Finding A Valid Serial For Quick3270 v2.63 URL 4 Target: http://members.aol.com/dneuhart/Quick3270.html
Howdy, a short tutorial on the bpm method of finding a valid serial in SoftICE. Enter your false details, the maximum serial length is twenty chars, so I entered: Name/Company: Educational Only Now enter SoftICE [Ctrl + D], and set a breakpoint on GetWindowTextA, bpx GetWindowTextA. Press [F5], and hit the [OK] button. SoftICE will break, however there are two edit boxes and the app has only read one of them, so press [F5] again, now press [F11] to return to the calling code. You can now disable this breakpoint (bd * or bc * to clear). We now need to search for the serial we entered to find where it is stored in memory, so do: s 0 l ffffffff "01234567898765432100". You may find more than one occurrence ( by pressing s ) but it is the first occurrence we are interested in. I find the following: Pattern found at XXXX:0065F898 (0065F898) So do a bpm 0065F898, to set a breakpoint on memory
on your serial, now press [F5] again. SoftICE should break again,
and you should land here: |
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
? ecx = "3210" , "3210" = "0123", the first 4 chars of your serial
reversed So disable your memory breakpoint, set a breakpoint on 41A55E ( bpx 41A55E) and replace the first four chars of your serial with the first four chars of the real serial, "0123", with "@EM9". Click [OK] and when SoftICE breaks, get the next four chars, and replace the relevant chars in your fake serial. For example I would replace "4567". Basically, you just repeat this method until you have a full serial, you could just disable and reenable the memory breakpoint, but you will create more unnecessary breaks, although doing that may suit you more :) This is not the only method either, but I wanted to show you this method, as it may save you some tracing. And I'm not going to give you a full serial either, that's for you to do :) Cya l8r, Greetz: Acid_Cool_178, Blind Angel, Cardenal Mendoza, Duelist, Eternal
Bliss, Gizmo, Intern, LaZaRuS, Lord Soth, Nitrus, Quantico, TeChNiCh,
Videk. And of course everyone in c.uk. |