HOW TO REGISTER Teleport Pro 1.29 Tutorial by UmE Introduction: in this tutorial I'll try to explain you how to register Teleport Pro 1.29 finding the registrtation number inside the code. Follow me.... :) Necessary tools: SoftIce 3.24 or better. Program description: Teleport Pro version 1.29, pro.exe, 829.200 bytes. PARENTAL ADVISORY: this tutorial is cracking oriented!!! Step1: run the program and go to the "Help" menu. Click on "Register..." and fill the form that will appear with your name (I've filled with "UmE Cracks!!"), a company name (I've written "UmE") and the registration number (I've filled with "12345"). Press Ctrl+D to enter in SoftIce and place a breakpoint on the function GetWindowTextA. Press Ctrl+D again to return to Teleport Pro and push the "Ok" button.... Step2: ....BINGO!!! You're in SoftIce so press F11 to return to the piece of code where the function is called. As you know the GetWindowTextA reads one field everytime it is called, so the first time it reads the name you've entered in the "Your name" field. You can see this observing the EAX register in the top left corner of SoftIce (if the register window is not enabled type WR and it will appear) after having pressed the F11 key. You can see that EAX has a value of 0000000C (12 in decimal) that is the number of chars that the function has read: in fact GetWindowTextA returns the number of chars of the field that it has read. Ok, after this little theorical note let's return to the target. You've just read the first field so press Ctrl+D (reads the company name, if you press F11 and look tha EAX value you'll see a value of 00000003) and then Ctrl+D another time to read the serial number you've entered. Now press F11 to return to the piece of code that has called the function and you'll be here: :0044BC06 8B4D10 mov ecx, dword ptr [ebp+10] :0044BC09 6AFF push FFFFFFFF :0044BC0B E83A93FFFF call 00444F4A :0044BC10 EB0B jmp 0044BC1D Now start to trace the code pushing F10 and take a look to the registers. You'll see... 017F:00425878 PUSH EBX 017F:00425879 PUSH DWORD PTR [EDI+000000DD] 017F:0042587F CALL 0042CA40 *See note 1 017F:00425884 MOV ECX,[004832E8] 017F:0042588A ADD ESP,0C 017F:0042588D MOV [EBP-14],EAX *See note 2 017F:00425890 CMP [ECX+000002CD],BL 017F:00425896 JZ 00425AB7 017F:0042589C CMP EAX,EBX *See note 3 017F:0042589E MOV ESI,0047E8B0 017F:004258A3 JZ 004259B4 017F:004258A9 PUSH DWORD PTR [EDI+000000D5] 017F:004258AF CALL 00426248 *See note 4 017F:004258B4 CMP [EBP-14],EAX *See note 5 Note1: this function load in EAX the serial number that I've entered. If you see in the top left corner of SoftIce in the register windows you can notice that EAX=3039 that in decimal is 12345 (try to type ? EAX in SoftIce and you'll see "12345"). Note 2: this instruction moves tha value of EAX (our serial number) in EBP-14. Note 3: test if the serial number entered (EAX) is equal to 0 (EBX). It's a test to verify if we have entered something... Note 4: this function load something in EAX.... Note 5: compare EAX with the serial number we've entered (EBP-14). What the program can compare with our serial number if not the right serial number? Type ? EAX and you'll have "2008069322". Try to register Teleport Pro with this number and you'll see that it's the right code!!! Not easy? I think so.... That's all for now, I hope you've enjoyed during the reading of this tutorial!!! Greetings to Volatitlity and all the Immortal Descendants. Contact me at: ume15@hotmail.com