Cracking MS-FrontPage 98 Beta2
(Is Micro$oft kidding?)

by TWD

(15 October 1997)

Courtesy of reverser's page of reverse engineering

Well, the question posed here by TWD (among others, I had quite a lot of letters about this) is a serious one: Are our enemies at Micro$oft just 'faking' protections, and in the reality intend to GIVE AWAY FOR FREE their software in order to destroy all competition?
Well, as you will be able to read more thoroughly in the main project 9 page... WHO CARES WHAT THEIR 'clever' STRATEGIES are... We'll deprotect ALL Micro$oft programs, wherever they appear, whatever they use as a protection scheme... and if the road to success is to give away for free software, that suits us... good luck Billy! Either you give it out for free (which is nice) or we'll strip off its protections anyway (wich is also nice). Of course (cela va sans dire) we will never use your buggy overbloated software... we have not yet been lobotomised :-)

And now enjoy this quick crack by TWD and mail it to any luser that might eventually contemplate the possibility to buy FrontPage98... which he would not need anyway, since this target is now given away in its complete and unprotected version by Micro$oft itself...

         Cracking MS-FrontPage 98 Beta2

First, sorry for my bad English.

I came to Reverser's page and had a look to the "Anti-Micro$oft"-project. 
There were a lot of cracks for the MS-FrontPage. But they were very

Cracking FrontPage is too easy to talk about it. 
This protection scheme deserves the next "Stupid protection" - award.

If I know that a program expires after some time, the first thing I do  
is to set a breakpoint to "GetLocalTime" using my beloved SoftIce 
(ver 3.1) and therefore:

>    bpx GetLocalTime
>    bl
>    00)   BPX KERNEL32!GetLocalTime

Now I start the FP-Explorer. 

SoftIce first pops up in the "MSVCRT.DLL", but this is not the right 
Than we have breaks at "MSVCRT20.DLL" and the Explorer.
But the fourth time we come back to "MSVCRT.DLL". When we leave the 
procedure we come to "MFC42.DLL". and if we leave this procedure too, 
we are inside the deep waters of "FP30CUTL.DLL". 
The way to accomplishment is long, so we have to
step through some lines of code and come to :

:67B2CD1D 3BC3          cmp eax,ebx          
:67B2CD1F 0F85A4010000  jne 67B2CEC9                first jump to the exit
:67B2CD25 395DC4        cmp dword ptr [ebp-3C], ebx   
:67B2CD28 0F859B010000  jne 67B2CEC9                second jump to the exit
:67B2CD2E 51            push ecx
:67B2CD2F 8B4DDC        mov ecx, dword ptr [ebp-24]

The first jump is used if the time is over. The second jump is used 
if FP-Explorer expired some time ago. The only thing to do is to NOP 
both jumps or to change the first jump into "jmp 67b2cd2e" and some
other NOPs.
Now FP-Explorer and FP-Editor will work till you delete them.

It is a nice goal to damage Micro$oft, I'm trying this since I'm 
cracking. The Micro$oft - protections are too silly to protect a
It took me 3 minutes to crack MS-FP 98 and another 5 to create a
I think they do not intend to protect really their programs, because 
if they would, they would implement much tougher protections. 
I conclude that they want to spam the earth with their silly, fat 

(c) by TWD in 1997

mailto :

(c) TWD 1997. All rights reversed
You are deep inside reverser's page of reverse engineering, choose your way out:

redBack to Project 9
redhomepage redlinks redanonymity +ORC redstudents' essays redacademy database
redtools redcocktails redantismut CGI-scripts redsearch_forms redmail_fravia
redIs reverse engineering legal?