Post by £åߥ®Ñth on Dec 24, 2006 17:00:58 GMT -5
Anyone Use Trillian Here ?
It has Yahoo, ICQ,MSN,Aim instant messengers all in one.
Explaining Images:
Top image: Hex WorkShop
Bottom image: Ollydbg
This is for learning purposes only !!!!,Myself Nor This site or members in it are not responsible for anything you do with the knowledge learned from these images.
Offset location of the EXE Trillian v3.1 Trail is the Top Window in Hex editor.
The Lower Window has the offset for Trillian Pro.
What can i do with this?
Convert your trail to Pro.
14DFC , But look in the bottom of the image we see the real offset is 14E0C
14E0C ,Hmm it is not in the debugger?
Because it has 400000 added to the address. 400000+14E0C=414E0C, This is common knowledge when looking in Hex and then debugger. You have to add 400000 be cause we see in the debugger the address is much larger.
Compared:
Hex Workshop = 00014E0C
Olly Debugger = 00414E0C
Notice they are same in size ?
Moving on.
This image shows what is being done in a debugger.
Notice i have circled 74 on the opcode 7411.
Wow look at the address? 00414E0C Heh we got the bull now!
JE this is a jump instruction, There are many, je,jle,jmp,jnz and a few more.
We have a je = jump if equal.
Also at the bottom left we see i circled "Jump is Not Taken"
Also you see a grey lined arrow, this means not taken if it is grey and if it is red means it is taken.
Well we need to fix this to make it jump.
In the edit window you can see i have typed EB and this will replace 74 with EB
74 = je = jump if equal
EB = jmp = jump
So now after i save it the whole line will say.
00414E0C EB 11 jmp trillian.00414E1F then it will continue down the code to make the Pro version Run.
Now this jump is taken, Because it does not care if the instruction passed is equal to anything. It just jumps.
Saving the changes then replace the original trillian.exe with yours and Bam, We have the Pro version.
Trillian is released as a trial, But the code has both versions built right in. Pretty Stupid, on their part.
It has Yahoo, ICQ,MSN,Aim instant messengers all in one.
Explaining Images:
Top image: Hex WorkShop
Bottom image: Ollydbg
This is for learning purposes only !!!!,Myself Nor This site or members in it are not responsible for anything you do with the knowledge learned from these images.
Offset location of the EXE Trillian v3.1 Trail is the Top Window in Hex editor.
The Lower Window has the offset for Trillian Pro.
What can i do with this?
Convert your trail to Pro.
14DFC , But look in the bottom of the image we see the real offset is 14E0C
14E0C ,Hmm it is not in the debugger?
Because it has 400000 added to the address. 400000+14E0C=414E0C, This is common knowledge when looking in Hex and then debugger. You have to add 400000 be cause we see in the debugger the address is much larger.
Compared:
Hex Workshop = 00014E0C
Olly Debugger = 00414E0C
Notice they are same in size ?
Moving on.
This image shows what is being done in a debugger.
Notice i have circled 74 on the opcode 7411.
Wow look at the address? 00414E0C Heh we got the bull now!
JE this is a jump instruction, There are many, je,jle,jmp,jnz and a few more.
We have a je = jump if equal.
Also at the bottom left we see i circled "Jump is Not Taken"
Also you see a grey lined arrow, this means not taken if it is grey and if it is red means it is taken.
Well we need to fix this to make it jump.
In the edit window you can see i have typed EB and this will replace 74 with EB
74 = je = jump if equal
EB = jmp = jump
So now after i save it the whole line will say.
00414E0C EB 11 jmp trillian.00414E1F then it will continue down the code to make the Pro version Run.
Now this jump is taken, Because it does not care if the instruction passed is equal to anything. It just jumps.
Saving the changes then replace the original trillian.exe with yours and Bam, We have the Pro version.
Trillian is released as a trial, But the code has both versions built right in. Pretty Stupid, on their part.
.