|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
iNTROdUCTION :
hi there and wellcome to another tutorial on how to crack !!!
for this tutorial i have found a very lovley program to crack ...( check the info above )...
i think thats all i have to say .....
pROCtECTION :
o.k ... as u can see after u install irfan view on the about screen it says registered to You ...( how nice !! )... but never the less there is in the help menu something called registration , and it needs a name and a code to register ...(i think u got the idea !!)... , but there is something else , the exe file is packed with aspack , but in this tutorial i will only use softice to find a serial for my name , so there is no need to unpack and dasming it !!!
|
|
o.k let's begin this crack !!!
installl irfan view , then run it , click on help\registration , and enter ur name and a dummy code in my case i put :
Name : FaT[BiT] \ TNT!
Code : 123456789
Now before u click on the o.k button get into softice by pressing [ctrl]+d , and set a breakpoint like this one bpx GetDlgItemTextA then press F5 to exit softice press the o.k button and softice will break , press F5 again - cuz the first break is for the name - softice will break again , press F11 to get the caller then press F10 until u reach the RET command then press F12 for i think ... wait ... yeah press F12 for 17 time and u will land at this code :
:004456E9 85C0 test eax, eax <-- check if we enter anything
:004456EB 0F84C6660000 je 0044BDB7 <-- if no (zero result) jump to err
:004456F1 8DBC2418140000 lea edi, dword ptr [esp+00001418] <-- else put name in edi ...( write d edi )...
:004456F8 83C9FF or ecx, FFFFFFFF <-- set ecx to -1
:004456FB 33C0 xor eax, eax <-- clear eax
:004456FD F2 repnz scasb <-- repeat scaning string of size byte while not zero
:004456FF F7D1 not ecx <-- change the value of ecx from -ve to +ve
:00445701 49 dec ecx <-- ecx = ecx - 1 (ecx--) in other words = length of our name
:00445702 83F902 cmp ecx, 00000002 <-- compare name length with 2
:00445705 0F8231010000 jb 0044583C <-- jump if below than 2 to error
:0044570B 8DBC2418140000 lea edi, dword ptr [esp+00001418] <-- again put name in edi
:00445712 83C9FF or ecx, FFFFFFFF <-- do the
:00445715 F2 repnz scasb <-- the same shit to get our
:00445717 F7D1 not ecx <--name length
:00445719 49 dec ecx <-- in ecx
:0044571A 83F955 cmp ecx, 00000055 <-- compare name length with 55h = 85d
:0044571D 0F8719010000 ja 0044583C <-- jump if above than 55 to error
:00445723 8DBC2418150000 lea edi, dword ptr [esp+00001518] <-- put our dummy code in edi ...( write d edi )...
:0044572A 83C9FF or ecx, FFFFFFFF <-- set ecx to -1
:0044572D 33D2 xor edx, edx <-- clear eax
:0044572F F2 repnz scasb <-- repeat scaning string of size byte while not zero
:00445731 F7D1 not ecx <-- change the value of ecx from -ve to +ve
:00445733 49 dec ecx <-- ecx = ecx - 1 (ecx--) in other words = length of our name
:00445734 85C9 test ecx, ecx <-- did u enter anything in the code box ?
:00445736 7E5A jle 00445792 <-- cuz if not then jump to error
:00445738 8A841418150000 mov al, byte ptr [esp+edx+00001518] <-- put a digit of our dummy code in al *start of loop*
:0044573F 3C30 cmp al, 30 <-- compare it with 30h = 1 as a char
:00445741 7C04 jl 00445747 <-- if it's less set ebx to 1
:00445743 3C39 cmp al, 39 <-- comapre it with 39h = 9 as a char
:00445745 7E05 jle 0044574C <-- if less or equal continue
:00445747 BB01000000 mov ebx, 00000001 <-- set ebx to 1
:0044574C 8DBC2418150000 lea edi, dword ptr [esp+00001518] <-- put our dummy code in edi
:00445753 83C9FF or ecx, FFFFFFFF <-- set ecx to -1
:00445756 33C0 xor eax, eax <-- clear eax
:00445758 42 inc edx <-- increment the counter
:00445759 F2 repnz scasb <-- <-- repeat scaning string of size byte while not zero
:0044575B F7D1 not ecx <-- change the value of ecx from -ve to +ve
:0044575D 49 dec ecx <-- ecx = ecx - 1 (ecx--) in other words = length of our name
:0044575E 3BD1 cmp edx, ecx <-- compare the length of our code in ecx with our counter
:00445760 7CD6 jl 00445738 <-- if less do the loop again
:00445762 85DB test ebx, ebx <-- check the value of ebx
:00445764 742C je 00445792 <-- if zero jump ...( we will jump this )...
...
:00445792 8D8C2418150000 lea ecx, dword ptr [esp+00001518] <-- put our dummy code in ecx
:00445799 8D942418140000 lea edx, dword ptr [esp+00001418] <-- put our name in edx
:004457A0 51 push ecx <-- store dummy code in stack
:004457A1 52 push edx <-- store name in the stack
:004457A2 E8293EFEFF call 004295D0 <-- call procedure to calcualte the real serial and return result in edx
:004457A7 83C408 add esp, 00000008 <-- add 8 to stack pointer
:004457AA 85C0 test eax, eax <-- check the value of eax
:004457AC 752C jne 004457DA <-- if not zero jump to error message
WOW !!! that was a long trace don't u think ....
one last thing i have to say , that when u r tracing with the F10 , and reach to address 004457A7 write in softice d edx
and u will see ur real code , so let's try it and ...
|
|
tKC ... (for showing me the light !! )
LW2000 ... ( Thanx alot i now use my brain )
[XasX] ... (a very good founder and a very good friend also!)
AzmO ... (yes!! man we are different !! )
Sir dReAm ... (i will be seeing u soon !! )
BoneZ ... (thanx alot for the support !!)
BillGameZ, VaibLitzeR, MezUz , and ShaQ ... (good luck to u all !! )
and to all TNT!CRACK!TEAM! members ... (keep up the good work !!)
any comments mail me : fattnt@yahoo.com
See ya in another tut !!! Soon !!!
--= EOF =--