Lets say.. i have a app. when i start the app.. it automaticly starts the app's "updater" wich in turn pop's up a "web login box - usr/pass" same kind that is on a password protected ftp/html pages. it gives no error messages whatsoever, when typing in usr/pass and click "ok" box still stands there.. and the updater in the background, says its still connecting to server.. btw.. the updater and app is 2 seperate .exe files

If you close login box.. the app terminates, seems there is no way around it.

my question is:
How would i go and revese engineer the .exe ? ive tried to find triggers in .exe that points to the updater..so i can turn off the update feature.. can seem to find any.
And usr/pass generator would be out of the question i think, since those are only for the updater and are stored on a server..

what would be logic to look for here?

Well, there are two options here.

1. The login screen not only looks like a web login, but IS a web login. In this case, you're screwed, because the authentication is on the server.

2. The login screen comes from the updater exe. If you don't get an errormessage, use breakpoints on win32 api functions to reverse it. If you don't know which breakpoints to set, or what win32 api functions are, it's time for you to read some more tutorials

I know for sure that it is a "REAL" web-login.. the updater triggers that when it connects to the update server..

but the main app.. dosent need internet access. so the case is that the main_app.exe ..starts/trigger update.exe to run

so what i need(i think) is some way of delete the part of code..that makes updater.exe to run... and make main_app.exe to run without it

if you are intrested.. i could share some files...

ah, ok I get it now... Yeah, you probably need to find the part where it loads the updater exe, and remove that.

yup.. what i was trying to do.. ive tried to "trap" the process(s)..but i dont see much clues there..

W32DSM to look at code...with no luck.. im just out of ideas what to search for..

+my lacking skill..hehe

Another problem you may face, one that I ahd to deal with in the past. Lets say that this weblogin has a server side authentication process, whch it sounds like it does. Chances are that the authentication has some sort of return value, or basically a message saying "ok this guy is legit". In that case not only do you need to remove the actual web portion, but simulate the responce from the server, which is quite tricky for a few reasons. The one I came in contact with (I wont be naming names but a large piece of software) has a 512 bt key that is generated from the username password confirmation, of which a copy is in the database and checked upon, if the entry is not found, nothign happens and the app closes. If the entry is found, it returned the key, and the program discected it and used certain portions, discarding others. The point to the story is that I never cracked said software because of the online authentication was something of a black box with not enough input and output to really give me enough information to simulate the responces.

i just hope they didnt go trough all that security ..for a game that sells for approx 50$


btw.. im still stuck.. so advice and guidance is welcome

bumping

I have yet to see some sort of code to which this authentication process works with, I'm sorry but I cannot read minds.

ack..