-==[NovA]==-/Harlem | tutor #2
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

It is very, very easy, and a lot of programs follow this pattern...

Program : A.X.E. Hexeditor
ŻŻŻŻŻŻŻ
    URL : http://www.kahei.com/axe/downloads/axe.zip	

  Toolz : 1) W32dasm, Hiew

Lets get started...

1)  Make a backup copy of axe.exe

2)  Load the original in w32dasm and the copy in Hiew

3)  Start Axe, we see a nag screen, and it asks for a reg code.
	Type in 12345 (or whatever you want) and if should
	give you the message "Not valid reg. code for this machine."

4)  ok, since we know where to begin, turn to w32dasm and hit the 
	"String Data Reference" in the top right
	Go down till you see the error message we got...
	
	"This is not a valid registration..."

bingo! :)

	double click on it and close the SDR window..

5)  Trace up a little bit and you'll find this..

:004163AC E88F94FFFF              call 0040F840 <--calc
:004163B1 84C0                    test al, al   <--testing ***
:004163B3 6A00                    push 00000000 
:004163B5 7415                    je 004163CC   <-- jump if above is eq.
:004163B7 6A30                    push 00000030 

	now, this should auto-maticly tell you +regable+

6)  Find the offset in the bottom right.
	In Hiew press "f5" and goto the offset
	in this case we press "f5" then type
	157b1

	You shouuld see urself exactly where you we're in w32dasm!
	test al,al

7) OK..now, what to do..There are more than just one way to fix this..
	lets try to reverse the jump and alter the test ;)


8)Hit "F3" then "f2", change the al,al to bl,al

9)hit "f9" and "f10"
	Run the proggie, enter any reg code..what? gives us a different
	error msg.. this time says "incorrect code"

10)  IN w32dasm, find the msg in the SDR, doulbe click on it..
	trace up a bit till you find
	
:0040F7BA 84C3                    test al, al <--again?? ***
:0040F7BC 7449                    jne 0040F807  <-- jump if not equal
:0040F7BE 8D4C2410                lea ecx, dword ptr [esp+10]
:0040F7C2 89742470                mov dword ptr [esp+70], esi
	

11) ok, do the EXact same thing as before
	in HIEW  that offset EBBA change the al,al to bl,al
	AND.. reverse the jump :)

12) hit "f9" then "f10"
	RUN the Proggie again
	
	S U C C E S S !! ;)

	Finally, hope it wasn't too confusing..this type of code is
	found in a lot of s/w proggies out there..not all are the
	simple reverse of 1 jump..
____________
-==[NovA]==-
ŻŻŻŻŻŻŻŻŻŻŻŻ
nova@email.com