How to crack Ulead's PhotoImpact 5.0 by uZzi HI pepz! I'm back with another cracking tutorial just for you. TOOLS YOU NEED : Soft-Ice 3.24 Win32Dasm 8.93 YOUR FAVOURITE HEXEDITOR You can find all of them at www.crackstore.com Let's start. Install the proggie and then run it. You will see a nag-screen announcing that this version is a trial available only a month. Set the time after the 30 days and run it again. You will recive something like this: the 30-day trial period has expired...bla, bla, bla. Click OK button and the program say ciao ! There are many ways to crack this. Here's a solution. We will put a brekpoint at MessageBoxA api function that showed us the stupid message. Do CTRL+d to enter in Sice. Put the breakpoint : bpx messageboxa and press F5. Now run it again. Sice stops at the begining of MessageBoxA function. To jump wherever it was called, press F11. You will land in u32cfg.dll at this code: * Reference To: USER32.GetDesktopWindow, Ord:00FFh | :4EB06EDF FF155482B04E Call dword ptr [4EB08254] :4EB06EE5 50 push eax * Reference To: USER32.MessageBoxA, Ord:01BEh | :4EB06EE6 FF157C81B04E Call dword ptr [4EB0817C] << here you are :4EB06EEC 5F pop edi :4EB06EED C3 ret As you can see noway to crack at this. Trace two lines(with F10). You will see: :4EB06E62 68F0550000 push 000055F0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:4EB06D2C(U) | :4EB06E67 E814000000 call 4EB06E80 :4EB06E6C 83C40C add esp, 0000000C << you are here * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:4EB0601B(C), :4EB06084(C), :4EB06C6F(C), :4EB06CF3(C) | :4EB06E6F 5F pop edi :4EB06E70 5E pop esi :4EB06E71 5D pop ebp :4EB06E72 33C0 xor eax, eax << hmm...nothing good here... :4EB06E74 5B pop ebx :4EB06E75 81C470060000 add esp, 00000670 :4EB06E7B C3 ret This code brings that error message and put in eax 0 value(xor eax, eax). If eax is 0 the program won't continue. Now you have enough information to crack thiz. Dont't forget to get the offsets (6E67, 6E72). You may replace call 4EB06E80 with xor eax, eax ; eax=0 inc eax ; eax=1 inc eax ; eax=2 dec eax ; eax=1 what we need ;) and xor eax, eax with nop ; nop ; Load the u32cfg.dll file in your heXeditor, goto first offset and replace E814000000 with 33C0404048; goto second offset and replace 33C0 with 9090. Save it. Run it. Enjoy! No messagebox, no time limitation just the program working very fine. Well, wasn't hard, don't you? Now something 'bout the others ways to crack PhotoImpact. You could remove the time protection using a brakpoint at GetSystemTime, but this is the long way. I leave you this as a homework. ^-----------------------> Greetz goto /---->heXcrasher<---lz0 | / | /----->3D iDA<---lz0 | / | /------->oRIon | / | /--------->all crackers in #lz0 | / tuturor crackerilor Romani :P v <---------------------------------- If you have any questions mail to me at uzziest@yahoo.com or catch me in #lz0 (undernet) See you on the next tutor!