The purpose of Video Rotator, as it is easy to guess from its name, is to rotate video and mirror it vertically and horizontally. In the age of mobile devices and vertical video it’s very topical. The afftars are not bypassed by a typical illness of modern programs – sharovariness. Well, we’re not proud, we’ll fix it.
We start with the distribution. Download, install, everything as usual. The installer’s size is a bit big, and we’ll see what that has to do with it later. For now, let’s run the program and see how it will respond to incorrect registration.
Let’s take a look at the executable file. It’s written in visual basics (Visual Basic, for those who don’t understand) and it’s not packaged in anything. At one time I considered visual Basic to be an absolute evil to tinker with, but it was just before the advent of dotnet ? But that’s not the point at the moment. Let’s load the file into disassembler and see where error message line appears:
.text:004926A4 test eax, eax .text:004926A6 jz loc_492759 .text:004926AC mov [ebp var_4], 0Bh .text:004926B3 mov [ebp var_80], 80020004h .text:004926BA mov [ebp var_88], 0Ah .text:004926C4 mov [ebp var_70], 80020004h .text:004926CB mov [ebp var_78], 0Ah .text:004926D2 mov [ebp var_D0], offset aInvaild ; Invaild .text:004926DC mov [ebp var_D8], 8 .text:004926E6 lea edx, [ebp var_D8] .text:004926EC lea ecx, [ebp var_68] .text:004926EF call __vbaVarDup .text:004926F4 mov [ebp var_C0], offset aInvalidCode_ ; Invalid Code. .text:004926FE mov [ebp var_C8], 8 .text:00492708 lea edx, [ebp var_C8] .text:0049270E lea ecx, [ebp var_58] .text:00492711 call __vbaVarDup
Just above two similar code fragments where comparison operations with very interesting strings are performed:
.text:00492549 lea eax, [ebp var_58] .text:0049254C push eax .text:0049254D lea eax, [ebp var_68] .text:00492550 push eax .text:00492551 call rtcTrimVar .text:00492556 mov [ebp var_C0], offset aVr8374d12cb ; Сравнение со строкой VR8374D12CB .text:00492560 mov [ebp var_C8], 8008h .text:0049256A mov eax, [ebp arg_0] .text:0049256D mov eax, [eax] .text:0049256F push [ebp arg_0] .text:00492572 call dword ptr [eax 308h] .text:00492578 push eax
.text:004925F1 mov [ebp var_88], 8 .text:004925FB lea eax, [ebp var_88] .text:00492601 push eax .text:00492602 lea eax, [ebp var_98] .text:00492608 push eax .text:00492609 call rtcTrimVar .text:0049260E mov [ebp var_D0], offset aVrsa277c5wd ; Сравнение со строкой VRSA277C5WD .text:00492618 mov [ebp var_D8], 8008h .text:00492622 lea eax, [ebp var_68] .text:00492625 push eax .text:00492626 lea eax, [ebp var_C8] .text:0049262C push eax .text:0049262D lea eax, [ebp var_78] .text:00492630 push eax .text:00492631 call __vbaVarCmpEq .text:00492636 push eax
If at least one match is found, the entered serial number is recognized as incorrect. As you can easily guess, this is a check for blacklist of compromised serial numbers. A little further below is another interesting check:
.text:004927EE lea eax, [ebp var_58] .text:004927F1 push eax .text:004927F2 lea eax, [ebp var_68] .text:004927F5 push eax .text:004927F6 call rtcTrimVar .text:004927FB mov [ebp var_C0], offset aVr1i3d4chip ; Сравнение со строкой VR1I3D4CHIP .text:00492805 mov [ebp var_C8], 8008h .text:0049280F lea eax, [ebp var_68] .text:00492812 push eax .text:00492813 lea eax, [ebp var_C8] .text:00492819 push eax .text:0049281A call __vbaVarTstEq .text:0049286E mov [ebp var_78], 0Ah .text:00492875 mov [ebp var_D0], offset aExpired ; Expired .text:0049287F mov [ebp var_D8], 8 .text:00492889 lea edx, [ebp var_D8] .text:0049288F lea ecx, [ebp var_68] .text:00492892 call __vbaVarDup .text:00492897 mov [ebp var_C0], offset aTheSpecialVers ; The Special Version Expired. Please buy .text:004928A1 mov [ebp var_C8], 8
You don’t have to be a prodigy to guess that special version of the program was once released for CHIP magazine readers and then promotional serial number was blocked as well. Altogether we have three valid serial numbers that are blacklisted. In such cases, simply erase all mentions of them from the program and replace them with some obviously trash, while the serial numbers themselves can be used for registration. We have pulled such tricks before. Let’s look for the lines with any of three serial numbers in the file:
But what is this? There are three serial numbers on the blacklist, and there are clearly more. The following serial numbers do not participate in blacklist checks: VR7341658WD, VRSAGK852WD, VRSAP0461WD, VRSA99F20WD and VRSA099T3WD. Let’s try to use one of them to see how the program responds.
That’s the kind of kitty cakes. A small list of correct serial numbers is stored in open form in the program itself. Yes, you can still see that too. The registration is stored in the file %APPDATA%vsound.dll.
Going back to the question why the installer is so big. If you look into the data folder, you will find the conv.exe file, which is nothing else but a free media converter FFmpeg. In other words, the Video Rotator program is a paid shell for starting a free program that does all the basic work. Naturally, there is no mention of FFmpeg either on the website or in the program.
pc richards cc