WHY PATCHING WHILE SERIAL NUMBER IS FISHY


B-Puzzle v2.0
A Cracking Tutorial
by ASTAGA [WWF/WTF]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM


B-Puzzle is combination of sliding puzzle and jigsaw puzzle.
This game allows you to create sliding and jigsaw puzzles
with your own BMP and JPEG files. You can scramble them into
amount of pieces, from 9 to 400 pieces.

In addition, if you select sliding puzzle, you can also play
with alphabet and numeric puzzle. The object of these two games
is to rearrange all pieces so that they are in ascending order,
that is A, B, C, ... or 1, 2, 3, ....


WHERE TO DOWNLOAD

Author   	: Antony Pranata  ( IndoWarez )
Homepage 	: http://www.antonypr.pair.com/bpuzzle.html
URL		: maybe available in your CHIP CD 
Size 		: ???  KB  as of , 



HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.  Run the program, wait 5 seconds for the tick count, click
    REGISTER NOW button, type these below informations :

	User name : Chris Raw Jericho
	Reg code  : 73881050

    Do not click OK button yet.


2.  Load SoftIce then set a new berakpoint as follow :

	bpx getwindowtexta  [enter]
	F5  to return to prog's registration window


3.  Hit OK button, you'll return back in SoftIce.
    Press F11, F5, F11 until you break and found these below
    snippet codes : 

	_____________________________________________________________________

	015F:00402FB9  E8F6CF0500    CALL  USER32!GetWindowTextA <== HERE
	015F:00402FBE  8D45E8        LEA   EAX,[EBP-18]
	015F:00402FC1  50            PUSH  EAX 
	015F:00402FC2  8D55C8        LEA   EDX,[EBP-38] 
	015F:00402FC5  52            PUSH  EDX 
	015F:00402FC6  E8A9F4FFFF    CALL  00402474 
	015F:00402FCB  83C408        ADD   ESP,08 
	015F:00402FCE  8BF0          MOV   ESI,EAX 
	015F:00402FD0  8D4DF4        LEA   ECX,[EBP-0C] 
	....
	_________________________BPUZZLE!.text+1FB9__________________________

	Break due to BPX USER32!GetWindowTextA
	Press F10  - stop at 015F:00402FC1 - display EAX register :

	: d eax  [enter]  ==> your fake code appear in the Data Window
	
	Press F10 once - stop at 015F:00402FC2 - display EDX register :
	: d eax  [enter]  ==> your name appear in the Data Window
	
	Press F10 again - stop at 015F:00402FCB - did you feel a splash
	when jump over the CALL instruction at 015F:00402FC6 ?
	Lookie the Data Window ... at virtual address  0167:006BEB20
	did you see  91056598  ? 

	Press F10 once - stop at 015F:00402FCB - display EAX register,
	you'll see again  91056598 .  Don't you think this is a valid
	registration code ?  WRITE it DOWN !

	Disable current existing breakpoint
	: bd *  [enter]
	: F5    to return to main program
	: 


4.  Repeat registration procedure, keyed-in  91056598  as your 
    registration code.
    Click OK button ..... you're registered !


5.  Where the hell is my registration info is stored ??

	-  The correct registration code is stored in the BPUZZLE.
	   INI as follows :
	   [REGISTRATION]
	   NAME=Chris Raw Jericho
	   CODE=91056598

	   [BPUZZLE]
	   FIRST=1
	   COLOR=8421440
	   ...
	   ...

6.  How can I practise with another registration key ?

	-  I strongly recommended you not to do this !



END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-bpuzzle20.zip
[EOF] 11/3/00 5:33:03 PM 


.  This section is for 100 % NEWBIES :

	EAX=006BEB20   EBX=006BEECC   ECX=00000034   EDX=006BEA80   ESI=006BEF02        
	EDI=00000001   EBP=006BEB38   ESP=006BEAF0   EIP=00402FCB   o d I s z A P c     
	CS=015F   DS=0167   SS=0167   ES=0167   FS=0F6F   GS=0000                       
	ДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДbyteДДДДДДДДДДДДДДPROTДДД(0)ДД
	0167:006BEB00 43 68 72 69 73 20 52 61-77 20 4A 65 72 69 63 68  Chris Raw Jerich
	0167:006BEB10 6F 00 00 00 02 00 2A C0-00 00 05 00 8C 2D FF 16  o.....*......-..
	0167:006BEB20 39 31 30 35 36 35 39 38-00 EB 6B 00 37 33 38 38  91056598..k.7388 
	0167:006BEB30 31 30 35 30 00 EB 6B 00-44 EB 6B 00 76 92 42 00  1050..k.D.k.v.B. 
	0167:006BEB40 CC EE 6B 00 64 EB 6B 00-44 F8 42 00 CC EE 6B 00  ..k.d.k.D.B...k. 
	0167:006BEB50 8D 2F 40 00 00 00 00 00-00 00 00 00 01 00 00 00  ./@............. 
	...
	...
	______________________________________________________________________

ASTAGA [D4C/C4A] tute-bpuzzle20.zip
[EOF] 11/3/00 5:33:03 PM