--Softice + D32DASM Tutorial--- Date written: 19.4.2001 Program Details: Name: Oliver's CrackMe #1 Author: Bengaly Tools Used: Softice d32dasm ________________________________________________________________________ -About this protection system- easy Protection which based on a name/serial number. __________________________________________________________________________ The Essay As this is a tutorial for newbies, I'll go into details about how I go about cracking the program. I suggest that you read this tutorial first. When you have completed the tutorial, leave this tutorial open and follow the instructions. Re-do it once more after you have completed the step by step guide... In this essay, when I write type "d EAX" or similar commands in Softice, I mean it without the quotes. __________________________________________________________________________ Lets Crack The Bitch ;) ok that's easy. ;) 1. open d32asm and dissasmble the crackem..(i hope u know that). then press the StrHref button..look for "u got it ;) " string, press it. u will be at: :00430EA9 3BD8 cmp ebx, eax :00430EAB 7E99 jle 00430E46 :00430EAD 8B45F4 mov eax, dword ptr [ebp-0C] <= we need to bpx here :00430EB0 8B55F8 mov edx, dword ptr [ebp-08] :00430EB3 E8902BFDFF call 00403A48 :00430EB8 750A jne 00430EC4 string reference------------------------>"u got it ;)" so d32asm helps us alot as u can see..so what's next?? write down 00430EAD on paper ang read next ;) 2. open the crack me , u see 2 text field, i entered this: name: bengaly ( u must have a name more then 6 letters) there is a cmp with 0006 or 008 serial: 123456 <= very easy to remember ;) open your fav black debugger SoftIce ;) set a nice breakpoint BPX HMEMCPT press f5/ctrl+d Press CHCEK THE SERIAL..BOOOMMM Sice poped up ;) we are in the HMEMCPY ;) press F12.(get out from fucking DLL, press 12 time (to go over the ret commands) *now u in the code window* press: bpx 00430EAD (then press Enter) and press f5 u will land here: :00430EA9 3BD8 cmp ebx, eax ;name compare to fake serial :00430EAB 7E99 jle 00430E46 ;jump is lower => we land here:00430EAD 8B45F4 mov eax, dword ptr [ebp-0C] ;our name :00430EB0 8B55F8 mov edx, dword ptr [ebp-08] ;our serial generated :00430EB3 E8902BFDFF call 00403A48 ;good boy <;) :00430EB8 750A jne 00430EC4 ;bad boy >;/ now press 1 time f10..and u will be at : 00430EB0 8B55F8 mov edx, dword ptr [ebp-08] press: d eax u will see the real serial at the data window ;) for me: name: bengaly serial: 454583575510418 cracMe cracked ;) __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. I've tried to explain everything in details. This is my first tut so...;) And because I'm a newbie myself, I may have explained certain things wrongly So, if that is the case, please forgive me. Email me if there is anything you are not clear about. My thanks and gratitude goes to: ---ANALYST(ACiD-BUrN)--- ; for helping in cracking ----CODE_INSIDE----- ;for helping in cracking -----BLAcKgH0sT------ ;for being good friend :) -------FusS------ ;asm / keygenning helper All the writers of Cracks tutorials and CrackMes