+======================================================+
| PE Loader with Self Learning Ability by c0rdat ^Ind. |
+======================================================+
+----------+
The | A ny |
| B uild |
| E nabled |
| L oader | project.
+----------+
Platform: Win 9x,Me,NT,2000,XP
Language: English
contact: [email protected]
---------------------------------------------------------------------
Personally, I hate cracks and loaders that work wih only one build of target program. If I download application xx ver.1.8 and I find crack for "xx ver.1.8" on the Internet, I expect crack to work. Unfortunatelly, this is not always the case. Sometimes (especially when software developer updates trial versions frequently) only the keymaker can be used, because it's practically impossible to download the same build of application that someone used to create crack.
There is a possibility of creating 'search and replace' crack, but it's not very popular, because:
a) target application cannot be packed wih any exe-packer to apply the patch. More and more software developers use exe-packers to make cracker's life a bit harder ;)
b) high-level-language compilers try to optimise compiled code by using different processor registers 'one by one'. It means that the same (in a source language) procedure can produce different machine code after compiling, depending on... weather, time of day and amount of beer drinked by the author before compilation ;).
That's why I started the ABEL project (Any Build Enabled Loader). Presented loader can 'learn' the new version of application if there were no changes to the protection scheme. Loader uses smart search technology, and (in most cases) isn't sensitive to build-to-build changes in machine code.
---------------------------------------------------------------------
FAQ:
Q: What is a loader afterall ?
A: A loader is a small program (sometimes called 'process patcher') which is able to load another program and make some changes in it's code IN MEMORY (after loading and unpacking, if .exe was packed).
Q: What is the use of loaders ?
A: Sometimes program you are cracking is packed (with exe-packer) or even encrypted. It un-packs directly in memory, after loading. Normal 'crack', which attempts to change program code 'on disc' is useless in that case. Loader first loads the target program into memory, then waits until unpacking process is done (there are 3 ways to make sure that unpacking has finished), and then changes the program code BEFORE it is executed... voila: program cracked.
Q: There are planty loaders in internet, who needs another one ?
A: This loader is unique. It has Self Learning Ability (quite simple idea, I don't really know why everybody don't use it) that allows loader to modify itself when target program version changes (i.e. user updates his version). Of course it's possible only if the security scheme doesn't change.
Q: OK, so how does it work ?
A: Loader attempt to load target program and check if program version matches the characterisitic bytes (included in loader file itself). In case of perfect match, it modifies the target program code to fool it's protection procedures ('cracks' it) IN MEMORY. If match is not 100%, loader attempts to 'learn' the new version of target program, by searching the new locations of characteristic byte sequences.
ATTENTION:
During the learning process, target application must be loaded and running (check taskbar). If application says e.g. 'Trial expired' and after clicking 'OK' just exits, DON'T CLICK OK. If target application crashes and Windows says 'Unrecoverable application error...', DON'T CLICK OK EITHER. Let it wait with that message visible. Give loader a few seconds, and it will pop-up. Don't let target application terminate when learning process is in progress (this will surely cause a 'crash'). The learning process can take several minutes (depending to PC speed and number of patches required to target application) so be patient. When learning is finished loader will pop-up with a message.
After learning, discovered adresses are then written down to a .lrn file. If characteristic byte sequences can't be found, you'll have to get loader for newer version. If they are found, when you run loader next time, it will load a set of discovered addresses from a .lrn file, and then patch the target program, using them. Learning process will be repeated every time you update the target application.