mIRC V5.4 for Win95/98 Cracked By Hambo.H Written By Hambo.H Date: Jun 28 1998 Select "Help"->"Register.." to Enter your name & Registration Code you like. Name: Hambo.H Registration Code: 12345-67890 I will tell you why I enter this registration code later. You can enter other, but it must include "-" this chars in REG Code. Press "CTRL-D" to return SOFTICE. Set BPX MESSAGEBOXA Return program. Press "Register!" botton. It will return SOFTICE. and press "F12" once. 0177:0043D335 PUSH 10 0177:0043D337 PUSH 004C5298 0177:0043D33C PUSH 004C5202 0177:0043D341 MOV EAX,[EBP+08] 0177:0043D344 PUSH EAX 0177:0043D345 CALL USER32!MessageBoxA 0177:0043D34A PUSH 00000083 <== return here 0177:0043D34F MOV EAX,[EBP+08] Use "Page Up" to browse. You will see following code. 0177:0043D255 PUSH 004D1B58 <== REG Code you enter. 0177:0043D25A PUSH 004D189C <== Your Name 0177:0043D25F CALL 0048EA40 <== check your REG Code. You See. 0177:0043D264 ADD ESP,08 0177:0043D267 TEST EAX,EAX 0177:0043D269 JZ 0043D300 <== Jump to show register fail message. 0177:0043D26F PUSH 004C81B8 0177:0043D274 PUSH 004C5196 Let's go in CALL 0048EA40 to see how to cal the real REG Code. 0177:0048EA4C PUSH EBX <== EBX = 004D189C Your Name 0177:0048EA4D CALL 004B3734 <== Cal your name's length 0177:0048EA52 POP ECX 0177:0048EA53 CMP EAX,05 0177:0048EA56 JAE 0048EA5C <== If length >=5 than Go on. 0177:0048EA58 XOR EAX,EAX 0177:0048EA5A JMP 0048EAD3 0177:0048EA5C PUSH ESI 0177:0048EA5D PUSH EBX 0177:0048EA5E CALL 0048E960 <== Cal and CMP REG Code & Name. 0177:0048EA63 ADD ESP,08 0177:0048EA66 TEST EAX,EAX 0177:0048EA68 JZ 0048EA71 <== If OK then set EAX = 1, Register Succeed. 0177:0048EA6A MOV EAX,00000001 0177:0048EA6F JMP 0048EAD3 <== Jump to Return CALL. 0177:0048EA71 PUSH ESI Let's go in CALL 0048E960, It is easy to understand how to Use Name to find out a code. 0177:0048E96C PUSH 2D <== Char "-" value 0177:0048E96E PUSH ESI <== SI = 004D1B58 REG Code you enter 0177:0048E96F CALL 004B36E0 <== find where is "-" in REG Code your enter, so we can know it is seperate code two parts. 0177:0048E974 ADD ESP,08 0177:0048E977 MOV EBX,EAX 0177:0048E979 TEST EBX,EBX 0177:0048E97B JNZ 0048E984 <== If can not find than it will go on to jump to return CALL, Register Fail 0177:0048E97D XOR EAX,EAX 0177:0048E97F JMP 0048EA36 0177:0048E984 MOV BYTE PTR [EBX],00 0177:0048E987 PUSH ESI 0177:0048E988 CALL 004B8AD0 <== Cal an value withfirst part code, and return in EAX. 0177:0048E98D POP ECX 0177:0048E98E MOV [EBP-04],EAX <== store EAX in [EBP-04] 0177:0048E991 MOV BYTE PTR [EBX],2D 0177:0048E994 INC EBX 0177:0048E995 CMP BYTE PTR [EBX],00 0177:0048E998 JNZ 0048E9A1 0177:0048E99A XOR EAX,EAX 0177:0048E99C JMP 0048EA36 0177:0048E9A1 PUSH EBX 0177:0048E9A2 CALL 004B8AD0 <== Cal an value with second part code, and return in EAX. 0177:0048E9A7 POP ECX 0177:0048E9A8 MOV [EBP-08],EAX <== store EAX in [EBP-08] 0177:0048E9AB MOV EAX,[EBP+08] 0177:0048E9AE PUSH EAX 0177:0048E9AF CALL 004B3734 <== Cal your name's length ......... Following code is cal two value with your name, and CMP them with [EBP-04] & [EBP-08], If OK than It show Register Succeed. So I dont list that code. Ok, Go on. Next Let's see the CALL 004B8AD0 that It is Cal an value with second part code. But I dont list the code. I use C language to show it. for (i=0;il1) j=0; } nz1=ebx; ebx=0; j=0; for (i=3;il1) j=0; } nz2=ebx; After calculate two value, you can use follow to calclate real REG Code. ebx = nz1; i=0; // or ebx = nz2; i=0; while (ebx>0) { ecx = ebx/10; ys = ebx-ecx*10; ebx = ecx; sn[i]=ys+0x30; i++; }