4/29/00 10:54:25 AM WHY PATCHING WHILE SERIAL NUMBER IS FISHY BitmapShrinker V 1.02 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM The BitmapShrinker is mainly a tool for authors of web-pages and help-files. It can shrink and enlarge graphics. The BitmapShrinker tries to choose the best fitting colors for the pixels in the resulting graphic to avoid disturbing stair and block-effects. The used method is often called anti-aliasing or bilinear interpolation. Shareware; Win95; English&German Homepage: http://www.beyersdorf.com/ URL : http://www.beyersdorf.com/archives/BShrink.exe Level : Beginner ( non programmer ) Protection : Serial Number, Time Limo Tool(s) : SoftIce v3.24 or higher 1. Run BitmapShrinker.exe , when the nag pops up click on the ENTER KEY button. Type your desired name and fake serial number i.e Name : Tracy Lord Key : 9073884665 DO NOT CLICK 'OK' yet 2. Press [ Ctrl + D ] to get into SoftIce, and type breakpoint bpx hmemcpy [enter] and F5 to return to the program, you can click OK button now. 3. You'll get into SoftIce and break in HMEMCPY, all you have to do is press F11, F5 and F11. To get into main program press F12 eleven (11) times until you see these below follow ing codes : _____________________________________________________________ :0047E9E1 E872B0F9FF call 00419A58 <---- YOU LAND HERE :0047E9E6 8B4DF8 mov ecx, dword ptr [ebp-08] :0047E9E9 8B93E0010000 mov edx, dword ptr [ebx+000001E0] :0047E9EF 8B83DC010000 mov eax, dword ptr [ebx+000001DC] :0047E9F5 E81EF5FFFF call 0047DF18 <---- Follow this :0047E9FA 84C0 test al, al call :0047E9FC 7432 je 0047EA30 :0047E9FE C605985B490001 mov byte ptr [00495B98], 01 _________________BITMAPSHRINKER!CODE+0007D9E1________________ Press F10 4 times or until you get 0047E9F5 is highlighted, press F8 to follow and trace this call ... this time you'll land at these below codes : :0047DF16 8BC0 mov eax, eax :0047DF18 55 push ebp :0047DF19 8BEC mov ebp, esp :0047DF1B 83C4E0 add esp, FFFFFFE0 :0047DF1E 53 push ebx :0047DF1F 56 push esi ....... ....... 4. Keep continue pressing F10 and stop at the 15th, at this step you have to watch what's going on in the SoftIce's Register Window and Data Window : :0047DF37 E8E058F8FF call 0040381C :0047DF3C 8B45F8 mov eax, dword ptr [ebp-08] :0047DF3F E8D858F8FF call 0040381C REGISTER WINDOW : EAX=00D36C10 SS:006EFD8 Dump/display the contents in EAX by typing : d eax ----> you'll see your Name and fake Serial Number in the SoftIce's Data Window. or d 006EFD8 ----> your Name is there ( note:alternatively you can double click your RIGHT mouse button and choose DISPLAY to see the contents ) 5. Press F10 again and stop at the 45th, and take care should be taken because I see the classic comparison code between ESI and EAX ( :0047DFAC 3BF0 cmp esi, eax ) ... let's prove it .. does the REAL Serial Number is there or not ? REGISTER WINDOW : EAX=00031372 ESI=006EF6D0 :0047DFA2 8BF0 mov esi, eax ---> YOU LAND HERE :0047DFA4 8B4508 mov eax, dword ptr [ebp+08] :0047DFA7 E8C87DF8FF call 00405D74 :0047DFAC 3BF0 cmp esi, eax ---> DO ?EAX or ?ESI :0047DFAE 0F8533010000 jne 0047E0E7 At memory address 0047DFA2 type in the SoftIce Command Line ? EAX ---> you'll get 201586 ? ESI ---> 7272144 ( Note: why shouldn't we do ?EAX at memory address 0047DFAC ?, because at the 47th of F10 you'll returned to the program and get 'Invalid code' message. However, by clicking OK in the prog's registration window you'll back into SoftIce and landed at memory address 0047DFA7. Press F10 once and do ?EAX and ?ESI ) 6. Disable all breakpoint by typing BD * , press F5 to return to the main program, and keyed in 201586 as your Serial Number. Click OK . Badass... you're registered ! TIPS FOR BEGINNERS/NEWBIES * From the above explanation we have learn that do not always wait until classic CMP ESI,EAX ( or similar ) comes to your eyes... even it's exactly true. Keep on eyes the changes in the Register Window. END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-bmpshrk102.zip or c4a_bs12.zip [EOF]