WHY PATCHING WHILE SERIAL NUMBER IS FISHY


FineTune v1.5
A Cracking Tutorial 
by ASTAGA [D4C/C4A]



DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.



ABOUT THE PROGRAM 


FineTune is an easy-to-use System Utility for Windows. It enables 
you to set various Windows 'hidden' options to improve performance 
and  security, and customize Windows to suit your individual hard
ware, software, and operating style.

FineTune is the safe way to modify your Windows defaults, without 
the risks associated with uninformed use of the Regedit Tool.

Improve your system security, speed, and robustness.
You can use FineTune to adjust how Windows backs up your Registry; 
specifying additional files to back up. Set system security  
features to prevent other users tampering with your settings. 
Change the location of Windows default system folders . Customize 
Internet Explorer  and Outlook Express, and remove the 'Branding' 
provided by some ISPs. 'Supercharge' your Dial-up Networking  
settings - get  faster Internet access.  View and modify product 
defaults , including your Registered User Name and Computer Name. 
Easily add / remove programs  to run automatically at start up. 
Speed-up  the redrawing of your Desktop and Folder icons, and your 
modem's dialling speed. Optimize your Disk Cache, Manage a DNS 
HOSTS file, Manage multiple ISP Accounts and much more.


WHERE TO DOWNLOAD


Program :		FineTune
Ver :			1.50
Date :			24 September 2000
Copyright :		Business Software
Web :			http://www.bsoft.ic24.net/finetune.htm
Download :		http://www.bsoft.ic24.net/ftune150.zip
Author :		Eddie Bond
Status :		Shareware Evaluation (30 days)
Restrictions :	Delayed 'Nag' after extended unregistered period.
Platform :		Windows 98 or 95 (some options not available on 95).



HOW TO GET VALID SERIAL NUMBER by using SoftIce


In this tute I will not describe a step by step of tracing the
code, but directly to the address where the classic CMP instruct
ion were located.
However, I'll give you a hints what are breakpoints I have created
from the begining I trace the codes ; here they are :

  BPX USER32!GetDlgItemInt       BPX #015F:00471ABF
  BPX USER32!MessageBoxA         BPX #015F:00471AEB

I know these gonna useless because the address would be different
in your PC.  At the end of this tute I include how to reach the
a/m address' by doing a search string.  The above addresses are
very important because you'll see how the valid S/N is generated
based on your user name and always start with prefix 126x. 



1.	Run FINETUNE.EXE, when the nag pops-up click on ENTER REG CODE
	button. ( or click on REGISTER menu in the main program )
	In the registration dialog box type these below information :

	User Name : Pirates Order
	Company   : Caribbean Buccaneer 
	Reg Key   : 73881050

    	Do not click OK button yet


2.	Fire up SoftIce by pressing [ CTRL + D ], create a new breakpoint
	as follow : 

	BPX USER32!GetDlgItemInt [enter] and
   	F5  to return to the main program

3.	Now click OK button... you'll return back into SoftIce.
    	In within SoftIce press F11, F5, F11 then do a search string as
	follow : 

	: S 0 L  FFFFFFFFFFFFF  E8 0D 3D FA FF 8B 45 F4  [enter]
	SoftIce will response : 
	Pattern found at 0167:00471B2A (00471B2A)  
	Disable earlier breakpoint and set a new one as follow :

	: bd *  [enter]
	: bpx 0167:00471B2A  [enter]

	Press X or F5 to activate this new breakpoint.
	Repeat registration procedure if necessary.


4.	If nothing goes wrong you'll break at these below snippet codes :

	_______________________________________________________________

	015F:00471B24  8B80C4010000    MOV     EAX,[EAX+000001C4] 
	015F:00471B2A  E80D3DFAFF      CALL    0041583C <== break here
	015F:00471B2F  8B45F4          MOV     EAX,[EBP-0C] 
	015F:00471B32  33D2            XOR     EDX,EDX ==> D EAX
	015F:00471B34  E8BB48F9FF      CALL    004063F4 
	015F:00471B39  3BF8            CMP     EDI,EAX ==> ? EDI
	015F:00471B3B  0F94C3          SETZ    BL 
	.....
	.....
	______________________FINETUNE!CODE+00070B24____________________

	Break due to BPX #015F:00471B2A 
	Press F10 2 times - stop at 015F:00471B32 - display EAX register

	: d eax [enter] ==>	lookie the Data Window, your fake code  
				appear at virtual address  
				0167:01172754 . 

	Press F10 2 times again - stop at 015F:00471B39 - yeah whatta
	classic CMP instruction ...
	Let's check it out what are their contents :

	: ? edi  [enter]                                                                        
	00C0D00D 0012636173 " "  ==> posible valid reg.code, Write it
					 down !
	: ? eax  [enter]
	046755DA 0073881050 " gU "  ==> your fake code


5.	Disable all current existing breakpoint(s) :

	: bd *  [enter]
	: x or F5  to return to registration dialog box


6.	Repeat registration procedure, and keyed-in  12636173 
	as your registration key.
	Click OK button ....... you're registered ! see that
	your trial period is gone.


7.  	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as 
	follow : 
	REGEDIT4
	[HKEY_LOCAL_MACHINE\Software\Business Software\FineTune\1.50]
	"Name"="Pirates Order"
	"Company"="Carribean Buccaneer"
	"Serial"="12636173"
	"Top"="10"
	"Left"="10"
	"Log"=dword:00000001
	"FontName"="MS Sans Serif"
	"BGbmp"="Finetune"
	"LastPage"="6"
	"AutoDial"="1"
	"AutoDisconnect"="1"
	"CookiePath"=""
	"CleanTime"="0"



8.  How can I practise with my own name and reg. key ?

	-  I strongly recommended you not to do this !



END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-finetune150.zip
[EOF] 11/9/00 11:44:09 PM

  BPX USER32!GetDlgItemInt  ===> self explanatory
  BPX MessageBoxA           ===> self explanatory

  BPX #015F:00471ABF can reach by searching :
	s 0 l ffffffffffff  E8 78 3D FA FF 8B 45 F4

  BPX #015F:00471AEB can reach by searching : 
	s 0 l ffffffffffff  E8 68 1C F9 FF 8B F0