New 2 Cracking
~~~~~~~~~~~~~~

Tutorial Type  : Tutorial
Tutorial Topic : Photogenica v1.00 (..::[ www.xs4all.nl/~anvile/n2c/photogenica.exe ]::..)
Utilities      : W32Dasm (with VB Strings support)/Hiew
Written by     : ParaBytes
Date           : Nov. 21st, 2001
Music          : None. (its gonna be quick if we do i'll write it well.. ;p)
Remarks        : A.Please, Register this program, its ONLY 7$ !!!
                 B.Most of the addons of W32Dasm contains VB String addition

"Let's rave !"

Well, open up this program...
hmmm... 
lovely... isnt it ?
if you have a new 3D Card (TNT 2 - that what i have)
you proboably wont have 24bit color mode..
so we see the error message "Sorry, (24Bits...)..."
so... i said.. lets patch it...
open up in W32Dasm, ok ? done ?
well.. we see the Import calls MSVBSM50.DLL
that mean that this program compiled with Visual Basic 5...
so, lets open up the String Dialog Reference,
we see " (Unregistered)"
as first string... hmm.. intersting, isnt it ?
but, every thing in its own time...
look for the Sorry message, well, found it ?
click on it, we got the location, lets scroll up to see what we are dealing with...

hmm, we see the 

* Reference To: MSVBSM50.__vbaSetSystemError, Ord:0000h

code...

so, is it the thing that we are seeking ?
now, lets follow the code...

movs, calls to registers 

[------------- Remark -------------]

when you see "call ebx" or "jmp ebx"
with any register, its works like
that, the program set the location
in the register, and call to it,
used when menu selected, so
it will be harder to trace the code
but not always...

[----------- End Remark -----------]

well, suddenly...

cmp edi,00000018
well, if you dont know, W32Dasm (and most of the other utilities) are working in Hex..
18h == 24
what do we know ??
and then a conditinal jump ??

wow ! unbelivble !! so easy to find ?
well, this is not always so easy...

so, we write down the offset of the jump
(0006065Fh)
lets copy the file to Cracked.exe
open cracked.exe in Hiew, F4-Decode Mode-Enter
F5-enter the offset, we see the jump ?
F3-Enter-write 'jmp' instead of 'jne'
enter F9, F10
run the file. hmm working.. but hey ! we are unregistered !!!
hey, do you remember what we saw in the W32Dasm ? " (Unregistered)"
so, lets go back in the w32dasm and find the string, click on it
we got the location ?

scroll up to see the origion,
we see that its being jumped off from 2 locations, both in the same area, so we wont patch
them, we must find the main jump, the one who check either you regged or not,
lets trace the code from the last import reference...
hmm, 
test edx,edx
jne <offset>
lets check this place, 
hey ! we are over the uregistered info !
so, lets write the place (000775519h)
get back to our cracked.exe,
again, Decode Mode,
goto the location, enter what we need,
F3,Enter,change it to jmp
F9,F10,run

Tada !!
how lovely !

now, dont worry about the opcodes changed, its jumping over so it wont be a problem,

well, this is it, lets get to the
fun part,


 Ending :
+--------+

This one is a patching tutorial, not VB cracking and not a single
bit with VB, because this program is almost like a normal program (in the place we patched)
in most of the VB we need tools like SmartCheck ( a VB debugger ) to be able to crack the
codes...

that all for today, ParaBytes.

 Greetings :
--===-=-===--

Anvile, for uploading the program to his site, so u'll download it..
DeaL,Invoker,d4d0,ChibiHime,all the other i've helpped, but this list is of the newbies
that made me write tutorials and teach newbies...
PhANt0m, even you've left, you are a great friend, i hope you'll join back someday...
duelist, thanks for the support man..
iNSiGHT crackers, all the crackers...
C.i.A and Phrozen Crew, yATEs, nitro, ThE-SAiNT, DarkMoon, tKC,f0dder,
all New2Cracking idlers, helpers, tuters, thanks for all the
ppl who ever wrote tutorials, they helped me a lot...
Embrace old-sk00l members, tutorials sites, ASTAGA,
all the rest...

Flames (i know its lame, but i need to place it here...)
~~~~~~

Zen0r (CrackZ) and nu (neuro)
that t00k over my channel, this is soooo lame...
all the people who ever ripped a tutorial/crack/serial - this
is the MOST lame action can be..
i never did it, i'll never do it, so should you.

that all...

 Contact me :
+-+-+-++-+-+-+

E-Mail : Lewsers@Hotmail.Com
IRC    : EFNet - #New2Cracking
Here ;p

ParaBytes.