+HCU 1997, Project2: Winice cracking
Phase 3

Courtesy of Fravia's page of reverse engineering

I wrote the follwing after +RCG's first essay (more on Winnie):
Apparently Numega's guys reacted very quickly to the information above. The new downloads from their site DO NOT HAVE any more the
; Eval expiration date - DO NOT REMOVE!
string... :-) Funny, isn't it?

And This essay was an answer from Frog's print:

Phase 3

By Frog's print - 26 May 1997
No, unfortunately they didn't! Not yet...

I downloaded SoftIce 3.01 Win95 today (Friday 23,1997) at Numega's web site (the
quickest way to get it (and the documentation) without their registration form
is : http://www.numega.com/eval/evareq6_stp2.ht) and re-installed it.

I DID find the "Eval expiration date - DO NOT REMOVE!..." string inside
WinIce.dat.

The reason is that right BEFORE installing it I DELETED in the Registry the
following values:

        HkeyLocalMachine\SOFTWARE\Microsoft\Windows\Help
	OleGUIDHigh	
	OleGUIDLow	

Those values are ONLY used by Loader32.exe and the SetUp program.

The values inside WinIce.dat (Eval expiration date...) are ONLY used by
WinIce.exe.

Rename "HkeyLocalMachine\SOFTWARE\Microsoft\Windows\Help" or delete it and then
fire Loader32.exe. You'll get the following error message:

 "Access violation at address 78608952.Read of address 78608952".

Then, Loader32 will pop-up and you'll see:
 
 In the status bar       : "Soft-Ice not loaded"       ; even if it IS!!
 In the main window : "Blah blah blah"               ; funny isn't it?

You'll get a similar message if you delete or rename "OleGUIDHigh" or
"OleGUIDLow" but in such a case, WinIce.exe will be active.

Now, if the 'eval Expiration...' line in winice.dat is removed or does not
appear in your WinIce.dat, WinIce.exe will NEVER work but the Loader will.

The SetUp program just checks the Registry for "OleGuidHigh" and "OleGuidLow" to
see if a copy of SoftIce (14 days trial) has previously been installed on your
computer (the UnInstall program does not remove them).

If so, it will not add the installation date string inside WinIce.dat even if
your evaluation period has not yet expired and you could not use SoftIce any
longer (and it will not change the values in the Registry as well).

This is just because Numega's guys don't want you to re-install it as many times
as you want in order to use the program after the 14 days trial period.

So, without cracking WinIce.exe, NmTrans.dll and Loader32.exe, you can use
SoftIce FOREVER as long as,  when you re-install it after you trial period, yo 
delete the values located in the Registry.

 Again, this is just another very simple (and from our point of view rather 
disappointing!) trick/protection from Numega! Cmon guys, you can protect 
better than that!

PS: To check the above comments, the best is to install and then re-install
SoftIce using a "Spy" program like TechFacts 95 v1.30 (3/7/97) (from
DeanSoftware Desing - who released InfoSpy) available at:
http://ourworld.compuserve.com/homepages/deansoft
I use it each time I install a program and it is very helpful (BTW, as it is
shareware, you may want to crack it by searching for "C6051AF34C0001" and 
replace with "C6051AF34C0000"! :-)

Frog's Print -


You are deep inside Fravia's page of reverse engineering, choose your way out:

homepage links red anonymity +ORC students' essays tools cocktails
antismut CGI-tricks search_forms mailFravia
Is software reverse engineering legal?