WHY PATCHING WHILE SERIAL NUMBER IS FISHY

RegRun II v2.51
A Cracking Tutorial
by ASTAGA [D4C/C4A]


DISCLAIMER

This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.


ABOUT THE PROGRAM


RegRun II is an integrated suite of utilities that give you
the full control under Windows startup and guard you from
trojan programs.




WHERE TO DOWNLOAD


Author   	: Greatis Software
Homepage 	: http://www.greatis.com/regrun2.htm
URL		: http://www.greatis.com/regrun250.exe
Size 		: 902 KB  as of September 09,2000


HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.  Run REGRUN2.EXE, in the registration dialog box type these below
    informations :


	Name	: Erap
	Last	: Singson
	E-Mail	: jueteng@impeachment.ph
	Code   : 73881050

    Do not click OK button yet


2.  Fire up SoftIce by pressing [ CTRL + D ], set a breakpoint as follow :


	BPX hmemcpy     [enter]   and
   	F5  to return to the main program

3.  Now it's time to click OK button... you'll return back into SoftIce!
    In within SoftIce press F11, F5, F11, then F12 11 times until you
    see and break at :
	________________________________________________________________

	015F:0043007A  0400   	ADD       AL,00   <==== break here
	015F:0043007C  8D55E4	LEA       EDX,[EBP-1C]
	015F:0043007F  52		PUSH      EDX
	015F:00430080  8D45E0	LEA       EAX,[EBP-20]
	________________________________________________________________

	Clear previous breakpoint and follow these below steps :

	bc *  [enter]
	BPX 015F:0043007A  [enter]
	s 0 l ffffffffffffffffff e8 84 43 08 00  [enter]
	SoftIce will response :
	Pattern found at 0030:0043078F (0043078F)
	bpx 0030:0043078F  [enter]

    Press X or F5 to return to registration dialog box


4.  Click OK/REGISTER button.
    If nothing goes wrong you'll return into SoftIce and break at :

	______________________________________________________________

	015F:0043078F  E884430800	CALL      004B4B18  <== break here
	015F:00430794  8BD0       	MOV       EDX,EAX   <== d edx
	015F:00430796  FF8554FFF   	INC       DWORD PTR [EBP-00AC]
	015F:0043079C  8D45F8     	LEA       EAX,[EBP-08]
	015F:0043079F  E820440800  	CALL      004B4BC4
	015F:004307A4  FF8D54FFFF	DEC       DWORD PTR [EBP-00AC]
	015F:004307AA  8D4580    	LEA       EAX,[EBP-80]
	015F:004307AD  BA02000000  	MOV       EDX,00000002
	015F:004307B2  E8DD430800  	CALL      004B4B94
	015F:004307B7  66C78548FF	MOV       WORD PTR [EBP-00B8],00F8
	015F:004307C0  BAD4C34C00	MOV       EDX,004CC3D4

	_________________________REGRUN2!.text+0002F789_________________

	Break due to BPX #015F:0043078F
	Press F10 once, and display EDX register :

		d edx  [enter]
		Look at the Data Window, did you see  759888 at virtual
		address 0167:00CB81A8  ??
		Write down this suspicious reg code.

5.  Disable all breakpoints by typing

	BD *   [enter]
	Press X or F5 to return to registration dialog box


6.  Repeat registration procedure and keyed-in 759888 as your S/N
    Click OK/REGISTER button .....  ouchh! the screen splash and
    there is no classic message " thank you for regis.... " ?? .
    Just quit the application, re-run again the program, click
    HELP/ABOUT submenu.
    Simply, YOU'RE REGISTERED now... as a matter of fact it's
    ILLEGAL REGISTRATION!!!!!




END NOTES

   This program is sold as shareware, so you can try before you buy.
   This is convenient for you, saves expenses by dispensing with all
   that packaging, and cuts out the middle person.  So it is cheap,
   but it is not free.
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing:
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name.
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 )

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-regrun251.zip
[EOF] 10/31/00 3:42:43 AMde is stored ??