SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING Directory Printer 3.1 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM Directory Printer enables you to print or export directory listings, a capability which is not provided by Windows itself. Features include: * Print single directories or entire trees. When printing trees, the number of levels of subdirectories printed can be specified. * Choice of fields to print (long and short file name, size, date/time, attributes). * Sort by any of the above fields. * Prints total number and size of files. * Option to print summary listing (subdirectories only, without files). * Print in any of three different column formats, using any available font. * Ability to export to ASCII text or comma-delimited files, which can be imported into word processing, spreadsheet or database programs. WHERE TO DOWNLOAD Author : Glenn Alcott Copyright : GLENN ALCOTT SOFTWARE Homepage : http://www.galcott.com/default.htm URL : http://www.galcott.com/dp.htm http://www.galcott.com/dirprn31.zip Size : 495 kb as of Dcember 17,2000 Rel Date : July 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run DIRPRN.EXE, in the registration dialog box type these below informations : Code : 73881050 Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX messageboxa [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11, confirm OK when beggar-off message pops-up. Next, you'll returned back again into SoftICe and break at : ______________________________________________________________ 015F:0047DA7A E8699CF8FF CALL USER32!MessageBoxA 015F:0047DA7F 33C0 XOR EAX,EAX 015F:0047DA81 5A POP EDX 015F:0047DA82 59 POP ECX _________________________ DIRPRINT!CODE+0007CA7A _______________ Scroll up around 4-5 times ( Ctrl+PgUp ) until you see CALL instruction at 015F:0047D951. I told you this is a shortcut. Now, do these below followings : : bd 00 [enter] ==> no longer needed : bpx 015F:0047D951 [enter] Press X to let SoftIce break into new location ( Press OK button in the registration dialog box if necessary ). NOTE : Reader asked me why and how did I found that location ? First, after I got beggar-off message I break again in the MessageBoxA. Now press F10 and display every changes in the register flag, until you looped back to the codes before you saw MessageBoxA for the second time. To manage this, check several lines below the highlighted location you'd stopped by pressing Ctrl+PgDn key. Second, the shortcut way, is the way of thinking. The basic is that if we found and break at MEssageBoxA, there must be a routines which verify our name and/or fake codes. And if say so, it must be before the call of MessageBoxA - scrolling up from the location where you had stopped is the answer. Since then you have to follow your feeling ( aka Zen ) - if you can't inter pret the codes - and select/choose your desired CALL function to be breakpointed. Third, if you still don't understand, I dunno what to say. Read more tute and more practise. 5. If nothing goes wrong you'll break again at these below snippet codes : ___________________________________________________________________ 015F:0047D951 E806B3F8FF CALL 00408C5C <== here 015F:0047D956 8B45FC MOV EAX,[EBP-04] 015F:0047D959 50 PUSH EAX 015F:0047D95A 8D55F4 LEA EDX,[EBP-0C] 015F:0047D95D B8CCF42700 MOV EAX,0027F4CC 015F:0047D962 E8A9B4F8FF CALL 00408E10 015F:0047D967 8B55F4 MOV EDX,[EBP-0C] 015F:0047D96A 58 POP EAX 015F:0047D96B E84C66F8FF CALL 00403FBC 015F:0047D970 0F85F0000000 JNZ 0047DA66 _________________________ DIRPRINT!CODE+0007C951 ___________________ Break due to BPX #015F:0047D951 Press F10 2 times - stop at 015F:0047D959 - display EAX register :d eax [enter] ==> your fake code appear in the Data Window at virtual address 0167:00C05C1C Press F10 5 times - stop at 015F:0047D96A - display EDX register :d edx [enter] ==> there is 2618572 in the Data Window at virtual address 0167:00BF4348. Write down this suspicious number. You can continue tracing later on you'll see your fake code load into ECX register ( in reverse order ) and real code which also in reverse order until further you step passed JNZ instruction "beggar-off" message. 7. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Repeat registration procedure and keyed-in 2618572 as your S/N. Click OK button ..... there you're registered. 9. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 10. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-dirprint31.zip [EOF] 12/17/00 6:08:55 PM