WHY PATCHING WHILE SERIAL NUMBER IS FISHY PasteLister Version 2.0 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM PasteLister is ideal for text/graphic editing (and Web forms) as it eliminates repetitive tasks. By storing data copied to the clipboard in a customizable list history, it allows you to easily paste data back to any application at any time. The basic idea behind PasteLister is that when you press CTRL-V (or the specified hotkey) to paste to an application, a pop-up list will appear under the cursor allowing you to choose from your customizable list. This way it conveniently stays out of your way until you NEED it. Easy to use, extremely flexible and powerful! WHERE TO DOWNLOAD Author : J. Elaraj ( Progency Software ) Homepage : http://www.progency.com URL : Size : 1.2 MB as of ,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. To enter the information, just click Help and Register! from the system tray icon menu (also find information about registering there as well). User Name : Pirates Order Reg Number : 73881050 2. Fire up SoftIce by pressing [ CTRL + D ], put a new breakpoint in this regard is HMEMCPY : BPX HMEMCPY [enter] and F5 to return to the main program 3. Click OK button... you'll return back into SoftIce. In within SoftIce press F11, F5, F11, then press F12 11 times until you break at and see these below snippet code : _____________________________________________________________ 015F:00488146 E8757AF9FF CALL 0041FBC0 <== break here 015F:0048814B 8B95F8FDFFFF MOV EDX,[EBP-0208] 015F:00488151 8D85FCFDFFFF LEA EAX,[EBP-0204] 015F:00488157 B9FF000000 MOV ECX,000000FF 015F:0048815C E843BBF7FF CALL 00403CA4 015F:00488161 8D85FCFDFFFF LEA EAX,[EBP-0204] 015F:00488167 5A POP EDX 015F:00488168 E8FF0A0000 CALL 00488C6C <== F8 here ... _______________________ PLISTER!CODE+00087146 _______________ Disable/clear previous breakpoint, and create a new like this bc * [enter] BPX 015F:00488146 [enter] <== just for further practise Press F10 and stop at 015F:00488161 , display EDX register : d edx [enter] Look at the Data Window, did you see your user name and fake code between virtual address of 0167:006FF7E1 and 0167:006FF8E1 ?? Press F10 again and stop at 015F:00488168, follow this CALL instruction by pressing F8 key. Keep on continue tracing the codes until you reach these below snippet codes : 015F:00488E2A E989000000 JMP 00488EB8 015F:00488E2F 8D85FCFDFFFF LEA EAX,[EBP-0204] 015F:00488E35 8D9500FEFFFF LEA EDX,[EBP-0200] 015F:00488E3B E82CAEF7FF CALL 00403C6C 015F:00488E40 8B85FCFDFFFF MOV EAX,[EBP-0204] 015F:00488E46 50 PUSH EAX <== D EAX here 015F:00488E47 8D85F4FCFFFF LEA EAX,[EBP-030C] ---------------- PLISTER!CODE+00087E2A ------------------- Stop at 015F:00488E46 and display EAX register : d eax [enter] Look at the DAta Window, that's your fake code at virtual address 0167:00C4699C Located it and create a new breakpoint as follow : bpr 0167:00C4699C 0167:00C4699C+12 rw [enter] Press X [enter] to let SoftIce break at new location SoftIce will response : Break due to BPR #0167:00C4699C #0167:00C469AE RW 4. If nothing goes wrong, you'll break in the memory location and see these below snippet codes : __________________________________________________________ 015F:00403DFF 7426 JZ 00403E27 015F:00403E01 8B0E MOV ECX,[ESI] <== you break here 015F:00403E03 8B1F MOV EBX,[EDI] 015F:00403E05 39D9 CMP ECX,EBX <== D EDI HERE ... ... ___________________PLISTER!CODE+2DFF______________________ Press F10 2 times and stop at 015F:00403E05 ... a CMP instruction ! Let us know what are the contents of ECX and EBX registers, in the Command Line type as follows : ? ecx [enter] SoftIce will response : 38383337 0943207223 "8837" ... wasn't it a part of your fake code in reverse order ? ? ebx [enter] SoftIce will response : 2D534C50 0760433744 "-SLP" ... what the hell is this ? Okay, don't be panic. Still in the Command Line type as follows : d edi [enter] Look at the Data Window at 0167:00C45A5C did you see PLS-1846-1260 ? d esi [enter] Look at the Data Window 0167:00C4699C did you see 73881050 ? Disable all breakpoints. Press F5 to return to the main program. 5. Repeat registration procedure. Keyed-in PLS-1846-1260 as your registration number, then click OK/REGISTER ME button. The classic " thank you for registering " pops up on your screen. Hell... you're registered now, but it's ILLEGAL !! 6. Where the hell is my registration info is stored ?? - The correct registration code is stored in the hidden file called ERROR24$.SYS at your Windows directory. 7. How can I practise with another registration key ? - I strongly recommended you not to do this ! END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-pastelister20.zip [EOF] 10/20/00 1:13:15 PM