PDA

View Full Version : edit/hack .ax file possible?


E-Male
17th September 2002, 22:27
Is it possible to edit or hack a .ax file to remove restrictions of the directshow filter (like some options only work with one program)?

thx
e-male

DSPguru
20th September 2002, 17:57
.ax, just like "plain dlls" can be hacked to change its functionality.

E-Male
21st September 2002, 01:18
if i had asked you if you could tell me the time, youīd also have just said "yes" wouldnīt you (hope this translates good form german and still makes sence)

seriousely now:
could you although tell me how, or whom to ask to try that for me

thx
e-male

-h
21st September 2002, 02:58
Not really, he answered the question you asked.

This is also getting a bit close to forum rule #6.

However, if you're interested in altering dll's from a perfectly valid reverse-engineering point of view, look around http://tsehp.cjb.net and see if anything interests you.

-h

DSPguru
21st September 2002, 15:01
@E-Male
i wasn't being cynic.


you could search the web for IDA (interactive disassembler)

E-Male
21st September 2002, 16:03
I didnīt men to be rude either, should have been funny, didnīt work :rolleyes:

I gues iīm much to unexperienced to do this myself, but iīll tey when i got time

thx for your answeres

cu
e-male

p.s. sorry if i got close to breaking a rule, i was thinking about leaving out the word "hack", but decided to leave it in as i donīt see it as a negative word like "crack"

Dark-Cracker
21st September 2002, 16:17
hi,

i can else download windasm8.9 (freeware instead of IDA) (www.protools.cjb.net)
to make a dead cracking (because the code was dissembled an u see it fully)
else u can use softice (a debugger) to enter in the software and it a live cracking because u only seen the code line after line.

i think your .ax file was not packed u can simply dissable your file go in the "string data reference" and search the restriction msg (somethink like : trial has expired) double click on it and u will be in the part of the code who show this msg, genery the programmer use a messagebox to splash this msg and u will surely find some think like :

XXXXXXX call XXXXXX <= the registration check
XXXXXXX test eax, eax <= compare the registre eax
75XXXXX jnz XXXXXXXX <= if eax=1 u are registered and jump the msdgbox calling.
XXXXXXX push XXXXXXA <= this will show an information msgbox
XXXXXXX push XXXXXXX <= push on the stack "trial has expired"
XXXXXXX call MessageboxA <= show u this msg

generaly the check registration return a boolean (eax=0 or eax=1)
after this check a jump conditionnaly (jnz=jump if not zero) will jump or not the msgbox. the opcode of the jnz was 75 the op code of the jz (jump if zero) is 74 and the opcode of the jump is EB, to make a quick and dirty patching , look the offset (in the satus bar) open your hexeditor go to the ofset and change the 75 by EB and now the soft will stop to show u this crap msgbox.

it's only the theorie of cracking. but i think u could make some tests :) good luck

Ps: don't make illegal stuff.

Bye.

E-Male
21st September 2002, 16:48
there is no message just some options greyd out when i use the filter in graphedit

thx anyway

Dark-Cracker
21st September 2002, 17:04
lol sound like the windvd audio filter :) , if u only want to enable some options u could use "The Customiser v1.1" it can on the fly endable/disable some tick , button , textbox ...etc... sorry i have no link for this tool use google.

bye.

E-Male
21st September 2002, 17:43
Originally posted by Dark-Cracker
lol sound like the windvd audio filter :)
almost :D powerdvd

thx for your help

cu
e-male