Search This Blog

Loading...

How To Unfreeze DeepFreeze?


How To Unfreeze DeepFreeze?

Preface:
The author didn't responsible of any damages or data loss related to the implement of this tutorial. This tutorial purposes to who wants learn and for education only, not for criminal.

This tutorial will solve how to disabling/unfreeze DeepFreeze version 4.20.020.0598, 4.20.120.0598, 4.20.121.0613, 5.20.220.1125 and 5.30.120.1181 that are running on OS Windows 2K/XP.

Commonly, DeepFreeze has active application on computer that still "Enable", and if we want to change the DeepFreeze setting, we must log on to Config menu that protected by password. There are many ways to unfreeze this application :

1.Using bootable disk to move the DFSERVEX.EXE file on path c:\progra~1\hypert~1\deepfr~ to another disk.

2. Using Disassambler to patch File Frzstate(2K).exe. This tutorial will solve the 2nd.

Tools requirement :

  • 1.Ollydbg 1.10 > http://www.ollydbg.de/
  • 2.Process Explorer > http://www.sysinternals.com/
  • 3.Ollyscript > http://ollyscript.apsvans.com/
  • 4.ASPack 2.12 OEP finder script by hacnho/VCT2k4 > http://ollyscript.apsvans.com/

Step by step :

  • 1. Execute Process Explorer, watch the running Frzstate.exe or Frzstate2k.exe application, right click to see the properties. Write Command Line Properties that content program path and lasst 3 digit. For example : : C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe 1 1066917 0 <--- last 3 digits 2. Execute Ollydbg 1.10 and open Frzstate(2k).exe by the path that was written. Donf forget to enter last 3 digits on Arguments column.

  • 3. There is warning box, just deny it, click no.

  • 4 Run Plug-in OllyScript by browse on menu Options>Appearance>Plugi-in Path

  • 5. Run Script EOP on menu Plugins>Run Script>Ollyscript, define the path from EOP scrip, click open.

  • 6. And then the script will open the real code. Watch carefully, is there any icon display on system tray? If not, righ click on code window, choose Go to>Expression, input these values :

version 4.20.020.0598 > 40A2BE

version 4.20.120.0598 > 40A2BE

version 4.20.121.0613 > 409F4A

version 5.20.220.1125 > 40FC4A

version 5.30.120.1181 > 40FC4A

and click ok. The program will jump to its line. Right click, choose Assemble, input the column with NOP expression. Don't forget to checklist Fill with Nops, click Assemble.

  • 7. Back to the code window, Right click to choose Go to and fill with these values :

version 4.20.020.0598 > 40368D

version 4.20.120.0598 > 40368D

version 4.20.121.0613 > 4034F5

version 5.20.220.1125 > 4037E9

version 5.30.120.1181 > 4037E9

click ok. Program will jump to its line. We will make a BreakPoint in here.

  • 8. Right click choose Breakpoint>Toogle, press F9 to execute its line. If it's right, it will show 2 icon Deepfreeze on system tray. Choose one icon and press Shift+double click or ctrl+Shift+Alt+F6 to open the Login DFreeze Form.

  • 9. If the icon that we choose is right, therefore the Login Form is like "Freeze". Back to the code window on Ollydbg, press F8 and see the register window at right side, replace the value register EAX with value 1 (on hexadecimal) by double click on that register,(value 000000000 is the value "False" for checking password)

  • 10 Press F9 to execute the program again, if it's right, therefote we will ger a config firm from DeepFreeze.

References :
  • 1.http://usuarios.arnet.com.ar/fliamarconato/
  • 2.http://webs.uolsinectis.com.ar/c_delgado/

Leave Comment:

0 Comment to “How To Unfreeze DeepFreeze?”

Post a Comment

Term of Service

The information, services and products available to you on this Website may contain errors and are subject to periods of interruption. I am not responsible for any inaccurate content, whether it is caused by Users or by any equipment or malfunction related to Site Services. Moreover, I am not responsible for the functioning of any of the links to related websites (including ease of downloading programs, procedure to follow in order to buy any item}.For requesting password contact me.