+======================================================+
| PE Loader with Self Learning Ability by c0rdat ^ind. |
+======================================================+
+----------+
The | A ny |
| B uild |
| E nabled |
| L oader | project.
+----------+
Platform: Win 9x,Me,NT,2000,XP
Language: English
contact: [email protected]
Easy-to-use loader generator available at:
http://wave.prohosting.com/c0rdat/abel.html
---------------------------------------------------------------------
Personally, I hate cracks and loaders that work wih only one build
of target program. If I download application xx ver.1.8 and I find
crack for "xx ver.1.8" on the Internet, I expect it to work.
Unfortunatelly, this is not always true. Sometimes (especially
when software developer updates trial versions frequently) only the
keymaker can be used, because it's practically impossible to download
the same build of application that someone used to create crack.
There is a possibility of creating 'search and replace' crack, but it's
not very popular, because:
a) if target application is packed with any exe-packer, it's impossible
to apply the patch. More and more software developers use exe-packers
to make cracker's life a bit harder ;)
b) high-level-language compilers try to optimise compiled code by using
different processor registers 'one by one'. It means that the same
source code can produce different machine code after compiling,
depending on... weather, time of day and amount of beer drinked
by the author before compilation ;) (just kidding - there are rules of
optimization used by every compiler available).
That's why I started the ABEL project (Any Build Enabled Loader).
Presented loader can 'learn' the new version of application if there
were no changes to the protection scheme. Loader uses smart search
technology, and (in most cases) isn't sensitive to build-to-build
changes in machine code. Fortunatelly most shareware authors write
their 'magic protections' once, and leave them untouched when they
publish new version of the software. There are just a few exceptions
from that rule (greetings to all *THINKING* software developers ;).
If a software developer publishes new version, let's say, once a month
- he can be sure, that no crack will be real threat to his bussiness.
Most illegal soft user I know, will download latest version of the
software, and look for proper crack in the net. Working crack can
be found after a week, or two... but then - a new version is available
*SHIT* ;) and the whole nightmare starts again, and again...
---------------------------------------------------------------------
FAQ:
Q: What is a loader afterall ?
A: A loader is a small program (sometimes called 'process patcher')
which is able to load another program and make some changes in it's
code IN MEMORY (after loading and unpacking, if .exe was packed).
Q: What is the use of loaders ?
A: Sometimes program you are cracking is packed (with exe-packer)
or even encrypted. It un-packs directly in memory, after loading.
Normal 'crack', which attempts to change program code 'on disc'
is useless in that case. Loader first loads the target program
into memory, then waits until unpacking process is done
(there are 3 ways to make sure that unpacking has finished),
and then changes the program code BEFORE it is executed...
voila: program cracked.
Q: There are planty loaders in internet, who needs another one ?
A: This loader is unique. It has Self Learning Ability (quite simple
idea, I don't really know why everybody isn't using it) that allows
loader to modify itself when target program version changes (i.e. user
updates his version). Of course it's possible only if the security
scheme doesn't change.
Q: OK, so how does it work ?
A: Loader attempt to load target program and check if program version
matches the characterisitic bytes (included in loader file itself).
In case of perfect match, it modifies the target program code to
fool it's protection procedures ('cracks' it) IN MEMORY. If match
is not 100%, loader attempts to 'learn' the new version of target
program, by searching the new locations of characteristic byte sequences.
ATTENTION:
During the learning process, target application must be loaded and running
(check taskbar). If application says 'Trial expired' and after clicking
'OK' just exits, DON'T CLICK OK. If target application crashes and Windows
says 'Unrecoverable application error...', DON'T CLICK OK EITHER.
Let it wait with that message visible. Give loader a few seconds,
and it will pop-up with a message. Don't let target application terminate
when learning process is in progress (this will surely cause a 'crash').
The learning process can take several minutes (depending to PC speed
and number of patches required for target application) so be patient.
When learning is finished loader will pop-up with a message.
After learning, discovered adresses are then written down to a .lrn file.
If characteristic byte sequences can't be found, you'll have to get
loader for newer version. If they are found, when you run loader next time,
it will load a set of discovered addresses from a .lrn file, and then patch
the target program, using them. Learning process will be repeated every
time you update the target application.
There if a possibility, that protection scheme is changed, and after
learning target program isn't working at all... What you can do is try
to delete .lrn file manually, and repeat learning sequence... If it doesn't
help - go get loader for new version.