--cut here---------------------------------------------------------------------- PrivateEXE v2.2 for Win'9X/NT - How to crack it Target: PrivateEXE v2.2 for Win'9X/NT WWW: http://www.midstream.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- (TNT) Protections to remove: nag, bypass window, others Used tools: W32Dasm & Hacker's View (backgrounded by Windows Commander 4.03) ---------------- This info is for personal use and can not be forbidden by anyone! If someone tries, sure is on black side (men from govern, army, sservices or another Satan crazy instruments). I'm for free & freedom in any domain, we can do it, we need only love & God. If older generations cannot understand, their minds are on black side, too. ---------------- Hi, guys, I'm back! Now we have a nice proggie here, this Private. After instalation, we quickly observe that the setup it has dropped the principal files in subdirectory you named and 2 others in C:\WINDOWS\SYSTEM, 006.dll and 007.dll. I delete the file 006.dll. We have no interest in it and Private & passworded progs works without it. Fast observer: on program entry we take a look and we notice 2 things: a nice (^&(**!@?zbang) NAG and disturbing titlebar EVALUATION COPY. If we make a passworded program, we also observe 2 things: mess in titlebar and a bypass window sometimes sticked by the normal (at random). Let's do this babe! Search in Private (a copy of it, for example y.exe) after word "f e e" (with 00 between characters) from NAG, you see it, no? Bingo, found word on hiew 14F44 (nice weird e). We make 82 -> 7E trick, so, we put instead 82 -> 7E. Ok, test, right, NAG's gone forever. Bye-bye, babe! Search now for C O P Y (with 00 between). Bingo! We found it on hiew 13C8C. We put 20,20,20... (spaces) instead characters, don't modify 00s between! Now we take a general look at this program, looks nice, like a regged one! The author says in his help that we don't have time limit anyway, we believe it! One remain to go! Now we remark that words from bypass window (uggly thing, bleah!) looks like that "the button below..." tralala, are in 007.dll, if we search after them, how I did (word " b e l o w" with 00 between - in hiew). So, we must dissasemble this babe, 007.dll with W32Dasm 8.93. Do it! Quick job! Hmmm... We are smarts, guys, ha? Cause we are crackers! So, what we think? We think, no? Brain is around, good to have it! We think that program use a random time calculation based on clock, most probably. So we must find a function about time, if we are lucky. I'm sure is something in connection with time! Let's search for this, first: GETLOCALTIME. ALT-F-S, write this word, Ok. Yoopie! We found at w32dasm adress 10001980 (remember, we are in 007.dll) reference about this. First GETLOCALTIME was in the text before code, so we are not interested about that. So, from here seems to be calculations about random time and when appear that *$&#@zbang! BYPASS WINDOW! And no GETLOCALTIME in other place. Let's try! Quick modification (we go out from w32dasm) on 1001980, meaning hiew D80 - 83 -> C3 (return to base fast as you can!). Let's passwording a program! Test and YABADABADOOO!!! Working like clock! Fine job, Johnny boy! The BYPASS WINDOW don't appear even after many, many tries, and of course, will not be around forever! We still have these words in passworded program - EVALUATION COPY. Quick search, found on hiew 5546 (007.dll, for sure!). Space them forever! Now, appears that my job is done! What I want to point is next: when cracking a program, creative, intuitive and sharpened approach is welcomed! So you better think a little, before shot with modifications all around! Methodic, clean and disciplinated habits if you have, thats very helpfull too! Note every modification (and the reason - logical step) on a notebook. In time you will observe that for cracking, also can be defined a few methods (logical approach) but also creative and innovative thinking is neccesary. PS. Because a one who thinks that is a smart guy can take a original 007.dll from setup of Private and replace yours and bypass your passworded program we make a final move: - rename for example 007.dll -> sys.dll and in pexe32.exe (or how you have the cracked file - y.exe) at hiew 103EB put instead 007 -> sys. Delete old pasworded program and make a new one. Now this works with the help of our cracked sys.dll (old 007.dll). Ok! Job done! PS 2. I recommand that pexe32.exe, sys.dll and the passworded program to be crypted or packed by you with a specialized program for more safety. Keep a clean orginal unpasworded exe of the program to be passworded, also! ---------------- Greets: tKC (my love too!), CIA, TNT, PC, CORE, all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. Love you all (but you must be a good soul!). Romanian Greets: Salutari tuturor crackerilor din Romania! Mergeti inainte, o sa ne astepte si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time!!! God is love! E-mail: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ -----cut here-------------------------------------------------------------------