New 2 Cracking ~~~~~~~~~~~~~~ Tutorial Type : Tutorial Tutorial Topic : Photogenica v1.00 (..::[ www.xs4all.nl/~anvile/n2c/photogenica.exe ]::..) Utilities : W32Dasm (with VB Strings support)/Hiew Written by : ParaBytes Date : Nov. 21st, 2001 Music : None. (its gonna be quick if we do i'll write it well.. ;p) Remarks : A.Please, Register this program, its ONLY 7$ !!! B.Most of the addons of W32Dasm contains VB String addition "Let's rave !" Well, open up this program... hmmm... lovely... isnt it ? if you have a new 3D Card (TNT 2 - that what i have) you proboably wont have 24bit color mode.. so we see the error message "Sorry, (24Bits...)..." so... i said.. lets patch it... open up in W32Dasm, ok ? done ? well.. we see the Import calls MSVBSM50.DLL that mean that this program compiled with Visual Basic 5... so, lets open up the String Dialog Reference, we see " (Unregistered)" as first string... hmm.. intersting, isnt it ? but, every thing in its own time... look for the Sorry message, well, found it ? click on it, we got the location, lets scroll up to see what we are dealing with... hmm, we see the * Reference To: MSVBSM50.__vbaSetSystemError, Ord:0000h code... so, is it the thing that we are seeking ? now, lets follow the code... movs, calls to registers [------------- Remark -------------] when you see "call ebx" or "jmp ebx" with any register, its works like that, the program set the location in the register, and call to it, used when menu selected, so it will be harder to trace the code but not always... [----------- End Remark -----------] well, suddenly... cmp edi,00000018 well, if you dont know, W32Dasm (and most of the other utilities) are working in Hex.. 18h == 24 what do we know ?? and then a conditinal jump ?? wow ! unbelivble !! so easy to find ? well, this is not always so easy... so, we write down the offset of the jump (0006065Fh) lets copy the file to Cracked.exe open cracked.exe in Hiew, F4-Decode Mode-Enter F5-enter the offset, we see the jump ? F3-Enter-write 'jmp' instead of 'jne' enter F9, F10 run the file. hmm working.. but hey ! we are unregistered !!! hey, do you remember what we saw in the W32Dasm ? " (Unregistered)" so, lets go back in the w32dasm and find the string, click on it we got the location ? scroll up to see the origion, we see that its being jumped off from 2 locations, both in the same area, so we wont patch them, we must find the main jump, the one who check either you regged or not, lets trace the code from the last import reference... hmm, test edx,edx jne lets check this place, hey ! we are over the uregistered info ! so, lets write the place (000775519h) get back to our cracked.exe, again, Decode Mode, goto the location, enter what we need, F3,Enter,change it to jmp F9,F10,run Tada !! how lovely ! now, dont worry about the opcodes changed, its jumping over so it wont be a problem, well, this is it, lets get to the fun part, Ending : +--------+ This one is a patching tutorial, not VB cracking and not a single bit with VB, because this program is almost like a normal program (in the place we patched) in most of the VB we need tools like SmartCheck ( a VB debugger ) to be able to crack the codes... that all for today, ParaBytes. Greetings : --===-=-===-- Anvile, for uploading the program to his site, so u'll download it.. DeaL,Invoker,d4d0,ChibiHime,all the other i've helpped, but this list is of the newbies that made me write tutorials and teach newbies... PhANt0m, even you've left, you are a great friend, i hope you'll join back someday... duelist, thanks for the support man.. iNSiGHT crackers, all the crackers... C.i.A and Phrozen Crew, yATEs, nitro, ThE-SAiNT, DarkMoon, tKC,f0dder, all New2Cracking idlers, helpers, tuters, thanks for all the ppl who ever wrote tutorials, they helped me a lot... Embrace old-sk00l members, tutorials sites, ASTAGA, all the rest... Flames (i know its lame, but i need to place it here...) ~~~~~~ Zen0r (CrackZ) and nu (neuro) that t00k over my channel, this is soooo lame... all the people who ever ripped a tutorial/crack/serial - this is the MOST lame action can be.. i never did it, i'll never do it, so should you. that all... Contact me : +-+-+-++-+-+-+ E-Mail : Lewsers@Hotmail.Com IRC : EFNet - #New2Cracking Here ;p ParaBytes.