Regview tells us that this program uses:

HKEY_LOCAL_MACHINE\SOFTWARE\Crystal Software\DropConvert
 
to store all it's program's settings and that the following entries control the 30 day trial limit:

\11
\1l
\ll
\l1
 
So if we delete these four entries then the 30 day time limit resets itself back to 30 days.
 

The Essay

     
We are going to 'patch' this program as best we can so that it looks and feels just like the registered version.. This is, from our point of view an exercise, it should not be looked at as a way of stealing this software, if you wish to use it after the 30 day trial period then please register it legally.

Our task therefore is to see if we can disable the 30 day trial limitation and to change some of the more obvious 'shareware' messages into ones that might appear in the fully registered version then finally tidy up by disabling the routine that handles the days before program expires.
 
 
DISABLING THE INITIAL NAG SCREEN

Fire up W32Dasm and create a 'Dead Listing' of this program, we want to see where the program checks for the how many days remaining and where all the 'Shareware' message are..

With W32Dasm up and running take a look at the String Data Resources for this program.. You should see this section of string resources:-

"TThreadWindow"
"ULTSI"
"UMDAF"
"UMDN"
"UninstallString"
"USER32"
"vcltest3.dll"
"Warning: Lengths of Search and "
"Welcome to DropConvert!"
"WhatsNew.Txt"
"WINNLSEnableIME"
"wmf"
"WndProcPtr%.8X%.8X"
"Y"
"You have been using DropConvert "   ;Double-click on this line
"YY]"
"yyyy"

If you now double-click on the highlighted line then W32Dasm will take you to this snippet of code:-
 
:004527EC 833801                  cmp dword ptr [eax], 00000001 ;Are we
                                                                ;down to
                                                                ;1 day?
:004527EF 7E31                    jle 00452822 ;If no then jump

*StringData Reference "You have been using DropConvert for "
 
:004527F1 68F4294500              push 004529F4
:004527F6 8D55E8                  lea edx, dword ptr [ebp-18] ;Days left
:004527F9 A1C45D4500              mov eax, dword ptr [00455DC4]
:004527FE 8B00                    mov eax, dword ptr [eax]
:00452800 E86F46FBFF              call 00406E74
:00452805 FF75E8                  push [ebp-18];Days left stored in here

*StringData Reference " days of your 30 day evaluation period."
  :00452808 68242A4500              push 00452A24

OK, lets now scroll up W32Dasm's window, we're looking for a reference that indicates that the program uses a CALL to execute these routines, this would suggest that the program on loading, executes these routines by a single Call statement.  In programming terms this is quite a common way to do things and makes for neater code..

Scrolling up the listing you will come across this snippet of code:-
 
* Referenced by a CALL at Address: :0045181E
 
:004526B8 55                      push ebp
:004526B9 8BEC                    mov ebp, esp
:004526BB 83C4E8                  add esp, FFFFFFE8
 
This looks promising, a single call starts all these routines that handle the initial nag screen reminder, including how many days left you have to evaluate this program.. Lets now locate this call instruction at memory offset: 0045181E
 
:00451817 E8F8060000              call 00451F14
:0045181C 8BC3                    mov eax, ebx
:0045181E E8950E0000              call 004526B8 ;This is our Nag Screen
:00451823 B201                    mov dl, 01
:00451825 8BC3                    mov eax, ebx
 
After placing a Softice breakpoint on this location and then forcing the program to 'skip' over this call statement confirmed that this was in deed, our startup Nag Screen reminder.. So all we need to do then is simply Nop (90h) out this call completely.. I will explain at the end of this essay what bytes you need to change for this patch..

That's the Nag screen taken care of..
 

CHANGING WHAT'S SHOWN IN THE 'ABOUT' SCREEN
 
Our next task is to change certain references to this program being a Shareware program so that it now says it's a Registered program..
 
Where would you start?.. Well the best place to begin with is the routines used in the 'About' Screen, these are almost identical in operation as the initial Nag screen and also inform the User how many days left they have to evaluate this program.
 
Searching through W32Dasm for "DropConvert v2.3  Shareware Edition" we find the start of the 'About' screen code here.

* Referenced by a (C)onditional Jump at Address:00452E25(C)
|
:00452E8C 55                      push ebp
:00452E8D 8BEC                    mov ebp, esp
:00452E8F 6A00                    push 00000000
:00452E91 6A00                    push 00000000

It's clear then, we have to somehow change the code to something else, but what?. In keeping with the rest of the program I opted to make all future accesses to the 'About Screen' so that instead of displaying a dialog screen it will instead bring up the file Order.txt' file (found in the same directory as Drop Convert) inside WordPad, just as it does with the other options under Help.

Here's the revised code for the 'new' About Screen:-
 
* Referenced by a (C)onditional Jump at Address: 00452E25(C)
 
:00452E8C E87B0B0000              Call 00453A0C ;Display License.txt
:00452E91 c3                      Ret
:00452E92 6A00                    push 00000000
:00452E94 6A00                    push 00000000
 
I shall be showing you later what bytes to change within the program later for this patch..
 

CHANGING THE SHAREWARE REFERENCES
 
Now we come to the fun bits.. We now need to work out what shareware related messages get shown and which ones to change.. Caution must be used in order to keep our changes within the bounds of the existing text, else we could overwrite important program code.. For this job all I need is Hex Workshop or if you haven't this utility any hex Editor will do..

Bellow are all the changes you need to make to this program for it to run as *registered*

Job Done.
 

The Patches

     
Load up dropconv.exe into your favorite hex editor...
 
To disable the Nag Screen...
Search for the bytes      :8BC3E8950E0000
Replace highlighted bytes :8BC39090909090
 
To change the 'About Screen..
Search for the bytes      :8BEC6A6A006A0033CO
Replace highlighted bytes :E87B0B0000C3909090
 
To Change the Shareware text "Shareware Edition"..
Goto offset: 50BA8
Type: Registered Edition

Final Notes

    
This is a good exercise for newbies to help them increase your cracking skills, in fact I have deliberately left out one change to this program which you must work out for yourself in order to make this program 100% cracked. I have done 99% of the work for you so this shouldn't be too difficult for you..

My thanks and gratitude goes to:-
 
Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.
 
+ORC for showing me the light at the end of the tunnel.
 

Ob Duh

 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will encourage them to produce even *better* software for us to use and enjoy.

Ripping off software through serials and cracks is for lamers..
 
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.