--Softice Tutorial--- Date written: 25.3.2001 Program Details: Name: cracking4newbiews CrackMe1 by analyst Author: Bengaly Tools Used: Softice ________________________________________________________________________ -About this protection system- easy Protection which based on a serial number and code. __________________________________________________________________________ The Essay As this is a tutorial for newbies, I'll go into details about how I go about cracking the program. I suggest that you read this tutorial first. When you have completed the tutorial, leave this tutorial open and follow the instructions. Re-do it once more after you have completed the step by step guide... In this essay, when I write type "d EAX" or similar commands in Softice, I mean it without the quotes. __________________________________________________________________________ Lets Crack The Bitch ;) ok that's easy. *after looking in 32dasm (disassmble first, i am sure it's easy), we can see acttualy everything. ok let's crack then; open the crack me , u see two texr fields, i entered this: name: Shani serial: 123456 <= very easy to remember ;) open your fav black debugger SoftIce ;) set a nice breakpoint BPX GETWINDOWTEXTA (u can use hmemcpy as well) press f5/ctrl+d Press CHCEK THE SERIAL..BOOOMMM Sice poped up ;) we are in the GETDLGITEMTEXTA hehe ;) press F12.(get out from fucking DLL ;) ) we will see that: blahb lah blah......!GETWINDOWTEXTA: xxx:yyy PUSH 68 <=we land here. xxx:yyy PUSH EDX -remember that i told u to look in 32dasm???, why u ask?? cuz it will make the crack even easier to crack. how?? 1.dissasmble 2.click strREF button 3.chose "congratualation u cracked....." we land here: * Possible StringData Ref from Data Obj ->"Congratulations! IF this number " <= u are here ->"comes *FROM YOUR* keygen, Write " ->"a tutorial dude ;)." | :00401157 683CB44000 push 0040B43C :0040115C 56 push esi * Reference To: USER32.SetWindowTextA, Ord:0000h | :0040115D E8289B0000 Call 0040AC8A :00401162 EB18 jmp 0040117C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401155(C) | so what next??? 4. scroll up to find where is the call/jmp/cmp/push somwthing that check our serial 5. it is here: * Possible StringData Ref from Data Obj ->"%lX" | :0040112C 6838B44000 push 0040B438 ; name in memory?? :00401131 8D8D80FEFFFF lea ecx, dword ptr [ebp+FFFFFE80] :00401137 51 push ecx ; ecx in memory :00401138 E8873D0000 call 00404EC4 ;bad boy?? :0040113D 83C40C add esp, 0000000C :00401140 8D8580FEFFFF lea eax, dword ptr [ebp+FFFFFE80] :00401146 50 push eax <= right serial ;) :00401147 8D95E4FEFFFF lea edx, dword ptr [ebp+FFFFFEE4] :0040114D 52 push edx ; push edx to memory :00401146 contain our right serial. how did i knew??? well if u will do in SIce ?eax / d eax <= then we will see "10C88" heh weeee 6. enter the correct data and crackme cracked. __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. I've tried to explain everything in details. This is my first tut so...;) And because I'm a newbie myself, I may have explained certain things wrongly So, if that is the case, please forgive me. Email me if there is anything you are not clear about. My thanks and gratitude goes to:- ---ANALYST(ACiD-BUrN)--- ----CODE_INSIDE----- -----BLAcKgH0sT------ for being good friend :) -------FusS------ All the writers of Cracks tutorials and CrackMes