Table of Contents

About

DVD Audio Extractor at version 7.2.0 has two "protections":

  1. a nag screen
  2. a trial time-bomb

Let's start with the time-bomb because it is the easiest to get rid of.

Time Bomb

In sub_100074ac0 we find a sequence that checks whether the license has expired or the license is invalid. So at 0x100075107 we jump over that section into the next:

                                            sub_100074ac0:
0000000100074ac0 55                              push       rbp
0000000100074ac1 4889E5                          mov        rbp, rsp
0000000100074ac4 4157                            push       r15
0000000100074ac6 4156                            push       r14
0000000100074ac8 4154                            push       r12
0000000100074aca 53                              push       rbx
0000000100074acb 4881ECD00A0000                  sub        rsp, 0xad0
; ...
                                       ; Basic Block Input Regs: <nothing> -  Killed Regs: rax rcx
00000001000750e4 B9FFFFFFFF                      mov        ecx, 0xffffffff
00000001000750e9 F00FC148F8                      lock xadd  dword [ds:rax+0xfffffffffffffff8], ecx
00000001000750ee 85C9                            test       ecx, ecx
00000001000750f0 0F8F9B010000                    jg         0x100075291
                                       ; Basic Block Input Regs: <nothing> -  Killed Regs: rsi
00000001000750f6 488D75B8                        lea        rsi, qword [ss:rbp-0xaf0+var_2728]
00000001000750fa E8F1558C00                      call       imp___stubs___ZNSs4_Rep10_M_destroyERKSaIcE ; std::string::_Rep::_M_destroy(std::allocator<char> const&)
00000001000750ff E98D010000                      jmp        0x100075291
                                       ; Basic Block Input Regs: rbx -  Killed Regs: <nothing>
0000000100075104 83FB03                          cmp        ebx, 0x3                      ; XREF=0x100074df9
0000000100075107 E985010000                      jmp        0x100075291
000000010007510c 90                              nop        
; ...
; trial expired and invalid license
; ...
0000000100075291 488BBDD0FEFFFF                  mov        rdi, qword [ss:rbp+0xfffffffffffffed0] ; XREF=0x1000750de, 0x1000750f0, 0x1000750ff, 0x100075107
0000000100075298 E8C13D8C00                      call       imp___stubs__free
000000010007529d 488BBDC0FEFFFF                  mov        rdi, qword [ss:rbp+0xfffffffffffffec0]
00000001000752a4 E8B53D8C00                      call       imp___stubs__free
00000001000752a9 488B85B8FEFFFF                  mov        rax, qword [ss:rbp+0xfffffffffffffeb8]
; ...

This takes care of the time-bomb.

Nag Screen

When the application launches it displays a nag screen that can only be dismissed if one clicks the "Register Later" button. Instead of attacking the subroutine that displays the dialog directly, we find the following sequence that calls the dialog subroutine:

0000000100074d66 E994000000                      jmp        0x100074dff                             ; Avoid the nag dialog sequence
0000000100074d6b 90                              nop        
0000000100074d6c 488DBDD8FAFFFF                  lea        rdi, qword [ss:rbp+0xfffffffffffffad8]
0000000100074d73 E838C5FFFF                      call       sub_1000712b0                           ; This is the nag dialog subroutine.
0000000100074d78 488B85D8FAFFFF                  mov        rax, qword [ss:rbp+0xfffffffffffffad8]
0000000100074d7f 488B8088070000                  mov        rax, qword [ds:rax+0x788]
0000000100074d86 488DBDD8FAFFFF                  lea        rdi, qword [ss:rbp+0xfffffffffffffad8]
0000000100074d8d FFD0                            call       rax
0000000100074d8f 3DEC130000                      cmp        eax, 0x13ec
0000000100074d94 7550                            jne        0x100074de6

The jmp and nop is added such that the subroutine responsible for displaying the dialog sub_1000712b0 is never called.

Index


cracks/dvd_audio_extractor/2.7.0.txt ยท Last modified: 2022/04/19 08:28 by 127.0.0.1

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.