__I'''''''''''''''''''''''''''''''''''''''''''I__ The Ultimate Begginer Cracker's Book v1.1__I'''''''''''''''''''''''''''''''''''''''''''I__
I                                                                           by basdog22                                                                                  I
-------------------------------------------------------------------------------------------------------------------------------------------------
Well i started writing this tut cause there are NOT a lot of them availiable on the NET even now
that knowledge is wide spreaded.
This tut is aimed at the very newbies so if you are an advanced or an intermediate cracker through
it away cause it just occupies space in your HDD and nothing more.

I would like to apologise for my bad English and some spelling mistakes that i will for sure make
here.English isn't my mother tongue so don't blame me ;)

First of all:
Make your notepad's resolution so that the line below will be shown in it's all length
<------------------------------------------------------------------------------------------------------------------------------------------------>

""""""""""""""""""""""""""""""""""""""""SoftICE: Some tips and some add-onns"""""""""""""""""""""""""""""""""""

Hello again,welcome to my third tut.I hope these tuts teach you something and i try to make them as easy as  possible.Today we are going to talk for aour Debugger,SoftICE.
SoftICE is a debugger that stays between the machine and windows so that it can stop whatever is happening when the user (WE) want.So that's what makes this prog so powerfull.With SoftICE we can fish serials,find where Nag screens are created and many more things by setting some breakpoints (BP).
We can set breakpoints everywhere we want,for example we can set breakpoints on API's like that:
bpx DetDlgItemTextA or bpx GetWindowText etc or we can set breakpoints on addresses like that:
bpx 00405124.I suggest reading SoftICE's manuals,both.

Do you remember the API's mentioned on tutorial v1.0?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1)Hmemcpy -----------> It is not an API but it is the best
2)GetDlgItemTextA
3)GetWindowText
4)CreateFileA
5)ReadFile
6)RegCreateKeyA
7)RegDeleteKeyA
8)RegQueryValueA
9)MessageBox
10)MessageBoxA
11)MessageBoxExA
12)MessageBeep
13)GetLocalTime
14)GetSystemTime
15)GetFileTime
16)CreateWindowExA
17)ShowWindow
18)GetDriveTypeA

So we can set breakpoints on each one of them according to what we want to do.If we want to fish a serial for instance we must use the first three,when we need to see if a prog reads from the registry we use 6,7 and 8.Get it?
"So breakpoints is a must for cracking what else???"
A little more about SICE (SoftICE).
First of all,you must have SICE configured properly in order to work with it.I covered this on tut v1.0 so i will not go over that again.
Some functions:
F1--->Help.You can press this when you are in SICE to have some reference.
F2--->Tongles the window that displays Registers and Flags on and off
F3--->Tongle between source and mixed code
F4--->Restore program screen
F5--->Same as X+Enter or Ctrl+D.Exits SoftICE
F6--->Enable and Disable code window
F7--->Go to current cursor line
F8--->Trace into.We use this a lot
F9--->Sets a breakpoint
F10-->Step into.We use this too
F11-->Same as Ret.We use this to return from a call
F12-->Step over.

You can have a better more defined description if you press fkey+Enter in SICE.
Another usefull function is search:
Say we entered a serial like "1234567890" and we want to find where it is manipulated.We can search for it like this: s 0 L ffffffff '1234567890'
This means that SICE will search in the range 0-ffffffff for 1234567890

The echo technic
~~~~~~~~~~~~
+ORC in his famous tuts (READ them,it's a must) used this technic to fish serials.When you set a breakpoint and SICE pops-up you press F10 untill you get into the program's routine.Then either you trace into a call and dump memory (d) or you look for a call and after it you again dump memory like that: d esi or d eax or you evaluate (?) registers in order to find what you want.
This might be confusing now but as we go on it will make sense.
---------------------------------------------------------------------------------------------------------------------------------------------------
So ready to crack your first prog???
This tut includes a 20 kb prog named crackme.exe with a dog's face as an icon (Wonder why??? ;=)).It is written in Visual Basic 6 and we are going to find a serial for it using SICE.Extremelly easy (If you disassemble it the right serial will be included in String References) so it is a good start.

Cracking crackme.exe
~~~~~~~~~~~~~~~~
We will follow my steps here:
Step 1: Run the prog and try to understand how it works.
Well we see a text box asking us for a serial.Lets put something on it say "778899" and hit Submit.It gives us a message saying "Oops not good.Try again" and when we hit OK the prog exits.This tells us nothing at the moment (Since we are looking for a serial) but if we wanted to patch it we would have understood that the prog compares our serial to the correct one and if it is wrong it exits.So in Assembly it would be something like that:

CMP EAX,EAX  <---------Compare given serial with the right serial
JNE (Bad serial) <-------If the given serial is not equal to real serial jump to bad serial message
Push (Good serial message) <----If the given serial was wqual to real serial display good serial message
etc
...
....
...
(Bad serial) <---------------------------------------Bad serial function
Push (Oops not good.Try again) and Exit <--Bad serial message and exit

Remember this for our next tut where we will patch the same crackme to say thank you even with wrong serials.

Step 2: Run the prog again and enter a serial say "778899" and press Ctrl+D.SICE pops-up,place a breakpoint on hmemcpy (I will explain why) and hit F5.Now press submit button and we are back in SICE:

KERNEL!HMEMCPY
015F: 9EAE   55              PUSH   BP            \
015F: 9EAF   8BEC         MOV     BP,SP      /"""""""""""We land here

Now press F11 to return from the call and then press F10 as many times untill the line above the command window says: CRACKME!.text+20CE.It took me 182 times hitting F10 to get there.Most of the times it is better to press F10 than F12.You land here:

017F: 004030D4            3BC7                    CMP              EAX,EDI <--------- We are here
017F: 004030D6            DBE2                   FCLEX
017F: 004030D8            7D11                    JGE              004030EB <-------- Beware of this one
017F: 004030DA           68A0000000         PUSH           000000A0
017F: 004030DF           68DC254000        PUSH           004025DC

Now we can dump memory to see if we can fish the serial but first look at the code.At 004030D8 there is a JGE that take us somewhere else.We can make this jump inactive by placing our cursor on the jump and then give the command : r fl o which means Register the Flag O (Overflow) but we don't need to do this here.
You see it pushes 2 addresses: 1) 000000A0 and 2) 004025DC, lets dump them doing a 
d 000000A0 <----------- No serial here
d 004025DC <---------- Yes the right serial is here

You will see all of the program's messages here, that is:
Duh enter something PLEASE
Oops not good.Try again <-------- Remember this???
WellDone <----------------------------- The thank you message???
18042001  <----------------------------- This is the right serial

OK you cracked your first prog but don't get excited cause this prog was made to be cracked.Normal progs are not so easy to crack and some of them come packed/encrypted.

--------------------------------------------------------------------------------------------------------------------------------------------------
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Thanks for reading this shit.I hope you gained some knowledge from this tut.
My main goal was to help people who are interested in starting with the art of cracking (Not even newbies) but didn't know what tools to get and how to make them work.
If you think that i should add some stuff in this tut or anything else you can send me your ideas to basdog22@yahoo.com i would apreciate it.

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
In my next tutorial version 1.3 there will be some Assembly lessons  and we will patch the same crackme in order to say thank you even with wrong serials. Till then go out there and have a drink with your girl and have fun cause the real life is out there...

to be continued...

