Access Violation When Exporting Successful Sublime Crack

[Matriplex]

I've been working on reverse engineering Sublime Text 3, and I got a crack working in which I change a single JNZ to JMP and changed an instruction to set a byte in memory (which is the byte that the program references to see if it's registered) to 1 (this could be any value I guess, other than zero). This actually works perfect while I'm in the debugger; sublime starts up just fine and is registered under an unlimited user license. However, when I export it the program crashes. When I open the dump file up with Visual Studio, it says that there's an Access Violation when trying to write to that specific bit of memory that I changed the program to write to. Why would this be happening if it works fine in the debugger?

Thanks, and if I need to elaborate on anything (I probably do..) please ask.
I'm pretty pumped as this is my first real reverse engineering of a popular program, and I'd like to be able to finish the job.

[p_2001]

You need to rebuild your pe file.  Basically you're changing stuff in your exe and certain data structures need to be updated.

Google it.

There can also be in built protection against cracking and maybe the debugger is getting detected and the program presents a different code path.
Use debugger hiding plugins when you patch a file.  There are many ways to detect debugger and it's better to use such plug in.

[Matriplex]

Awesome, thanks. I'll look it up when I get home and see if I can get the crack to export successfully. I'm already using an ti detection plugin, so it must be the PE. Thanks for the help, I'll post if it worked + a download if anyone is interested.

[Matriplex]

Not sure if this qualifies as a double post, I guess physically it does, but maybe not "theoretically" because it's a bit of an update. Feel free to merge the post with my previous one Kulver/whomever.

It was late at night when I finally found the right section of the code, and I implemented a quick and dirty hack now that I look at it. All I really had to do was change an instruction right before that part which incremented the AL register which was at FFFFFFFF so basically it overflowed and returned to 0, and then set the byte in memory to AL next instruction. The only thing that was required to crack it was to either NOP that command or replace it with DEC instead of INC and it worked fine. Funny how a commercial program was so easily reverse engineered. Here's a download to the cracked binary if anyone's interested, just replace your sublime_text.exe with this (just to look around in I guess, I'm not using the crack, it was purely for testing my abilities): http://upload.evilzone.org/download.php?id=5643574&type=zip

Edit: it's build 3065, x86. Also, are there any other commercial programs I should look into for practice?
Edit 2: Just cracked sublime 2 as well, the method was almost the exact same. I feel kinda sad for their devs, they're probably losing a lot of money from this if me, a beginner, can do it.

[Architect]

Could be a copyright protection thing built in by the devs of ST3. The code could rewrite itself when a certain set or sets of code are changed that would allow reversing and getting an unlimited user license. But that would take a lot of work on their part and it would be easily detectable with trivial debugging. Most unlikely but not improbable?


Also, it would be nice if there were a x86_64 version of the crack but, as they say, "beggars can't be choosers."

[Matriplex]

Yes, I've heard of self modifying code but as a newbie I haven't gotten into it that much. Suppose that's my next thing to learn about RE. Then on to TLS Callbacks I guess? I've been following this site (http://thelegendofrandom.com/blog/sample-page) and it's been so helpful.

I used Olly for this one, which can't debug 64 bit programs (at least from what I've tried). But doing it in IDA shouldn't be difficult, I just have to spend enough time learning how to use it. I can release a 64 bit crack for sure, just gimme a day or two to learn how to use IDA.

You know what would be ironic? If I/someone cracked IDA Pro. I'm sure it's happened, it would be pretty funny.

[p_2001]

Sublime has unlimited trial which is why I ruled out any self modifying stuff.
Op, take a look at lena's reversing tutorials if you need good practice.

[Matriplex]

Will do, I've heard lots about those tuts and all of it has been praise, thanks.