WHY PATCHING WHILE SERIAL NUMBER IS FISHY


InfoClip v1.1.0
A Cracking Tutorial
by ASTAGA [D4C/C4A]


ABOUT THE PROGRAM 

InfoClip is a flexible, convenient utility program that enables you
to save selected text into user-defined project categories.  It was
designed to work with your Web browser to enable you to save text
from Web pages into related text files -- simply and easily.

InfoClip provides a fast, easy way for you to gather selected 
blocks of text as they're copied (with Ctrl-C or Ctrl-X) from any 
application -- without the need for tediously switching to a
text editor, creating a file, inserting the text, saving the file
and switching back.  With InfoClip, the blocks of text are
automatically collected and saved together in the InfoClip content
files that you specify.

InfoClip's features include:
 
 * A button for toggling the program between active and suspended 
   states, allowing you to easily control InfoClip's cut/copy 
   monitoring activity.
 
 * A choice of visual dividers (None, a Blank Line, Custom or 
   Date/Time) for clearly showing separation between blocks of 
   saved text.
 
 * An Auto-Save option which lets you specify whether InfoClip, 
   while in the active state, will ask you each time where you
   want to save the block of text or will automatically save it
   for you.
 
 * Easy creation of your own content files with names that have 
   meaning to you.



BACKGROUND INFORMATION


Program Name: InfoClip.exe
Platforms: Windows 95/98/NT
Free trial period: 30 days
Registration cost: $15 US$.
Current version: 1.1.0
Version date: 18-Jan-2000
(c)Copyright 2000 - Donth Technology Group 
Web site: www.donth.com
Author : Joseph L. Donth



HOW TO FISH SERIAL NUMBER by USING SOFTICE


1.  Run the program, click REGISTER button and keyed-in fake
    reg code = 73881050

    Do not click OK button yet.


2.  Load SoftIce and create a new breakpoint : 

	bpx hmemcpy
	Press F5

3.  Click OK button now, and you'll break in SoftIce again.
    Press F11 once and press F12 several times until you see
    this below snippet codes. 


	__________________________________________________________________
	
	015F:0044BF7E  E8F9EDFDFF 	CALL      0042AD7C   <== break here 
	015F:0044BF83  8B55D8    	MOV       EDX,[EBP-28] 
	015F:0044BF86  8B45F8	MOV       EAX,[EBP-08] <== d edx  
	015F:0044BF89  E8167AFBFF 	CALL      004039A4  
	015F:0044BF8E  C645F701  	MOV       BYTE PTR [EBP-09],01 
	........
	........ 
	________________________INFOCLIP!CODE+0004AF7E_____________________

 

	Break due to BPX KERNEL!HMEMCPY
	Break due to G 
 	: bd  *   [enter] 
	: BPX 015F:0044BF7E  [enter] 
	: Press F10 2 times and display EDX register,  your fake reg code 
        appear in the Data Window at virtual address 0167:00BCBEF0  .
	: BPM 0167:0167:00BCBEF0   [enter] 
	: Press X or F5


    You'll break again in SoftIce and see these below snippet codes :

	_________________________________________________________________

	015F:00403D05  8B0E                MOV       ECX,[ESI]    break
	015F:00403D07  8B1F                MOV       EBX,[EDI] <== here
	015F:00403D09  39D9                CMP       ECX,EBX <=== ? EBX
	015F:00403D0B  7558                JNZ       00403EED
	.....
	..... 
	__________________________ INFOCLIP!CODE+2D05  ___________________

	Break due to BPMB #0167:00BCBEF0 RW DR3 
	Press F10  once
	: ? ecx  [enter]
	: 38383337  0943207223  "8837"  ==> part of your fake code
	: ? ebx  [enter]
	: 33363130 0859189552 "3610"  ==> part of the real code 
      : d esi  [enter]  ===> your fake code at 
      : d edi  [enter]  ===> did you see   0163-2526-5556-8145 at
 			         0167:00BCAB24 . Write down this potential 
                             reg code.  Scroll up one line above you 
                             will see your own product ID ( in my case 
                             is 5550-9687-1223-8379 ) . 
	: bd *
	: F5  to return to registration dialog box


4.  Repeat registration procedures, and keyed-in  0163-2526-5556-8145 
    as your registration code. 
    You're registered. 


5.  Where the hell is my registration info is stored ??

	-  The correct registration code is stored in the HKCR and HKLM
	   registry as follows ( before it's registered ) :




6.  How can I practise with another registration key ?

	-  I strongly recommended you not to do this !


END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-InfoClip110.zip
[EOF] 10/31/00 6:32:06 PM