Help with pop-cap games

[Bluemagica]

I am a newbie.I tried to remove the time trial by disassembling in W32Dasm but I get no String or Imported Functions listing. What do I do?

[parabytes]

it might be packed or a VB program.

check out http://www.peid.has.it/ for the signature...

[Bluemagica]

Fantastic! but I recomend you to actually see the problem. IT CANNOT BE UNPACKED WITH A ACTIVE DEBUGGER IN MEMORY.

[parabytes]

1) turn off any kernel debugger (like softice) you might running
2) find out which packer is used
3) find the right method how to unpack it. usually, they explain how to bypass the debugger checks.

because you know, eventually.. the code has to run to find the debugger.
and the debugger can always change the code.
so you can always make it think there is no debugger around your system.

[Bluemagica]

I am using ProcDump and trying to disassemble [censored] from [somesite].com. Tell me How can I exactly find out which encryption is used. Or better yet Tell me step-wise just how do I un-pack and un-un-pack it.

[parabytes]

look, i edited your post because no body really cares what program is that.
if you want this program so badly, pay for it.

if you want some help, do what i told you to do.
get peid from the link above, find out what packer is being used, and then go ask your new best friend (google) about how to unpack it.

we like to help, but we don't like spoonfed people. got it ?

[Bluemagica]

Look, I have already tried that, as I am a newbie I don't understand everything.When I selected the file and ran it, it showed:
ep section: .text
[others]
Nothing found [overlay]*
How do I find the encryption?

P.S I dont want the software I just want to crack it;)

[thorpe]

Just a little hint, you have to show more effort before someone is willing to help you. You pressing "scan" on a program doesn't do it. Have you tried hiding your debugger with the numerous plugins for olly? Have you looked for any additions to the pe? Have you tried the OEP find function in PEiD and see if it matches with what olly loads up in the beginning?

These are some things you need to look into

[Abe+!_D_Omni]

Try..... Doing a search for pop-cap tutorials. (On LimeWire or Google)
I found tutorials on all of the games.
The fun in hacking is the learning ^_^
It takes time & patience

-={ Abe+! }=-

[Bluemagica]

Alright I tried out your suggesions but nothing seems to work.Try to Give me suggesions regarding ProcDump as i am using that.

Now lets assume that this software was packed with a completely custom Encryption which ProcDump can't recognise. So how do I unpack it???
by the way I tried out 5 different unpackers but in vain.

[stingduk]

heh it seems you dont google right there are really complete tutorials on this popcap crap including one with target name included and from what i read it seems it is almost byte patching crap also there are numerous hits
as to the protection company that authored the mark protection and big threads in almost all reversing boards

[Abe+!_D_Omni]

I strongly recomend lookin through this great site

http://fravia.com/

You NEED to learn some advanced searchin methods
It's not that hard to find a tutorial on most programs, if you look in the right place

But if you still cant find a tut try...
http://www.absolutelock.de/construction/releases.html
For all your un-packing needs

-={ Abe+! }=-

[Abe+!_D_Omni]

Couldnt find a comlete tutorial, but this forum has info on the keychecks.
U may need to register, but it has a huge forum
(If the link wont work, its in the 'chalenge' forum)

http://woodmann.com/forum/showthread.php?t=7093

PM me n let me know how u get on

-={ Abe+! }=-