Tools needed:
� Ollydgb (http://www.ollydbg.de/)
to patch the program and run it.
Summary:
What we are going to do is to modify Deep Freeze to accept any password as a valid one. This version has a "improved" password validation routine, so we'll have to patch Deep Freeze service too.
Let's get to work:
1. We must get inside Deep Freeze code, but to do that we need debug privileges. This right is granted to the administrator by default, but Deep Freeze removes it to prevent someone from doing what we are going to do. To restore this privilege get inside Windows 'Control panel', access the 'Administrative Tools' and choose 'Local Security Policy" (or run SECPOL.MSC from a command line).
2. On the left tree expand 'Local Policies' and then 'User Rights Assignment'. On the right tree double click over 'Debug programs'.
Note:
The name of the policies can vary according to your system idiom.
The name of the policies can vary according to your system idiom.
4. To make the changes take effect you have to end the user session and login again. Usually you can end the session by pressing CTRL+ALT+DELETE and choosing the right option.
- Note:
Instead of ending your session you can use the command runas to run Ollydbg. ie: runas /user:MiNombre ollydbg.exe
Note:
If you receive an error message after pressing Attach you probably made a mistake in the previous steps.
If you receive an error message after pressing Attach you probably made a mistake in the previous steps.
6. Right click over the code and a context menu will appear, select 'Go to' and then 'Expression' (or use the shortcut Ctrl+G).
7. In the text box enter 418973 and press OK. The program will jump to that line of code.
8. Here's the first password control. With the line selected right click over the code and then click on 'Assemble' (or press the space bar). A new window will show up.
9. In the window clean the text box and enter NOP. Make sure the box 'Fill with NOP's' is checked and then click the 'Assemble' button. Now close the window.
10. Press F9 to resume the code execution.
11. Now run another instance of Ollydbg. On the menu 'File' select 'Attach'. Click on the process with the name 'FrzState2k' and then press Attach. If a warning message is raised dismiss it.
Note:
Don't close the other instance of Ollydbg. If you do it you'll have to reboot the computer and start all over again.
Don't close the other instance of Ollydbg. If you do it you'll have to reboot the computer and start all over again.
13. In the text box enter 403860 and press OK. The program will jump to that line of code.
14. This is the line from where the password verification procedure is called. Let's set a breakpoint here. To do that right click over the line and in the context menu select 'Breakpoint' and then 'Toggle' (or press F2).
15. Press F9 to resume the code execution.
16. Now activate the login program by double clicking over the icon while you keep the shift key pressed or by pressing CTRL+ALT+SHIFT+F6. The login window will appear asking for the password. Write anything in the password box and press ENTER. The breakpoing we set earlier in Ollydbg will activate and the login program will freeze.
17. On Ollydbg press F8 to step over the function call. On the registers window (to the right of the code) you'll see that EAX register has the value 00000000. That means the password is incorrect, let's change that. Double click over the value of EAX to open the modification window. In the 'Hexadecimal' text box write 1 and press OK.
18. Now press F9 to continue. If everything went right the Deep Freeze configuration dialog will show up.
This is important knowledge for every computer user. free antivirus download
ReplyDeleteHey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you. dark web sites
ReplyDelete