Cracking for Newbies - by Dahood Target: Advanced Image Viewer and Converter Version 1.6 Tools used: W32dasm Hview ProcDump32 Softice Protection: serial (keygen) NOTE: This tutorial is not totally for newbies so i excpect that u know 1.how to use w32dasm 2.how to use hview (change,search,etc...) 3.Assembly 4.Softice try to register and write lol or remmember the message that comes up Disassemble the program Right its packed and im not going to go into details i hate packed programs when u tried to disassemble u saw UPX0 UPX1 open it in hview and at the top it says upx 1.20 k so we know what is it packed with for most of the packed programs i use ProcDump open procdump and click on unpack , pick a file , pick upx .... anyways unpack it and save the unpacked to a different name like Build.exe check the properties of both files and see is they differe try to disassemble the unpacked file k good... now let search for incase u forgot "Invalid registration code!" u cant find it or find any good strings... ok use softice ,the same method u use when fishing for the serial , but we dont want the serial we want to make it a keygen (takes any serial we want). open the unpacked file and help -->Register Use any name u like and any number DONT HIT OK yet ctrl-d to get in softice bpx hmemcpy ----> breakpoint on api (works 99.9% of the time) ctrl-d to get out of softice now in the register box click ok u should break and be in softice d cx ------> name we entered F5 d cx ------> number we used ok this is what we want when it compares and jumps F11--> to get out of the call F10 or F12 till u see 32bit u should be here :005239BA mov edx,dword ptr [ebp-08] d edx--number we put F10 till :005239D5 call dword ptr [edx] ---> checks and generates :005239D7 test al,al :005239d9 je 00523a16 keep going till 00523a29 call 00452cc4 ---->calls the messagebox "wrong code" bd 0 ->disable the breakpoint now open the unpacked fine in ur fav hex editor and go to offset 122fd9 and if u dont know how to get the offset go to line 005239d9 in w32dasm and check the bottom so we know that at after :005239D5 call dword ptr [edx] it cmp and it jmps to wrong so i think u figured it out Note we are not fishin for the serial change :005239d9 je 00523a16 to :005239d9 jne 00523a16 f9 and f10 now open ur unpacked file and try to register now u can patch it... go to line Sorry, i know this tutorial has a lot of talking but there is a lot of thinking :) When u cant crack it dont give up there has to be another way ALWAYS This is tutorial # i cant remmember. i hope i didnt confuse u and if u have any question, comments my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there tutorials also a big thanks to krobar's site: http://zor.org/krobar Cracking for Newbies - by Dahood