HOW TO MAKE KEYGEN FOR BOMBMAIL VERSION 5.0 ( Include source code of keygen and kegen , using Visual Basic 6.0 ). -------Written by tnHuAn------ Protection : Register Code. You can download this software at : http://www.softheap.com/bomber.html Tools : SoftIce ( I use version 4.05 ) or TRW2000. Visual Basic 6.0 ( to code the keygen ). This is a shareware , to use it with full version , you must pay : $25. Now, we start . First install this program , then you run it. Oh, you will see the Nag Screen, You must enter the Register Code If you want Register this program. Enter the fake Register Code : 123456789. Now, I press Ctrl+D to pop up SoftIce.Then I set the breakpoint on Hmemcpy, so type : ' Bpx Hmemcpy ' , press Enter. Then , press F5 to return the BombMail, and Click the ' Register ' button. You will kicked into SoftIce.And you will see this code : KERNEL!HMEMCPY PUSH BP MOV BP,SP PUSH DS PUSH EDI ...........and more......... ( this part of code not important ) Now , press F11 : 1 time , you will see this code : CALL KERNEL!HMEMCPY PUSH WORD PTR[DI] CALL KERNEL!LOCALUNLOCK MOV AX,SI POP SI POP DI ........ and more........... ( this part of code not important ) Then press F12 : 11 times, you will this code : CALL 00432594 CMP DWORD PTR [EBP-04],00 JNZ 004B07DE PUSH 02 ......... and more ......... ( this part of code not important ) Now, you press F10 to trace the code until you see your code look like this code : MOV EAX,[004B4080] MOV EAX,[EAX] MOV EDX, [EBP-04] <=== your fake register code is moved to EDX. CALL 0049D880 <=== Press F8 to trace into the code. ..........and more.......... At this CALL , you press F8 to trace into the CALL , you will see this code : PUSH EBP MOV EBP,ESP PUSH 00 ..........and more.........( not important ) Now press F10 until you see this code : CALL 00484DD4 CMP DWORD PTR [EBP-08],00 JZ 0049D997 MOV EAX, [ EBP-08] CALL 00484B84<=== Press F8 to trace into the CALL TEST AL, AL JZ 0049D965 ......... and more ........ At this CALL , you use F8 to trace into this CALL , and you will see this code : PUSH EBP MOV EBP, ESP ADD ESP, -08 ...........and more ......... Press F10 until you see this code : CALL 00403EC4 <== ? EAX , you will see : EAX=9 = length of your fake ( 123456789 ). CMP EAX, 10 <=== Compare EAX with 10h (= 16 ). Is the lenght of your register code = 16 charecters ? . JNZ 00484BF7 <=== If not, jump to the bad meassage. ........................... CMP BYTE PTR [ EAX+01],32 JNZ 00484BF7 .......................... CMP BYTE PTR [ EAX+02],35 JNZ 00484BF7 .......................... CMP BYTE PTR [ EAX+05],32 JNZ 00484BF7 .......................... CMP BYTE PTR [ EAX+07],35 JNZ 00484BF7 .......................... CMP BYTE PTR [ EAX+09],30 JNZ 00484BF7 .......................... CMP BYTE PTR [ EAX+0B],31 JZ 00484BF8 ......................... Look this code , the program compare your fake register code with this method : 1----->? 2----->must = 2 3----->must= 5 4----->? 5----->? 6----->must = 2 7----->? 8----->must = 5 9----->? 10---->must = 0 11---->? 12---->must = 1 13---->? 14---->? 15---->? 16 ---->? Now, when you understand this method , I think very easy to register this program. And there are some Register code : 5250523560213565 8256526570813431 0253126530314120 ............................... And this is source code of the keygen : Private Sub Command1_Click() Dim yourserial As String Dim ran As String Dim songaunhien As Integer Dim i As Integer For i = 1 To 16 songaunhien = Int(0 + 9 * Rnd) ran = Str(songaunhien) If i = 2 Then ran = "2" If i = 3 Then ran = "5" If i = 6 Then ran = "2" If i = 8 Then ran = "5" If i = 10 Then ran = "0" If i = 12 Then ran = "1" ran = Trim(ran) yourserial = yourserial + ran Next i Text1.Text = yourserial End Sub