copy and paste).
I really do want you to carry on so pls whenever you have spare time be generous to share what you have
Thanks again and so sorry for bothering you