April 1998
"VSOSC6.OCX"
A cracking template for OCX & VBX's! 
Win'95 PROGRAM
Win'95 Code Reversing
 
 
by The Sandman 
  
 
Code Reversing For Beginners 
 
 
 
Program Details
Program Name: VSocx6.ocx
Program Type: VB4/5 add-on
Program Location:  Videosoft.com 
Program Size: 243,200 Bytes
Packed using: N/A 
 
   
Tools Required:
Any DOS/WIN Hex Editor!
 
Rating
Easy ( X )  Medium (    )  Hard (    )  Pro (    ) 
 There is a crack, a crack in everything, that's how the light gets in.
 
 
 
A cracking template for OCX & VBX files!
Written by The Sandman
 
 
 
Introduction
 
VSOCX6 is a Micro$oft Visual Basic V4/5 add-on that allows programmers to add 3D effects, auto-resizing of screen fonts etc in their programs with little or no extra coding.
 
I will mention Videosoft's other products here because they too can be 'cracked' ( I use this term loosely as you will see later ) using the method described below.
 
VSVIEW3.OCX  - A general purpose printer add-on that is by far the best I've ever seen. Uses RTF strings to create professional reports.

VSFLEX3.OCX  - Allows the User to manipulate Micro$oft Access databases to produce complicated sorts and filters on the raw data itself. Has a built-in SOUNDEX feature that is a treat to use.

VSSPELL.OCX -  Allows you to use a spell checker within your Visual Basic programs.

There are many others besides the ones listed above.

The reason why I've mention all of these is because:-
 
    1. They are all Shareware products.

    2. Are all fully functional with nothing crippled.

    3. They all start-up with a single nag-screen.

    4. They all use the SAME method to display this nag-screen!.
 

Please Note:

OCX files are used solely in Windows '95 and above, they come in 16 bit and 32 bit flavours.  VBX files on the other hand are 16 bit add-on files for use with VB3 and below and are primarily for use under Windows 3.1.
 
The Essay 
 
For this tutorial the only tools you will need is a hex editor, I prefer Norton Disk Editor but you can use any hex editor, even a DOS one!.

Once I've explained how to defeat the nag-screen you can then use this method any ANY OCX or VBX add-on that also uses this Shareware method for displaying nag screens! One other product that comes to mind that also uses this method is the 'Early Morning Editor' that allows VB4 programmers to incorporate Word Processing features such as Search, Edit, Replace, Count etc into their VB3/4 programs.

I will first explain how to disable the nag-screens within these OCX & VBX files then explain some interesting notes about this 'crack'.

For this example I will assume you have installed VSOCX6.OCX but the same principle applies to all of the above products.

 
    1. Open up C:\WINDOWS\SYSTEM\VSOCX6.OCX using your favourite Hex Editor,
    Norton's Disk Editor is a good choice to use but if you don't have this
    then any hex editor will do.

    2. Use the option: Search and type in the following hex codes:

    80 00 4F 00 B4

    3. What you should find is that your hex editor has found this hex string right in the
    code that deals with the nag screen text.

    4.  Now change the first byte '80' into '00' so that it now shows:-

    00 00 4F 00 B4

    5. Save changes to the OCX file.
 

That's it!. Once you use this OCX file in the VB design environment or in a run-time environment no nag screen will appear!.  The OCX file can now be used and distributed as though it has been registered.* See Final Notes *
 
 
Crack Loader 
 

This Crack Loader was generated using RTD's Patch Making Engine V2 simply
because it was quick and easy to use..:)  Thanx guys.
 
 

code            segment byte public 
                assume  cs:code, ds:code 
 

                org     100h 

start: 

       mov     dx,offset logo          ; Show your logo 
       call    write                   ; write the message 
       call    open_file               ; Guess what ? 
       mov     filehandle,ax           ; Put the filehandle in "filehandle" 
       mov     dx,offset fsize 
       call    write                   ; write the message 
       call    check_size              ; Check the current filesize 
       mov     di,offset data          ; Point di to data table 
       mov     si,offset ofs           ; Point si to offset table 
       mov     cx,1                    ; Loop ???? times 
       mov     dx,offset crackfile 
       call    write                   ; write the message 

crackit: 
       push    cx                      ; Save cx 
       call    seek_file               ; Seek in the file 
       call    read_file               ; Read one byte and compare 
       call    seek_file               ; Seek again (back) 
       call    write_file              ; Write the byte 
       add     si,4                    ; Add 4 to si 2*sizeof(word) 
       add     di,2                    ; Add 2 to di 2*sizeof(byte) 
       pop     cx                      ; Bring cx back 
       loop    crackit                 ; Loop Crackit 
       mov     dx,offset cracksucc 
       jmp     short goback 

already_patched: 
       mov     dx,offset alreadycrk 
       jmp     short goback 

size_mismatch: 
       mov     dx,offset sizemismtch 
       jmp     short goback 

error: 
       mov     dx,offset erroropen 

goback: 
       call    write                   ; write the message 
       call     close_file             ; Close the file 
       mov     ah,4Ch                  ; Jump back to the operating system 
       int     21h 

Write  
       proc    near 
       push    ax 
       mov     ah,9 
       int     21h                     ; Display String 
       pop     ax 
       retn 
Write  endp 
 

open_file  
      proc    near 
      mov     ah,3Dh 
      mov     al,2                    ; open file function 3Dh 
      mov     dx,offset filenaam 
      int     21h 
      jb      error 
      retn 
open_file endp 
 
 

close_file 
      proc near 
      mov     ah,3Eh                  ; close file function 3Eh 
      mov     bx,filehandle 
      int     21h 
      retn 
close_file      endp 
 
 

check_size 
      proc near 
      mov     bx,ax 
      mov     ax,4202h 
      xor     cx,cx                   ; Check the filelength 
      xor     dx,dx 
      int     21h 
      jb      error 
      cmp     ax, lowsize             ; (Lowbyte) 
      jne     size_mismatch 
      cmp     dx, highsize            ; (Highbyte) 
      jne     size_mismatch 
      retn 
check_size      endp 

read_file 
      proc near 
      mov     ah,3fh 
      mov     bx,filehandle           ; read file function 3Fh 
      mov     cx,1 
      mov     dx,offset readbyte 
      int     21h 
      mov     ah,readbyte 
      cmp     [di],ah                 ; Compare patched bytes 
      jne     already_patched 
      jb      error 
      retn 
read_file       endp 

write_file 
      proc near 
      mov     ah,40h 
      mov     bx,filehandle 
      mov     cx,1                    ; write file function 40h 
      mov     dx,di 
      inc     dx 
      int     21h 
      jb      error 
      retn 
write_file      endp 

seek_file 
      proc    near 
      mov     ah,42h 
      mov     al,0 
      mov     bx,filehandle           ; move file ptr function 42h 
      mov     dx,[si] 
      mov     cx,[si+2] 
      int     21h 
      jnc     here 
      jmp     error 
here: 
      retn 

seek_file       endp 
 
 

filenaam        db      'VSOCX6.OCX', 0 
filehandle      dw      0 
lowsize         dw      46592 
highsize        dw      3 
readbyte        db      0 

logo db '[PATCH FOR [FILEIN] GENERATED BY RTD_PATCH^MR WiCKED V2.0]',0Dh,0Ah 
       db      'þ OPENiNG FiLE : ','$' 

fsize           db      'OK!',0Dh,0Ah,'þ CHECKiNG FiLESiZE : $' 
crackfile       db      'OK!',0Dh,0Ah,'þ CRACKiNG FiLE : $' 
cracksucc       db      'OK!',0Dh,0Ah,'þ PATCH SUCCESSFULL!',0Dh,0Ah,'$'  
alreadycrk  db 'Opps!',0Dh,0Ah,'þ FiLE ALREADY PATCHED OR DiFFERENT!',0Dh,0Ah,'$' 

sizemismtch db 'Opps!',0Dh,0Ah,'þ FiLE iS PACKED OR WRONG VERSiON!',0Dh,0Ah,'$' 

erroropen   db 'Opps!',0Dh,0Ah,'þ CAN', 027h,'T OPEN FiLE !!',0Dh,0Ah,'$' 

ofs             dw      57256 , 2 
data            db      128, 0 
code            ends 
                end     start 
 
 
 
Final Notes 
 

 There are two things worth mentioning here regarding this kind of hack.

    1. Since we've now disabled the nag-screen the 'About Box' for this OCX file will now no-longer be shown in the Visual basic design environment because it too uses the same nag-screen dialog resource we have just disabled.
 

    2. If you run a program that uses a 'cracked' VBX file in Window's '95 then for some reason Window's '95 will display a bogus 'OUT OF MEMORY' dialog box when you try and run this cracked VBX file. Pressing OK to this dialog box will close this error message and the program will run as normal.
 
 
Ob Duh 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
 
 If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracksetc.
 
 

 
 
 Next   Return to Essay Index   Previous 
 

Essay by:          The Sandman
Page Created: 19th April 1998