About this tutorial:
Tutorial:How to skin Winamp Skin Maker 1.2(Skinner)
Target:Winamp Skin Maker 1.2(http://members.tripod.com/ajie_g/skinner.htm)
Tools:SoftIce 3.24(this is a good software, worth buying)
Date:25th of December 1999
Descriptions&Comments:This is a program which can produce skin for the ever so popular media player-WinAmp. Can be said as a companion pack for WinAmp. I choose this as my target mainly because it is simple to fish a serial out of this program and since WinAmp is now freeware, so should the companion pack, hehe.
Copyright information:This tutorial is copyright © 1999 ManKind

Starting words:
Hello,welcome to my tutorial. I am ManKind, a newbie in cracking who want to share my cracking skills with other newbies. Contact me at mankind001@bigfoot.com

The process:
Today, I am going to teach you how to fish a serial out of this little(should I say nice and great?) program. Start the program, no nag, no expiration notice or other annoying stuffs(you should buy this, since the author is really a kind and polite(for not nagging) person). Open the About screen, press the Register button, a small register window pop up almost immediately. Fill in the text field of the register window with something fake like I do below:

Reg. #:23199981

Go into SoftIce, set a breakpoint on getdlgitemtexta like below:

bpx getdlgitemtexta

Leave SoftIce, press the OK button, SoftIce will pop up, press F5 once to let it read our data in the second text field, press F11 once to go back to the code which called the getdlgitemtexta function. You will land in the following code:

:00406D92 LEA EAX,[ESP+0C]

Continue pressing F10 until the white line of indicator of SoftIce land on the following code:

:00406DEB CMP EDI,EBX; edi=fake code, ebx=real code

To view the correct registration code for your name, use the following command in the above line:

? ebx

For my name, I got the following registration code:


Disable the breakpoint by using the below commands:


Try the registration code, no messagebox and the about box shows that it is registered to your name. That's all for now. As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.

Extra notes:
Well, the year 1999 is coming to an end now. I am not sure whether I can access internet next year, I am not sure whether my computer will work in the year 2000, I am not sure whether I can continue cracking next year and I am also not sure whether cracking will be the same anymore next year, so, I will like to grab the time available now to produce something useful. Once I have contributed those useful things, I will never regret at all even if I can't involve myself in the scene again next year. I do hope to see you guys and gals again, anyway, let the GOD decide for us.

Thanks to:+ORC, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, Crackz, cLUSTER, LaZaRuS, mrfanatic, yes123, WhizKiD, Volatility, Acid Burn, Eternal Bliss, R!SC, MisterE, Shadow, tCM and other crackers and individuals who provide me with their tutorials and tools.

Greetz to:HarvestR, tKC, ytc_, Kwai_Lo, Punisher, TORN@Do, cLUSTER, LaZaRuS, mrfanatic, Shadow, Eternal Bliss, R!SC, yes123, MisterE, WhizKiD, Volatility, Acid Burn, DSi, other cracking groups and all crackers.

Service for ManKind

e="Arial" color="#000000" size="-1">Prepare To Crack: 

After starting WinEye up, right click on the eyes in your system tray, and choose "Properties", then choose the "Registration" tab.  We need to enter a name and code. 

Our favorite methods for trapping serial numbers in Soft-Ice are GetWindowTextA and GetDlgItemTextA, so let's try those first.  To save you time, we need GetWindowTextA.

Making The Crack: 

Enter your user name and some dummy data for the code.  Press Cntrl+D to enter Soft-Ice.  Set a breakpoint on GetWindowTextA (BPX GETWINDOWTEXTA).  Press Cntrl+D again to exit back to the program.  Click on "OK".  Soft-Ice will pop up.

Now, if we think about it, the function will be called twice -- once for the user name, and once for the code.  So, the first time Soft-Ice pops.  Press Cntrl+D once, and you'll be back in Soft-Ice.  Press F11 once to exit the code, and you should be here:
0137:0041ED7C  FF15A0A94300             CALL    [USER32!GetWindowTextA]
0137:0041ED82  8B4D10                   MOV     ECX,[EBP+10]       :ECX will hold your user name
0137:0041ED85  6AFF                     PUSH    FF
0137:0041ED87  E8B37EFFFF               CALL    00416C3F           :call routine to process your user name
0137:0041ED8C  EB0B                     JMP     0041ED99
0137:0041ED8E  8B4510                   MOV     EAX,[EBP+10]
0137:0041ED91  FF30                     PUSH    DWORD PTR [EAX]
0137:0041ED93  56                       PUSH    ESI

You could now display the user name you entered by pressing F10 to step through the line "CALL    00416C3F", and typing d ecx.

This part of the code isn't interesting though, so we need to keep stepping until we find something that does look useful, like a compare (CMP, TEST) and jump (JE, JNE, JZ, JNZ etc).  You'll find it here:
0137:004048FA  8D8D8C000000     LEA     ECX,[EBP+0000008C] :ECX will hold the code
0137:00404800  E88B190000       CALL    00406290           :call function to calculate code
0137:00404805  84C0             TEST    AL,AL              :compare your code to valid one
0137:00404807  0F8584000000     JNZ     00404991           :jump to unregistered if no good
0137:0040480D  6A00             PUSH    00
0137:0040480F  6A00             PUSH    00
0137:00404811  8D542418         LEA     EDX,[ESP+18]
0137:00404815  682D010000       PUSH    0000012D

Now, to display your code, just step through the line "CALL    00406290", and display ECX by typing d ecx.

*** Disclaimer ***
This Essay Is For Knowledge Purposes Only. Neither We, Our ISP, Nor Any Persons Mentioned Shall Be Held Liable For Any Damages Improper Usage May Cause To Your Machine.

If You Successfully Crack A Program, You Must Delete It Immediately. If You Want To Keep The Program, Please BUY It! Support Shareware, This Is Our Learning Tool!

It Is Illegal To Continue To Use Cracked/Patched Software.

Copyright © 1999 Volatility And The Immortal Descendants. All Rights Reserved.
ourier"> :004FF75B 8BD8