PATCHING IS TURNING UPSIDE DOWN LIMITED FEEATURE(s) Mass Renamer v4.0 (build 060100) A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM Mass Renamer is a utilitythat allows the user to rename multiple files throughout multipledrives and multiple directories,quickly and easily. MR includes a very simple easy to use Graphical User Interface meaning even the most novice of users can use it. The following can be achieved by using Mass Renamer: Rename files across multiple drives / directories and subdirecto ries Rename filenames to original plus a prefix ( eg: prefixORIG INAL.EXE ) Rename filenames to original plus a suffix ( eg: ORIG INALsuffix.EXE ) Rename filenames replacing a character with ano ther Rename the extension of filenames ( eg: FILE1.EXE ---> FILE1.COM ) Rename filenames to random strings but keep the file name extension ( eg: XLKDOR.EXE ) Rename filenames adding prefix incrementing value ( eg: 01ORIGINAL.EXE ) Rename filenames add ing suffix incrementing value ( eg: ORIGINAL01.EXE ) Rename file names to random integer but keep the filename extension ( eg: 02 49855.EXE ) Rename filenames to a base filename plus an incremen ting value ( eg: BASE01.JPG, BASE02.JPG ) WHERE TO DOWNLOAD Author : autoMATion_software Homepage : http://www.automation-software.co.uk URL : http://www.automation-software.co.uk/files/mrexe.zip Size : 300 KB as of 06/01/2000 HOW TO GET RID OF NAGGING SCREEN by using SoftIce This ver4.0 build 200400 rel April 20,2000 is slighty different with previous ver3.0 . They're no registration dialog box,except 3 nagging screens as follows : part 1 - opening nag part 2 - company logo part 3 - about licensing information What iam going to do are as follows : * to skip/remove opening nag screen * to delete shareware reminder in the company logo " You are entitled ....... " * to delete shareware reminder in the ABOUT nag screen Licence Information " This Product is a DEMO version ..." Tools required : * Hackers View ( HIEW ) or whatever your Hex Editor Rules : * No helps from WDASM at all ! So, there will be no dead listing ! * This tute will gonna be boring but who cares ... Let's dance, dance a cross the floor 1. Evaluate / run MASSREN.EXE, you'll faced the first nag screen. Click OK button, you'll see the company logo with shareware reminder " You are entitled .... " just wait a second and you're in the main program. Click on the top left corner check box, choose ABOUT submenu ... again you'll see Licence Information " This Product is a DEMO version ..." . Click OK to return to the main window, and press ALT+F4 to quit the program. 2. Load SoftIce by pressing [ CTRL + D ], set a new breakpoint as follow : BPX getdialogindirectparama [enter] and F5 to return to the main program Run MASSREN.EXE from your windows shell ( iam using Win Commander v4.03 ). Otherwise click on START/RUN [path] MASSREN.EXE then click OK 3. If nothing goes wrong you'll break at the location something like this : USER32!CreateDialogIndirectParamA 015F:BFF5125D B134 MOV CL,34 ... ... ( Note : You can also set BPX EnableWindow ) Press F12 once, click OK, and press F12 again until you see these below snippet codes : _______________________________________________________________ 015F:00402091 E89C2D0000 CALL 00404E32 <== break here 015F:00402096 8D4C2410 LEA ECX,[ESP+10] 015F:0040209A E8652E0000 CALL 00404F04 015F:0040209F 8B442414 MOV EAX,[ESP+14] ... ... ____________________ MASSREN!.text+1091 ______________________ Now we are in the prog's main code and you've just passed the first nag screen and break at 015F:00402091 for which this call actually finishes making the nag. Let's remove this nag by NOP'ing it this call instruction, and Disable / clear previous breakpoint and set a new one as follows : : bc * [enter] : bpx 015F:00402091 [enter] Press F5 and quit the program. 4. Re-run the program, and you'll return back into SoftIce and break ( again ) at 015F:00402091 . While at the memory location 015F:00402091 do these followings : : A [enter] 015F:00402091 nop [enter] 015F:00402092 nop [enter] 015F:00402093 nop [enter] 015F:00402094 nop [enter] 015F:00402095 nop [enter] 015F:00402096 ===> press ESC key Press F5 , did you see the nag ???? No ! except the company logo. Heres the result of what you've done : ... 015F:00402091 90 NOP 015F:00402092 90 NOP 015F:00402093 90 NOP 015F:00402094 90 NOP 015F:00402095 90 NOP 015F:00402096 8D4C2410 LEA ECX,[ESP+10] ... ____________________ MASSREN!.text+1091 ______________________ In normal case you have permanently change the bytes E89C2D0000 with 9090909090 by using Hex Editor. But, this time you don't have to because SoftIce has already done for you. WARNING : If you change your system date i.e one year ahead, the nag screen will re-appear again on your screen. So, you better manually hexedited the bytes at hex offset # 2091-2095 as follow : 00002091: E8 9C 2D 00 00 change to be 90 90 90 90 90 5. Let's continue with second assignment. Oh No! The shareware reminder is included/bitmaped in the company logo. I've viewed it thru BRW ( Borland Resource Workshop ). However, deletion can be made by using BRW concequently the prog's bytes long will be reduced. As a matter of fact, all unwanted string can be modified by using this good ol' BRW. For those who need BRW, download it from here : http://203.148.211.201/files/brw45.zip http://24.226.48.67/harvestr/brw45.zip http://www.ukrik.hr/~corleone/fajlovi/brw45.rar http://62.104.178.40/tbc/L2C/files/misc/brw45.zip http://www.fortunecity.com/victorian/brambles/38/brw45.zip http://www.fortunecity.com/skyscraper/java/769/dnld/brw45.zip 6. Last assignment , we are going to remove unwanted string in the HELP/ABOUT window that are : - This product is a DEMO version ; and - You are entitled to use it for ..... Unload SoftIce, from the shell type HIEW MASSREN.EXE then press [ENTER] key once. Press F7 key and type the search string as follows : ASCCII : T h i s HEX : 54 00 68 00 69 00 73 then press [enter] Here's what you looks like in HIEW : 0040BD60: 00 00 00 ..-00 00 00 00-69 00 3E 00 P i > 0040BD70: 6F 00 08 ..-82 00 62 00-75 00 69 00 o ___é b u i 0040BD80: 6C 00 64 ..-01 00 02 50-00 00 00 00 l d P 0040BD90: 2C 00 71 ..-F4 03 FF FF-82 00 54 00 , q É ___é T 0040BDA0: 68 00 69 ..-70 00 72 00-6F 00 64 00 h i s p r o d 0040BDB0: 75 00 63 ..-69 00 73 00-20 00 61 00 u c t i s a 0040BDC0: 20 00 44 ..-4F 00 20 00-76 00 65 00 D E M O v e 0040BDD0: 72 00 73 ..-6E 00 00 00-00 00 00 00 r s i o n Your cursor will blink at the "T" , press F3 key to switch into HEX mode , now you're at "54". Press UP arrow once and left arrow 3 times - stop at "50" . Change the byte "50" with "40" then press F9 to save your changes. Okay, you've just removing the string " T h i s p r o d ... " to be not appeared in the HELP/ABOUT screen. Let's continue again, now is the second task. Press F7 key and type the search string as follows : ASCCII : Y o u a r e HEX : 59 00 6F 00 75 00 20 00 61 00 72 00 65 then press [enter] 0040BDE0: 00 00 02 40-00 00 00 - ...C8 00 23 00 @ } + # 0040BDF0: FF FF FF FF-82 00 59 - ...20 00 61 00 ____é Y o u a 0040BE00: 72 00 65 00-20 00 65 - ...69 00 74 00 r e e n t i t 0040BE10: 6C 00 65 00-64 00 20 - ...20 00 75 00 l e d t o u Your cursor will blink at the "Y" , press F3 key to switch into HEX mode , now you're at "59". Press UP arrow once and left arrow 3 times - stop at "50" . Change the byte "50" with "40" then press F9 to save your changes. Okay, you've just removing the string " Y o u a r e ... " to be not appeared in the HELP/ABOUT screen. Well, finally they're all set. Press F10 to quit HIEW. 7. Re-run the program, click HELP/ABOUT menu .... that shit reminder is gone except that word " D E M O " . If you want to delete this word, do a search string like the above and change the bytes into 00 00 00 00 ( in Hex mode ! ). 8. Here is the complete patch listing : Difference(s) between massren.exe & massren.crk massren.exe 00002091: E8 90 00002092: 9C 90 00002093: 2D 90 00002094: 00 90 00002095: 00 90 0000BD8B: 50 40 0000BDE3: 50 40 9. Are you still disappointed with that company logo ? and would like to remove them all ? Let's do it , you're gonna destruct this program 100 % ...ehhh .... Load SoftIce again, set a breakpoint BPX LoadBitMapA [enter] and F5 to return to the main program Run the patched/cracked MASSREN.EXE , you'll break into SoftIce, press F12 3 times until you see these below snippet codes : 015F:004020B2 E899190000 CALL 00403A50 015F:004020B7 8B8E40030000 MOV ECX,[ESI <== break here 015F:004020BD 83C408 ADD ESP,08 ________________ MASSREN!.text+10B2 _______________________ The CALL instruction at 015F:004020B2 actually is the address where finishes making the nag. Do these followings before you quit the program : : bd * [enter] : bpx 015F:004020B2 [enter] Press X or F5 to return to the main program. Re-run the program, and you break at 015F:004020B2. Let's NOP'ing it ! While at the memory location 015F:004020B2 do these followings : : A [enter] 015F:004020B2 nop [enter] 015F:004020B3 nop [enter] 015F:004020B4 nop [enter] 015F:004020B5 nop [enter] 015F:004020B6 nop [enter] 015F:004020B7 ===> press ESC key Press F5 , did you see the nag ???? No ! You're directly in the main program right now. Heres the result of what you've done : ... 015F:004020B2 90 NOP 015F:004020B3 90 NOP 015F:004020B4 90 NOP 015F:004020B5 90 NOP 015F:004020B6 90 NOP 015F:004020B7 8B8E40030000 MOV ECX,[ESI+00000340] ... ____________________ MASSREN!.text+10B1 ___________________ Disable all breakpoints, press F5 and enjoy the program. Don't forget to permanently change the bytes thru your HEXEDITOR. At last, you will not see that company nag for the rest of your life. E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-massrenamer40.zip [EOF] 10/17/00 1:13:15 PM