April 1998
A cracking template for OCX & VBX's! 
Win'95 Code Reversing
by The Sandman 
Code Reversing For Beginners 
Program Details
Program Name: VSocx6.ocx
Program Type: VB4/5/6 add-on
Program Location:  Videosoft.com 
Program Size: 243,200 Bytes
Packed using: N/A 
Tools Required:
Any DOS/WIN Hex Editor!
Easy ( X )  Medium (    )  Hard (    )  Pro (    ) 
There is a crack, a crack in everything, that's how the light gets in.
How *NOT* to crack an ActiveX Control!
(See Es74.html for the correct way!)
Written by The Sandman
VSOCX6 is a Micro$oft Visual Basic V4/5 add-on that allows programmers to add 3D effects, auto-resizing of screen fonts etc in their programs with little or no extra coding.
I will mention Videosoft's other products here because they too can be 'cracked' ( I use this term loosely as you will see later ) using the method described below.
VSVIEW3.OCX  - A general purpose printer add-on that is by far the best I've ever seen. Uses RTF strings to create professional reports.

VSFLEX3.OCX  - Allows the User to manipulate Micro$oft Access databases to produce complicated sorts and filters on the raw data itself. Has a built-in SOUNDEX feature that is a treat to use.

VSSPELL.OCX -  Allows you to use a spell checker within your Visual Basic programs.

There are many others besides the ones listed above.

The reason why I've mention all of these is because:-
    1. They are all Shareware products.

    2. Are all fully functional with nothing crippled.

    3. They all start-up with a single nag-screen.

    4. They all use the SAME method to display this nag-screen!.

Please Note:

OCX files are used solely in Windows '95 and above, they come in 16 bit and 32 bit flavours.  VBX files on the other hand are 16 bit add-on files for use with VB3 and below and are primarily for use under Windows 3.1.
The Essay 
For this tutorial the only tools you will need is a hex editor, I prefer Norton Disk Editor but you can use any hex editor, even a DOS one!.

Once I've explained how to defeat the nag-screen you can then use this method any ANY OCX or VBX add-on that also uses this Shareware method for displaying nag screens! One other product that comes to mind that also uses this method is the 'Early Morning Editor' that allows VB4 programmers to incorporate Word Processing features such as Search, Edit, Replace, Count etc into their VB3/4 programs.

I will first explain how to disable the nag-screens within these OCX & VBX files then explain some interesting notes about this 'crack'.

For this example I will assume you have installed VSOCX6.OCX but the same principle applies to all of the above products.

    1. Open up C:\WINDOWS\SYSTEM\VSOCX6.OCX using your favourite Hex Editor,
    Hex Workshop is a good choice to use but if you don't have this
    then any hex editor will do.

    2. Use the option: Search and type in the following hex codes:

    80 00 4F 00 B4

    3. What you should find is that your hex editor has found this hex string right in the
    code that deals with the nag screen text.

    4.  Now change the first byte '80' into '00' so that it now shows:-

    00 00 4F 00 B4

    5. Save changes to the OCX file.

That's it!. Once you use this OCX file in the VB design environment or in a run-time environment no nag screen will appear!.  The OCX file can now be used and distributed as though it has been registered.* See Final Notes *
Crack Loader 

This Crack Loader was generated using RTD's Patch Making Engine V2 simply
because it was quick and easy to use..:)  Thanx guys.

code            segment byte public  
                assume  cs:code, ds:code  

                org     100h  


       mov     dx,offset logo          ; Show your logo  
       call    write                   ; write the message  
       call    open_file               ; Guess what ?  
       mov     filehandle,ax           ; Put the filehandle in "filehandle"  
       mov     dx,offset fsize  
       call    write                   ; write the message  
       call    check_size              ; Check the current filesize  
       mov     di,offset data          ; Point di to data table  
       mov     si,offset ofs           ; Point si to offset table  
       mov     cx,1                    ; Loop ???? times  
       mov     dx,offset crackfile  
       call    write                   ; write the message  

       push    cx                      ; Save cx  
       call    seek_file               ; Seek in the file  
       call    read_file               ; Read one byte and compare  
       call    seek_file               ; Seek again (back)  
       call    write_file              ; Write the byte  
       add     si,4                    ; Add 4 to si 2*sizeof(word)  
       add     di,2                    ; Add 2 to di 2*sizeof(byte)  
       pop     cx                      ; Bring cx back  
       loop    crackit                 ; Loop Crackit  
       mov     dx,offset cracksucc  
       jmp     short goback  

       mov     dx,offset alreadycrk  
       jmp     short goback  

       mov     dx,offset sizemismtch  
       jmp     short goback  

       mov     dx,offset erroropen  

       call    write                   ; write the message  
       call     close_file             ; Close the file  
       mov     ah,4Ch                  ; Jump back to the operating system  
       int     21h  

       proc    near  
       push    ax  
       mov     ah,9  
       int     21h                     ; Display String  
       pop     ax  
Write  endp  

      proc    near  
      mov     ah,3Dh  
      mov     al,2                    ; open file function 3Dh  
      mov     dx,offset filenaam  
      int     21h  
      jb      error  
open_file endp  

      proc near  
      mov     ah,3Eh                  ; close file function 3Eh  
      mov     bx,filehandle  
      int     21h  
close_file      endp  

      proc near  
      mov     bx,ax  
      mov     ax,4202h  
      xor     cx,cx                   ; Check the filelength  
      xor     dx,dx  
      int     21h  
      jb      error  
      cmp     ax, lowsize             ; (Lowbyte)  
      jne     size_mismatch  
      cmp     dx, highsize            ; (Highbyte)  
      jne     size_mismatch  
check_size      endp  

      proc near  
      mov     ah,3fh  
      mov     bx,filehandle           ; read file function 3Fh  
      mov     cx,1  
      mov     dx,offset readbyte  
      int     21h  
      mov     ah,readbyte  
      cmp     [di],ah                 ; Compare patched bytes  
      jne     already_patched  
      jb      error  
read_file       endp  

      proc near  
      mov     ah,40h  
      mov     bx,filehandle  
      mov     cx,1                    ; write file function 40h  
      mov     dx,di  
      inc     dx  
      int     21h  
      jb      error  
write_file      endp  

      proc    near  
      mov     ah,42h  
      mov     al,0  
      mov     bx,filehandle           ; move file ptr function 42h  
      mov     dx,[si]  
      mov     cx,[si+2]  
      int     21h  
      jnc     here  
      jmp     error  

seek_file       endp  

filenaam        db      'VSOCX6.OCX', 0  
filehandle      dw      0  
lowsize         dw      46592  
highsize        dw      3  
readbyte        db      0  

       db      'þ OPENiNG FiLE : ','$'  

fsize           db      'OK!',0Dh,0Ah,'þ CHECKiNG FiLESiZE : $'  
crackfile       db      'OK!',0Dh,0Ah,'þ CRACKiNG FiLE : $'  
cracksucc       db      'OK!',0Dh,0Ah,'þ PATCH SUCCESSFULL!',0Dh,0Ah,'$'   
alreadycrk  db 'Opps!',0Dh,0Ah,'þ FiLE ALREADY PATCHED OR DiFFERENT!',0Dh,0Ah,'$'  

sizemismtch db 'Opps!',0Dh,0Ah,'þ FiLE iS PACKED OR WRONG VERSiON!',0Dh,0Ah,'$'  

erroropen   db 'Opps!',0Dh,0Ah,'þ CAN', 027h,'T OPEN FiLE !!',0Dh,0Ah,'$'  

ofs             dw      57256 , 2  
data            db      128, 0  
code            ends  
                end     start 

Final Notes 

 There are two things worth mentioning here regarding this kind of hack.

    1. Since we've now disabled the nag-screen the 'About Box' for this OCX file will now no-longer be shown in the Visual basic design environment because it too uses the same nag-screen dialog resource we have just disabled.

    2. If you run a program that uses a 'cracked' VBX file in Window's '95 then for some reason Window's '95 will display a bogus 'OUT OF MEMORY' dialog box when you try and run this cracked VBX file. Pressing OK to this dialog box will close this error message and the program will run as normal.
 Final Note: This lame tutorial explains how *NOT* to reverse this type of control,  for the -correct- way see Essay No74.
Ob Duh 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
 If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracksetc.

 Next   Return to Essay Index   Previous 

Essay by:          The Sandman
Page Created: 19th April 1998