Hello,welcome to my tutorial. I am ManKind, a newbie in cracking who want to share my cracking skills with other newbies. Contact me at email@example.com
Go into SoftIce, set a breakpoint on getdlgitemtexta like below:
Leave SoftIce, press the OK button, SoftIce will pop up, press F5 once to let it read our data in the second text field, press F11 once to go back to the code which called the getdlgitemtexta function. You will land in the following code:
:00406D92 LEA EAX,[ESP+0C]
Continue pressing F10 until the white line of indicator of SoftIce land on the following code:
:00406DEB CMP EDI,EBX; edi=fake code, ebx=real code
To view the correct registration code for your name, use the following command in the above line:
For my name, I got the following registration code:
Disable the breakpoint by using the below commands:
Try the registration code, no messagebox and the about box shows that it is registered to your name. That's all for now. As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.
Well, the year 1999 is coming to an end now. I am not sure whether I can access internet next year, I am not sure whether my computer will work in the year 2000, I am not sure whether I can continue cracking next year and I am also not sure whether cracking will be the same anymore next year, so, I will like to grab the time available now to produce something useful. Once I have contributed those useful things, I will never regret at all even if I can't involve myself in the scene again next year. I do hope to see you guys and gals again, anyway, let the GOD decide for us.
Thanks to:+ORC, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, Crackz, cLUSTER, LaZaRuS, mrfanatic, yes123, WhizKiD, Volatility, Acid Burn, Eternal Bliss, R!SC, MisterE, Shadow, tCM and other crackers and individuals who provide me with their tutorials and tools.
Greetz to:HarvestR, tKC, ytc_, Kwai_Lo, Punisher, TORN@Do, cLUSTER, LaZaRuS, mrfanatic, Shadow, Eternal Bliss, R!SC, yes123, MisterE, WhizKiD, Volatility, Acid Burn, DSi, other cracking groups and all crackers.
Service for ManKind
e="Arial" color="#000000" size="-1">Prepare To Crack:
After starting WinEye up, right click on the eyes in your system tray, and choose "Properties", then choose the "Registration" tab. We need to enter a name and code.
Our favorite methods for trapping serial numbers in Soft-Ice are GetWindowTextA and GetDlgItemTextA, so let's try those first. To save you time, we need GetWindowTextA.
Making The Crack:
Enter your user name and some dummy data for the code. Press Cntrl+D to enter Soft-Ice. Set a breakpoint on GetWindowTextA (BPX GETWINDOWTEXTA). Press Cntrl+D again to exit back to the program. Click on "OK". Soft-Ice will pop up.
Now, if we think about
it, the function will be called twice -- once for the user name, and
once for the code. So, the first time Soft-Ice pops. Press
Cntrl+D once, and you'll be back in Soft-Ice. Press F11 once to
exit the code, and you should be here:
0137:0041ED7C FF15A0A94300 CALL [USER32!GetWindowTextA] 0137:0041ED82 8B4D10 MOV ECX,[EBP+10] :ECX will hold your user name 0137:0041ED85 6AFF PUSH FF 0137:0041ED87 E8B37EFFFF CALL 00416C3F :call routine to process your user name 0137:0041ED8C EB0B JMP 0041ED99 0137:0041ED8E 8B4510 MOV EAX,[EBP+10] 0137:0041ED91 FF30 PUSH DWORD PTR [EAX] 0137:0041ED93 56 PUSH ESI
You could now display the user name you entered by pressing F10 to step through the line "CALL 00416C3F", and typing d ecx.
This part of the code
isn't interesting though, so we need to keep stepping until we find
something that does look useful, like a compare (CMP, TEST) and jump
(JE, JNE, JZ, JNZ etc). You'll find it here:
0137:004048FA 8D8D8C000000 LEA ECX,[EBP+0000008C] :ECX will hold the code 0137:00404800 E88B190000 CALL 00406290 :call function to calculate code 0137:00404805 84C0 TEST AL,AL :compare your code to valid one 0137:00404807 0F8584000000 JNZ 00404991 :jump to unregistered if no good 0137:0040480D 6A00 PUSH 00 0137:0040480F 6A00 PUSH 00 0137:00404811 8D542418 LEA EDX,[ESP+18] 0137:00404815 682D010000 PUSH 0000012D
Now, to display your code, just step through the line "CALL 00406290", and display ECX by typing d ecx.
This Essay Is For Knowledge Purposes Only. Neither We, Our ISP, Nor Any Persons Mentioned Shall Be Held Liable For Any Damages Improper Usage May Cause To Your Machine.
If You Successfully Crack A Program, You Must Delete It Immediately. If You Want To Keep The Program, Please BUY It! Support Shareware, This Is Our Learning Tool!
It Is Illegal To Continue To Use Cracked/Patched Software.
ourier"> :004FF75B 8BD8