				Cracking for Newbies  - by Dahood
                

Target: ADD Remove Plus 2002 version 3.1

Tools used: W32dasm
	    Hview

Protection: Nag screen + time trail


NOTE: This tutorial is not totally for newbies so i excpect that u know
1.how to use w32dasm
2.how to use hview (change,search,etc...)
3.Assembly

After u install the program open it and check the protection
how it works and everything u can.
Are u ready??? ok good

First let disassemble it
now we have to crack the nag screen and the time trail
what first ...... hmm lets do time trail 
k go to Debug--->load process and ---->autostepover after a bit the program will start 
or u can check the step into  so u can really trace it
now terminate

when u go back to w32dasm 
ull be here....

//******************** Program Entry Point ********
:00477CC0 55                      push ebp
:00477CC1 8BEC                    mov ebp, esp
:00477CC3 83C4F4                  add esp, FFFFFFF4
:00477CC6 B8687A4700              mov eax, 00477A68
:00477CCB E8BCE5F8FF              call 0040628C

* Possible StringData Ref from Code Obj ->"INSTALL.DA2"
                                  |
:00477CD0 B9687D4700              mov ecx, 00477D68

* Possible StringData Ref from Code Obj ->"INSTALL.DA1"
                                  |
:00477CD5 BA7C7D4700              mov edx, 00477D7C

* Possible StringData Ref from Code Obj ->"INSTALL.DA0"
                                  |
:00477CDA B8907D4700              mov eax, 00477D90
:00477CDF E8E0F9FFFF              call 004776C4-->calls the nag+checks if ur expired(the time trail period)
:00477CE4 84C0                    test al, al
:00477CE6 7471                    je 00477D59 ----->the try button if clicked enter the real prog
:00477CE8 A114914700              mov eax, dword ptr [00479114]
:00477CED 8B00                    mov eax, dword ptr [eax]
:00477CEF E8204EFDFF              call 0044CB14
:00477CF4 A114914700              mov eax, dword ptr [00479114]
:00477CF9 8B00                    mov eax, dword ptr [eax]

scroll down a bit till u see where the je 00477D59 (real program)


:00477D4D A114914700              mov eax, dword ptr [00479114]
:00477D52 8B00                    mov eax, dword ptr [eax]
:00477D54 E8534EFDFF              call 0044CBAC -->calls our program T this point it checked the time period

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00477CE6(C)
|
:00477D59 E8EEBAF8FF              call 0040384C

so what do u think ... here's what i think 
call 004776C4 calls both nag and time if we passed this call we should be fine 
and the program should start right away because nuthin is telling her their is a nag or
a time check so how do we do this
make it jump to the next line so:
:00477CDF E8E0F9FFFF              call 004776C4 
:00477CE4 84C0                    test al, al

will become

:00477CDF E8E0F9FFFF              jmp  00477CE4 
:00477CE4 84C0                    test al, al

easy.... change it in ur hexeditor and save it 
test it work. now change your system time and date 2 like 2 month from now
open the program what happened????



i hope i didnt confuse u and if u have any question, comments
my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com

i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there 
tutorials
also a big thanks to krobar's site http://zor.org/krobar
 
				Cracking for Newbies  - by Dahood1  59        	POP       ECX