Home > Reverse Engineering > Final Uninstaller – Patched

Final Uninstaller – Patched

Recently, my Google Chrome keep crashing on me, I tried to uninstall it, but still crash, my assumptions is something not wrong with my browsing data, so I tried to remove all chrome related data from temporaries, registries, etc.

Looking around for a good uninstaller, I found Final Uninstaller, but the thing is a shareware.

First, I was going to alter the registration process, but then everytime I fired up Final Uninstaller, I always have UnRegistered version coming up, even after I patched the Registration process. Then I changed my trace into the application start, and look for some string reference of “UnRegistered Version”, if I can’t find it, I will look intermodular calls and reverse engineer some assembly codes to perhaps make a Keygen, based on the Registration process, but I found this string, and everything become simpler, I can then crack it for just a couple minutes.

Fired up OllyDbg, search for strings reference of “UnRegistered Version”, trace up and search for the caller of the unregistered function, got one, changed jnz into jz, and voila, I have a patch address, fired up hex editor, change patch it, save it as a patch binary. Overwrite my trial one with my patched one, then it’s full version now.

This app is bare naked, it doesn’t have protection whatsoever that makes it easier to crack in just a couple minutes.

One more thing, this app created either using Delphi or C++ builder, I saw it uses fastcall calling convention in all of its function call and TXXX class naming everywhere.

Categories: Reverse Engineering
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: