*
* *
*
scene.org
Log in:
login for 1 year
No account? register here

Scene.org is hosted and supported by:
Scene.org is sponsored by:
* forum - #trax

*
Topic:  A quick guide to extracting Keygen Music
* Posted by defy Tuesday 27 September 2005 - 10:58 
Required Tools:

ProcDump32 (v 1.6.2) available here:

http://pc.nanobot2k.org/Downloads/pdump32.zip

or this is the page its from:
http://pc.nanobot2k.org/?action=downloads

PE Explorer, Available here:
http://www.heaventools.com/download/pexsetup.exe

A hex editor, I use AXE available here:
http://www.jbrowse.com/downloads/installAXE.exe


NOTE:

Occasionally extracting music from a keygen is as simple as opening the .exe file with winrar as you would a .zip file, the .mod or .xm tracker file will be just sitting there in the archive for you to extract.

Most of the time this is not the case, hence the following guide.


Step 1: ProcDump

After unzipping ProcDump to an appropriate folder, run the keygen you want the music from then run procdump.exe.

When procdump opens you will see a list of running processes in the main window, listed with path and file name. One of these should be the keygen that is open.

Right click on the keygen in this list and and in the box that appears select
DUMP (FULL).

A Dialog box will appear asking you to choose a file. Just type in an appropriate file name of your choosing with a .exe extension and choose whatever directory you want, I usually use the desktop so I can find the file easily and cause I’m lazy!

Click save and and hopefully you will get a message box saying dump successful.

That’s it for procdump now onto…


Step 2: PE Explorer

Once you have installed PE Explorer, you should be able to right click on the file you saved in step 1 in explorer or just from your desktop and get an option to Open with PE explorer. If not, just run PE explorer then choose open from the file menu and open the executable that way.

Once the file is open you will see a bunch of info under a heading “Headers Info”. You need to get to the Resource Viewer/Editor. Do this by clicking on the little red, green, blue, yellow, diamond shaped icon located on the top toolbar.

Once you have clicked on this you will see a directory structure similar to explorer. Each “folder” represents a different type of resource used by the keygen (graphics, buttons, dialog boxes, icons, etc). In each folder is a list of the resource files.

Now, at this point you could find one of two situations. The easy one first:

Look for a resource directory that says something like “RC data” or “mod” or even “music”. Or a directory that does not describe any common element of a program (eg icons, bitmap, dialog etc).

Expand the directory and you will see a file name (or names). Click on the file and in the right hand frame of the program you will see a whole lot of ASCII code in blue. To know weather you have found the music file, look at the very first part of ascii text and you should see something like “Extended Module” and/or “fastracker module” or something to do with trackers and tracker files.

If you see this text then this is the file you want. Now its just a matter of right clicking the file name in the folder view, selecting save resource as then saving the file with any name you want and a .mod or .xm extension. Congratulations, you now have a tracker file ready to be played in winamp or you favourite tracking prog.

Now, if you fail to find a file that would be a music file using the above method, then things might be a little more tricky…..

STEP 3: Hex Editor

OK, so no music file with PE Explorer.

1st open a .mod or .xm file you already have in AXE or a similar hex editor.

Take note of the structure and pattern of ANSI text (frame on the right in AXE) that makes up the file. Note how the first piece of text is “Extended Module”. Also take note of how the last quarter and the end of the file looks in ANSI.

Now we are going to try to find a similar structure in the executable you tried with PE explorer. Open it in AXE.

Basically, you need to find a point in the file’s ANSI view that says “Extended Module”. Delete everything to the left and above this.

(An easy way to find To find "extended module" in the file, is just to do a rawbytes search in the hex editor for "45 78 74 65 6e 64 65 64 20 4d 6f 64 75 6c 65" which is the hex code for it.)

Now finding the end of the file you want is the really hard part. Scroll down slowly, see if you recognise similar patterns of characters from the .mod/.xm file you opened, the end will look similar too. There should be one blank row before the rest of the file continues. Delete everything including the blank row and below……

Save what is left as .xm or .mod and fingers crossed it should play. If not, it’s a matter of trial and error finding the end of the music file and deleting the rest. Look closely at other .xm or .mod files to in a hex editor to help you.

Any questions/probs email me at bender.b.rodriguez.1@gmail.com

Thanks!

[Post edited by defy on Wednesday 5 October 2005 - 5:06]

* Posted by defy Wednesday 5 October 2005 - 5:06 
Ok, sorry, had a bad link for downloading procdump.

I've found a good one and changed it now...

*