SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING. RegSpanner v1.04 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM RegSpanner – a Windows 98 tweaking utility. With RegSpanner it is possible to customise your Windows 98 user interface. You can: · Remove unwanted items from the Start Menu, Desktop, Control Panel etc. · Fine tune many aspects of the system performance · Add extra functionality to menus · Restrict access to certain parts of the computer · Speed up Dial-up Internet connections (beta) · …..plus many other enhancements In this release of RegSpanner there are over 100 different things you can customise. In future versions I am hoping to add a great deal more features to further enhance the Windows 98 operating system. A Windows NT version will also be available and hopefully support for Windows 2000 and Windows ME. Most features will work with Windows 95, but some options are Windows 98 dependen WHERE TO DOWNLOAD Author : Nick Dilley Homepage : http://www.regspanner.com URL : http://www.regspanner.fsnet.co.uk/binary/regsp104.zip Size : KB as of ,2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce This is a Visual Basic 6 based program. Before you apply this tutorial you better edit your WINICE.DAT and enable MSVBVM60.DLL export statement accordingly. First, I thought this program is tough because he won't break using common breakpoint(s) such as VBASTRCAT, VBASTRMOVE, VBASTRCOMP, RTCMSGBOX, VBAHRESULTCHECKOBJ, vbaVarTextTstEq ,ETC. Until I dediced to use old weapon MULTIBYTETOWIDECHAR with doubt to succeed finding correct serial number. Second, to my surprise by only pressing F10 once and scroll up several lines the codes are lying there side by side with the fake code. Facing this fact, I just think defeating CRACKMEs more challenging rather this prog .... blah bleh bloh . Third, this package requires the Microsoft Windows Installer. Internet Explorer 5 and Office 2000 come with this installer, but if you do not have it, it can be downloaded from : http://download.microsoft.com/download/platformsdk/ wininst/1.1/W9X/EN-US/InstMsi.exe Forth, later on I realized I better utilize WinBoost or InternetTweak2000 ( Magellass Corp ) rather than Nick Dilley' ..... 1. Run REGSPANNER.EXE, click OPTION tab , in the registration dialog box type these below informations : User name : Pirates Order Auth. Number : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX MultiByteToWideChar [enter] and F5 to return to the main program 3. Now it's time to click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11 once until you see these below snippet codes : ______________________________________________________________ 015F:6601B510 FFD6 CALL ESI 015F:6601B512 8B45FC MOV EAX,[EBP-04] <== break here 015F:6601B515 5F POP EDI ===> D EAX 015F:6601B516 5E POP ESI _____________________MSVBVM60!.text+0001A510___________________ Break due to BPX KERNEL32!MultiByteToWideChar Break due to G Press F10 once - stop at 015F:6601B515 - and display EAX register : : d eax [enter] ==> your name appear in the Data Window @0167:0048EDC0 . Remember they're in wide format as look like this : 0167:0048EDC0 00690050 200073 P.i.r.a.t.e.s. . 0167:0048EDD0 0072004F 000024 O.r.d.e.r...$... 0167:0048EDE0 00000018 650074 ....P.i.r.a.t.e. 0167:0048EDF0 00200073 000000 s. .O.r.d.e..... 0167:0048EE00 A00E1205 000000 ......G.<.G..... Now, scroll up ( CTRL+PgUp ) once , as I told you before .... there your real serial number 16f261e30202L29351-2961 at the virtual address 0167:0048ED20 . One or two line above is your fake code : 0167:0048ECD0 00470AB4 ... A0000026 ..G.f.2...H.&... 0167:0048ECE0 0000001A ... 00650074 ....P.i.r.a.t.e. 0167:0048ECF0 00200073 ... 00000072 s. .O.r.d.e.r... 0167:0048ED00 A0000024 ... 00380038 $.......7.3.8.8. 0167:0048ED10 00300031 ... 00650064 1.0.5.0...r.d.e. 0167:0048ED20 00000000 ... 00360031 ....D.......1.6. 0167:0048ED30 00320066 ... 00320030 f.2.6.1.e.3.0.2. 0167:0048ED40 00320030 ... 00310035 0.2.L.2.9.3.5.1. 0167:0048ED50 0032002D ... 00000000 -.2.9.6.1....... 0167:0048ED60 00000000 ... 0047090C ........Q.....G. ____________________ MSVBVM60!.text+0001A510 _________________ If you failed getting this figure, don't be panic, just press X or F5 key followed with F11 and repeat step#3 above. Repeat them several times if necessary. 4. Disable all breakpoints by typing BC * [enter] Press F5 or X to return to the main program 5. Repeat registration procedure and keyed-in 16f261e30202L29 351-2961 as your S/N . Click OK/REGISTER button ..... ouchh! the screen splash and classic message " thank you .... " . 6. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_LOCAL_MACHINE\Software\RegSpanner] "RegisteredTo"="Pirates Order" "RegistrationNo"="16f261e30202L29351-2961" ;"RegisteredTo"="The Burning Cable Car at Kitzsteinhorn" ;"RegistrationNo"="33v350h29233o16350-3859" 7. How can I practise with my own reg. key ? - I strongly recommended you not to do this ! END NOTES Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [D4C/C4A] tute-regspanner104.zip [EOF] 11/12/00 5:33:03 PM