dAKuRioUSCHiLD [ PC_'99 ] Tut Part Attack Angle Tools Needed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Part 3.-----------Nag Kill--------------WinDasm, Hiew, and HexWorkshop. First you need to delete you startcln.exe cuz it's been altered, make a copy of startcln.bak ( which is still like the original ), and rename the copy of startcln.bak, startcln.exe so that you have a clean exe to work with. You can get HexWorkshop from http://www.bpsoft.com. Ok lets keep moving. Lets look at that nag closer...what does the first line say? "If you intend to use start clean..." So lets go to windasm and search for that string. We find it right near the top:Number of Dialogs = 3 (decimal) Name: DialogID_006F, # of Controls=010, Caption:"Register!", ClassName:"" 001 - ControlID:FFFF, Control Class:"STATIC" Control Text:"If you intend to use Start Clean" 002 - ControlID:FFFF, Control Class:"STATIC" Control Text:"" 003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Send a check or money order for $10 U.S., with your name, address, *e-mail* ad" 004 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Firas El-Hasan - Start Clean" 005 - ControlID:FFFF, Control Class:"STATIC" Control Text:"" 006 - ControlID:FFFF, Control Class:"STATIC" Control Text:"On Compuserve, GO SWREG using the following registration ID:" 007 - ControlID:FFFF, Control Class:"STATIC" Control Text:"9774" 008 - ControlID:FFFF, Control Class:"STATIC" Control Text:"" 009 - ControlID:0002, Control Class:"BUTTON" Control Text:"OK" 010 - ControlID:040C, Control Class:"BUTTON" Control Text:"&Register..."
Now the program will call that text by calling it's ID, see where it says Name? The ID is "DialogID_006F", so now search for that. We find:* Reference To: COMCTL32.InitCommonControls, Ord:0011h | :00401EA9 FF1508924000 Call dword ptr [00409208] :00401EAF E84CF1FFFF call 00401000 :00401EB4 A34C724000 mov dword ptr [0040724C], eax :00401EB9 85C0 test eax, eax :00401EBB 7524 jne 00401EE1 :00401EBD 6A00 push 00000000 :00401EBF A148724000 mov eax, dword ptr [00407248] :00401EC4 68F0274000 push 004027F0 :00401EC9 6A00 push 00000000 * Possible Reference to Dialog: DialogID_006F | :00401ECB 6A6F push 0000006F :00401ECD 50 push eax
We now see the jump above it at line 00401EBB. So lets run hiew like we learned in part 2 and change the 75 to a 74...( your offset is 000012BB, just a little help! :) ) ( read the appendix for further asm commands ). Let's run startcln.exe and no nag!! But it says Shareware version. Open hexworkshop ( which can be cracked using the method in part 2 ), and open startcln.exe with hexworkshop. Press F3 and search for "Shareware Version". Leave "Unicode" unchecked...nothing found. Ok try it again with "Unicode" checked ( normal text looks like "Bob", unicode looks like "B.o.b" ). FOUND!! You can change the text to anything you like, as long as you DON'T use more letters than you are allowed, in this case 17. DO NOT write over the unicode ".", only overwrite letters. Mine says "RegisteredVersion". My example is named nagkill.exe. Now we need to create a patch so that we can pass our work onto others. Basicly we need to create a small program that'll make the same changes to smart clean that we made! Usually we do this because the .exe we changed is a few megs or so...in this case it would probably be better to just pass on our startcln.exe cuz it's only 30 some kb's. But i'll still tell you how you could make one. When i first started i used RTD's Win32 Patch maker...you can find it on some of the sites listed at Nitallica's site. All you do is run it, fill in the blanks, show it where the original file is and where the cracked file is...then type in the name of what you want to call your crack...then click start! dAs it! It makes it for you...i now program my own...if you really want to learn how to make you own, i suggest you use C, C++, or ASM to code them, these are all fine languages, now go buy a book on your chosen language. :) For now i suggest you be satisfied with RTD's patcher...it's quite nice! Altough the program looks registered, it really isn't...that's the problem with patching...and it only works for that exact version. What we need is a serial number... ONTO Part 4 ( and smartcheck! )