How to find the real serial 

Zip Tracker v1.0

a Cracking tutorial By Nemesis] TNT

DISCLAIMER

This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.

About The Program

What is Zip Tracker?

   Zip Tracker - the simple utility in use. It allow to transformate such as State - City - ZIP5. It means that on the entered State it is possible receive the list of cities and ZIP5, included in this State. On the entered City it is possible to receive the list of States, which include cities with such name and ZIP5 appropriate to them. On entered ZIP5 it is possible to receive the appropriate city and State. The received list can be sorted in the ascending or descending order by any attribute (on State, City or ZIP5)

WHERE TO DOWNLOAD

Homepage :http://server44.hypermart.net/zipt/

Size : 1.12mb

Tool: numega Softice 4.5 [can be download at http://www.eccentrix.com/computer/protools/

HOW TO GET VALID SERIAL NUMBER for your name By Using [Softice]

lets get started run  Zip Tracker click register button you will see dialog box with 2 edit when you type my  name you well see my user code 7F25223B1E and Input received registration code <---that's what we want so just type anything click register message box say Invalid registration code ! ok now we should put break point like this BPX hmemcpy and enter F5 to get out off softice click register softice should break now do the fowling F5 2 times and F12 49 times until we land at the address below. F10 to go down.

:00403F4C 83F801 cmp eax, 00000001   <----we land here

:00403F4F 746B je 00403FBC

:00403F51 8D8C24BC000000 lea ecx, dword ptr [esp+000000BC]

:00403F58 C78424C800000004000000 mov dword ptr [esp+000000C8], 00000004

:00403F63 E8B5020100 call 0041421D

:00403F68 8D8C24B8000000 lea ecx, dword ptr [esp+000000B8]

:00403F6F C68424C800000003 mov byte ptr [esp+000000C8], 03

:00403F77 E8A1020100 call 0041421D

:00403F7C 8D8C24B4000000 lea ecx, dword ptr [esp+000000B4]

:00403F83 C68424C800000002 mov byte ptr [esp+000000C8], 02

:00403F8B E88D020100 call 0041421D

:00403F90 8D4C2478 lea ecx, dword ptr [esp+78]

:00403F94 C68424C800000001 mov byte ptr [esp+000000C8], 01

:00403F9C E8A53A0100 call 00417A46

:00403FA1 8D4C241C lea ecx, dword ptr [esp+1C]

:00403FA5 C78424C8000000FFFFFFFF mov dword ptr [esp+000000C8], FFFFFFFF

:00403FB0 E88AC70000 call 0041073F

:00403FB5 33C0 xor eax, eax

:00403FB7 E93F030000 jmp 004042FB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:00403F4F(C)

:00403FBC A114284200 mov eax, dword ptr [00422814]

:00403FC1 8944240C mov dword ptr [esp+0C], eax

:00403FC5 89442418 mov dword ptr [esp+18], eax

:00403FC9 89442410 mov dword ptr [esp+10], eax

:00403FCD 89442414 mov dword ptr [esp+14], eax

:00403FD1 8D4C241C lea ecx, dword ptr [esp+1C]

:00403FD5 C68424C800000008 mov byte ptr [esp+000000C8], 08

:00403FDD E87ED4FFFF call 00401460

:00403FE2 50 push eax

:00403FE3 8D4C2418 lea ecx, dword ptr [esp+18]

:00403FE7 E86E030100 call 0041435A

:00403FEC 8D4C2414 lea ecx, dword ptr [esp+14]

:00403FF0 E8C9050100 call 004145BE

:00403FF5 8D4C2414 lea ecx, dword ptr [esp+14]

:00403FF9 E874BA0000 call 0040FA72

:00403FFE 8D4C2414 lea ecx, dword ptr [esp+14]

:00404002 E8B7BA0000 call 0040FABE

:00404007 8D4C241C lea ecx, dword ptr [esp+1C]

:0040400B E860D4FFFF call 00401470

:00404010 50 push eax

:00404011 8D4C2410 lea ecx, dword ptr [esp+10]

:00404015 E840030100 call 0041435A

:0040401A 8D4C240C lea ecx, dword ptr [esp+0C]

:0040401E E89BBA0000 call 0040FABE

:00404023 8D4C240C lea ecx, dword ptr [esp+0C]

:00404027 E846BA0000 call 0040FA72

:0040402C 8B4C240C mov ecx, dword ptr [esp+0C]

:00404030 8D442418 lea eax, dword ptr [esp+18]

:00404034 8DBECC000000 lea edi, dword ptr [esi+000000CC]

:0040403A 50 push eax

:0040403B 51 push ecx

:0040403C 8BCF mov ecx, edi

:0040403E E86DE0FFFF call 004020B0

:00404043 8D4C2418 lea ecx, dword ptr [esp+18]

:00404047 E872050100 call 004145BE

:0040404C 8B442418 mov eax, dword ptr [esp+18]

:00404050 8D542410 lea edx, dword ptr [esp+10]

:00404054 52 push edx

:00404055 50 push eax

:00404056 8BCF mov ecx, edi

:00404058 E8C3DEFFFF call 00401F20

:0040405D 8D4C2410 lea ecx, dword ptr [esp+10]

:00404061 E858050100 call 004145BE

:00404066 8D4C2410 lea ecx, dword ptr [esp+10]

:0040406A E803BA0000 call 0040FA72 <-----here type d eax to see the real serial

:0040406F 8D4C2410 lea ecx, dword ptr [esp+10]

:00404073 E846BA0000 call 0040FABE

:00404078 8B4C2414 mov ecx, dword ptr [esp+14]

:0040407C 8B542410 mov edx, dword ptr [esp+10]

:00404080 51 push ecx

:00404081 52 push edx

:00404082 E81F480000 call 004088A6 <---here it compare fake serial with the real

:00404087 83C408 add esp, 00000008 if its good than jump to thanks for register

:0040408A 85C0 test eax, eax     if bad than look down ;-)

:0040408C 0F84C1000000 je 00404153

:00404092 6A10 push 00000010

* Possible StringData Ref from Data Obj ->"Error !"

:00404094 6830214200 push 00422130

* Possible StringData Ref from Data Obj ->"Invalid Registration Code !"

:00404099 68CC224200 push 004222CC

:0040409E 53 push ebx

* Reference To: USER32.MessageBoxA, Ord:01BEh

now remember the serial you have fond enter it and is registered !

easy or ??? the program is registered  ;-) hope you find it useful ?

END NOTES


Special Thanks go to All [TNT MEMBERS] Keep it Real guys.

for more tutorials go here http://nemesis.ecard.ru

Nemesis]