r0ger Posted September 23, 2021 Posted September 23, 2021 Yeah, today i've discovered it when most of tPORt releases, even with v2m's in it (with libv2 1.0 mostly), don't work on Vista and higher, so if u wanna test these releases/having some experience with them but ur just lazy too open them up in XP (or simply you don't have it), here's how i did it : I firstly opened one of tPORt's releases with v2m in it i have in my collection with IDA pro , then i've analyzed the whole EXE file . The v2m initialization must start with DirectSoundCreate function most of it , from which it was called from this : sub_406E82 proc near ; CODE XREF: sub_403DEA+38^p PS_____:00406E82 PS_____:00406E82 var_9C = dword ptr -9Ch PS_____:00406E82 arg_0 = dword ptr 4 PS_____:00406E82 arg_4 = dword ptr 8 PS_____:00406E82 arg_8 = dword ptr 0Ch PS_____:00406E82 PS_____:00406E82 pusha PS_____:00406E83 mov ebx, offset dword_6722B4 PS_____:00406E88 mov ecx, 20082h PS_____:00406E8D mov edi, ebx PS_____:00406E8F xor eax, eax PS_____:00406E91 rep stosb PS_____:00406E93 mov esi, [esp+20h+arg_0] PS_____:00406E97 mov [ebx+0Ch], esi PS_____:00406E9A mov esi, [esp+20h+arg_4] PS_____:00406E9E mov [ebx+10h], esi PS_____:00406EA1 lea esi, [ebx+8] PS_____:00406EA4 mov [esi], eax PS_____:00406EA6 push eax ; pUnkOuter PS_____:00406EA7 push esi ; ppDS PS_____:00406EA8 push eax ; pcGuidDevice PS_____:00406EA9 call DirectSoundCreate PS_____:00406EAE mov esi, [esi] PS_____:00406EB0 or esi, esi PS_____:00406EB2 jz short loc_406ED5 PS_____:00406EB4 mov al, 2 PS_____:00406EB6 push eax PS_____:00406EB7 push [esp+24h+arg_8] PS_____:00406EBB push esi PS_____:00406EBC mov edi, [esi] PS_____:00406EBE call dword ptr [edi+18h] PS_____:00406EC1 or eax, eax PS_____:00406EC3 jnz short loc_406ED5 PS_____:00406EC5 push eax PS_____:00406EC6 lea ebp, [ebx+4] PS_____:00406EC9 push ebp PS_____:00406ECA push offset dword_407194 PS_____:00406ECF push esi PS_____:00406ED0 call dword ptr [edi+0Ch] PS_____:00406ED3 or eax, eax PS_____:00406ED5 PS_____:00406ED5 loc_406ED5: ; CODE XREF: sub_406E82+30^j PS_____:00406ED5 ; sub_406E82+41^j PS_____:00406ED5 jnz short loc_406EE6 PS_____:00406ED7 push eax PS_____:00406ED8 lea edx, [ebx] PS_____:00406EDA push edx PS_____:00406EDB push offset dword_407180 PS_____:00406EE0 push esi PS_____:00406EE1 call dword ptr [edi+0Ch] PS_____:00406EE4 or eax, eax PS_____:00406EE6 PS_____:00406EE6 loc_406EE6: ; CODE XREF: sub_406E82:loc_406ED5^j PS_____:00406EE6 ; sub_406E82+A6ˇj PS_____:00406EE6 jnz loc_406FB4 PS_____:00406EEC lea edi, [ebx+70h] PS_____:00406EEF push edi PS_____:00406EF0 lea esi, word_40716E PS_____:00406EF6 lea ecx, [eax+12h] PS_____:00406EF9 rep movsb PS_____:00406EFB mov esi, [ebp+0] PS_____:00406EFE push esi PS_____:00406EFF mov edi, [esi] PS_____:00406F01 call dword ptr [edi+38h] PS_____:00406F04 xor esi, esi PS_____:00406F06 push 2 PS_____:00406F0B lea edx, [ebx+2Ch] PS_____:00406F0E push edx PS_____:00406F0F lea edx, [ebx+28h] PS_____:00406F12 push edx PS_____:00406F13 lea edx, [ebx+24h] PS_____:00406F16 push edx PS_____:00406F17 lea edx, [ebx+20h] PS_____:00406F1A push edx PS_____:00406F1B push esi PS_____:00406F1C push esi PS_____:00406F1D mov ebp, [ebx] PS_____:00406F1F mov esi, [ebp+0] PS_____:00406F22 push ebp PS_____:00406F23 call dword ptr [esi+2Ch] PS_____:00406F26 or eax, eax PS_____:00406F28 jnz short loc_406EE6 PS_____:00406F2A mov ecx, [ebx+24h] PS_____:00406F2D mov edi, [ebx+20h] PS_____:00406F30 rep stosb PS_____:00406F32 mov ecx, [ebx+2Ch] PS_____:00406F35 mov edi, [ebx+28h] PS_____:00406F38 rep stosb PS_____:00406F3A push dword ptr [ebx+2Ch] PS_____:00406F3D push dword ptr [ebx+28h] PS_____:00406F40 push dword ptr [ebx+24h] PS_____:00406F43 push dword ptr [ebx+20h] PS_____:00406F46 push ebp PS_____:00406F47 call dword ptr [esi+4Ch] PS_____:00406F4A or eax, eax PS_____:00406F4C jnz short loc_406FB4 PS_____:00406F4E mov dword ptr [ebx+68h], 0FFFF0000h PS_____:00406F55 mov dword ptr [ebx+6Ch], 0FFFF0000h PS_____:00406F5C xor eax, eax PS_____:00406F5E push eax ; lpName PS_____:00406F5F push eax ; bInitialState PS_____:00406F60 push eax ; bManualReset PS_____:00406F61 push eax ; lpEventAttributes PS_____:00406F62 call CreateEventA PS_____:00406F67 mov [ebx+40h], eax PS_____:00406F6A lea eax, [ebx+48h] PS_____:00406F6D push eax ; lpCriticalSection PS_____:00406F6E call InitializeCriticalSection PS_____:00406F73 xor eax, eax PS_____:00406F75 inc al PS_____:00406F77 push eax PS_____:00406F78 push 1 PS_____:00406F7D dec al PS_____:00406F7F push eax PS_____:00406F80 push eax PS_____:00406F81 push ebp ; nPriority PS_____:00406F82 call dword ptr [esi+30h] PS_____:00406F85 or eax, eax PS_____:00406F87 jnz short loc_406FB4 PS_____:00406F89 fld flt_406E50 PS_____:00406F8F fstp dword ptr [ebx+14h] PS_____:00406F92 lea edx, [ebx+3Ch] PS_____:00406F95 push edx ; lpThreadId PS_____:00406F96 push eax ; dwCreationFlags PS_____:00406F97 push eax ; lpParameter PS_____:00406F98 push offset sub_407009 ; lpStartAddress PS_____:00406F9D push eax ; dwStackSize PS_____:00406F9E push eax ; lpThreadAttributes PS_____:00406F9F call CreateThread PS_____:00406FA4 mov [ebx+1Ch], eax PS_____:00406FA7 inc [esp+9Ch+var_9C] PS_____:00406FAA push eax ; hThread PS_____:00406FAB call SetThreadPriority PS_____:00406FB0 popa PS_____:00406FB1 stc PS_____:00406FB2 jmp short loc_406FBB PS_____:00406FB4 ; --------------------------------------------------------------------------- PS_____:00406FB4 PS_____:00406FB4 loc_406FB4: ; CODE XREF: sub_406E82:loc_406EE6^j PS_____:00406FB4 ; sub_406E82+CA^j ... PS_____:00406FB4 call sub_406FC0 PS_____:00406FB9 popa PS_____:00406FBA clc PS_____:00406FBB PS_____:00406FBB loc_406FBB: ; CODE XREF: sub_406E82+130^j PS_____:00406FBB sbb eax, eax PS_____:00406FBD retn 0Ch PS_____:00406FBD sub_406E82 endp .... then from this subroutine which was called in DialogFunc : sub_403DEA proc near PS_____:00403DEA PS_____:00403DEA var_4 = dword ptr -4 PS_____:00403DEA arg_0 = dword ptr 4 PS_____:00403DEA arg_4 = dword ptr 8 PS_____:00403DEA PS_____:00403DEA mov ecx, [esp+arg_0] PS_____:00403DEE mov edx, offset dword_40B160 PS_____:00403DF3 call sub_403558 PS_____:00403DF8 call sub_403666 PS_____:00403DFD push [esp+arg_4] PS_____:00403E01 xor eax, eax PS_____:00403E03 push eax PS_____:00403E04 push offset sub_403D0F PS_____:00403E09 mov dword_40B154, eax PS_____:00403E0E mov dword_40B150, eax PS_____:00403E13 mov dword_40A718, eax PS_____:00403E18 mov dword_40A71C, 1 PS_____:00403E22 call sub_406E82 PS_____:00403E27 fld1 PS_____:00403E29 push ecx PS_____:00403E2A fstp [esp+4+var_4] ; float PS_____:00403E2D call sub_407147 PS_____:00403E32 retn 8 PS_____:00403E32 sub_403DEA endp and this was the block of codes where the v2m playback was initiated : PS_____:00401AD4 call sub_403DEA PS_____:00401AD9 call sub_403E35 PS_____:00401ADE mov byte_409520, 1 So what i did was patching them with NOP's only so this would skip the whole V2M playback subroutine (yep, this will not play v2m anymore.) : Final result (for example i chose AutoRun_Pro_6.0.1.40.Keygen.ev1l^4.tPORt ) : Without patching (and with v2m playback called, and about to play in the keygen) may result in this error (which is manifested from Vista and higher - the keygen will run normally with v2m playback only on Windows XP) ...: other results : ObjectRescuePro_v3.0_Crack_by_M!H@N Drive_Discovery_v2.1.Keygen.LaZzy.tPORt MetaProducts Flash and Media Capture v1.2.43 SR1 by tPORt MOV_to_AVI_MPEG_WMV_Converter_v_1_8_4 X-NetStat_Pro_5.5.Keygen.tPORt Xilisoft_OGG_MP3_Converter_2.1.63.Keygen.tPORt But i know there was a patch solution for it i've found months ago in which can play the v2m's in windows 7 with libv2 1.0 , idk if it really is but if i see it and the patch solution getting to work even on 7 , maybe i'll post the solution. Anyway,this is how i fixed the releases using IDA only.
r0ger Posted October 1, 2021 Author Posted October 1, 2021 As a matter of fact, since i have all their resources, i'm gonna remake some of these templates above, but using MagicH's v2m engine on them for almost-full experience (perhaps i won't include their keygen algos). And i'll be posting them directly in Downloads section.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now