How to crack a DOS program running in a Windows XP console
Hi. I'm new to cracking software, in fact, I have never tried cracking but now I really need to learn. My uncle has a company which uses a VERY old DOS program to keep accounting, banking and staff control (an administrative software suite, kinda!). This software is installed in a computer running Windows NT server with CPU: PIII 700 MHz, RAM: 128MB, HDD: 4GB... It is a junk computer and is the company's server. The workstations are similar machines running windows 98. At first, Windows XP could not be used because the program (which was ran as a shortcut on a network drive) would throw a runtime error related to the speed of the PC. I solved this, and the program CAN be used in any PC now. The software cannot be installed on another computer because it asks for some registration code, which you obtain by calling the people who developed the software and give them a code that the program generates after analyzing the computer hardware. My uncle bought the license about 10 years ago and the software company disappeared some 5 years ago, so there is no chance of installing the software on a new PC (I have to mention that the installation files are in diskettes that are 10 years old and maybe not very reliable). After the LONG introduction, my problem is that I want to be able to migrate the software to a newer PC but I have had no success.Here is the MAIN issue and what I have tried:
I copied the complete folder containing the software to a new PC running Windows XP Proffesional(CPU: Pentium D 3.2GHz. RAM 1024MB, HDD: 80GB). If I run the executable, the program runs and gives a message "UNAUTHORIZED COPY, ACCESS DENIED" ("COPIA NO AUTORIZADA, ACCESO DENEGADO"). The only thing you can do is press ENTER an the program exits. (I put the translation to spanish because the whole software is in spanish). Along with this message, there is also information about the licence and serial of the program, i.e. LICENCIA: ELIMER C.A. SERIAL:02960080. It seems that the program is reading the licence information correctly. If the exe file is copied to a folder alone, it shows the same message, creates several files and the LICENCIA: and SERIAL: "fields" appear blank.
I have tried DISASSEMBLING. W32dasm: cannot load process because it is not a win32 app, IDA: I think it disassembles the file correctly but don't know how to find or break on the function that calls the display of the "invalid copy" message
I have tried DEB***ING. MS-DOS DEBUG command: I trace the file and focus on CALL and INT statements tracing over most of those commands and the results I get are either the programs ends without any message or display, or the program displays the same "unautorized copy" message.
I have tried DOSbox. Running the program hangs DOSbox. DOSbox with deb***er: The program tries to run and then DOSbox is closed abruptly without any error message.
I have SoftICE Driver Studio 2.6 but NO idea how to use it.
Summarizing, I need to know how can I intercept the moment where the message "COPIA NO AUTORIZADA, ACCESO DENEGADO" is displayed so I can try to skip the authorization process and make the program run in any PC.
I can send the EXE file to anyone who is willing to help. My e-mail is superstar[at]firefighting[dot]net.
Thank you very much for all your help.
I tried the registry thing but no lock. I have been working with softice and IDA also with no luck so I decided to temporarily give up softice, IDA or anything related. I made an image of the HDD containing the program. The OS is Windows NT 4.0 SP6 and the HDD has two partitions, the 1st (C:\>) is a FAT partition and the system folder is located in there along with the program files and the program INTEPLUS. The other partition is NTFS and has the recycler, system volume information folders. The "original" HDD is only 4GB the new ghosted HDD is 80GB. Now, after I ghosted the HDD, I placed it as master in a completely different machine: CPU, RAM, Motherboard and HDD, of course. The OS booted OK and to my surprise... The program DID NOT give an error message!!!!!. This test certainly ruled out any hardware check made by the program, I mean it does not check for CPUID or HDD hardware serial number or BIOS info, am I correct? The next thing was to place this ghosted HDD as a slave to an HDD having Windows XP SP2 as OS. After WinXP booted I copied the Iplus (INTEPLUS.EXE) folder to the root of the winXP HDD and tried to execute it... NO LUCK THERE, same error message. I said letīs try to run the file from the ghosted HDD. What I have so far is: WinXP HDD= C: one NTFS partition 80GB. Ghosted HDD = E: FAT partition 4GB + F: NTFS logical partition NTFS 74GB. So, I double click on E:\Iplus\INTEPLUS.EXE and again, to my surprise..... The freaking program worked!!!!!
Now, I thought maybe it has something to do with the HDD VOLUME serial number, so I changed it with the sysinternals volumeid utility.... NO LUCK EITHER, INTEPLUS.EXE still gives the same error if executed from the WinXP HDD.
My conclusion is that the program doesnīt check OS version or hardware serials or IDs but rather something in the HDD, maybe file structure, MBR information, partition information, I donīt know. Is there anyone who can help!????!!???!
Dude, my guess is the .exe is looking for something on C: drive, not D: (the ghosted image). And that there's some kind of hardware check.
Originally Posted by superstar
Looks easy to accomplish, are you charging your uncle some bucks?
If you ghosted the HDD and it works must be checking for the date and time of creation of the application directory.