SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING


CleanUp v1.9
A Cracking Tutorial 
by ASTAGA [WTF/TTM]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.
Read END NOTES section at the end of this file.



ABOUT THE PROGRAM 


What would you think of an application that automatically 
finds potentially useless files on your drives so you can 
deal with them all with just one click. 

You can identify useless files by extension type (*.tmp 
for example), exclude files of a certain name, protect fol
ders from being searched, search for zero-length files and
so on. You can even have CleanUp clean your Temp directori
es and purge your Netscape cache & URL history. You get to
review every file before any actions are taken. 
And if you are a little wary of deletions, you can simply 
direct CleanUp to move the files to a destination folder. 


Features :
o 


WHERE TO DOWNLOAD


Author   	: Paul Gerhart
Copyright	: Paul Gerhart
Homepage 	: http://www.worldlynx.net/pgerhart/_clean.html
URL		: http://www.winsite.com/info/pc/win95/dskutil
		  /cleanu19.zip
Size 		: 1.2 MB  as of December 26, 2000
Rel Date	: December 14, 2000




HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.  Run .EXE, in the registration dialog box type these below 
    informations :

	Name	 : Red Rackham
	Code    : 73881050 ( default is 8 characters )

    Do not click OK button yet
    

2.  Load SoftIce by pressing [ CTRL + D ], set a breakpoint as 
    follow :
    

	BPX hmemcpy     [enter]   and
   	F5  to return to the main program


3.  Now, click OK button... you'll return back into SoftIce!
    In within SoftIce press F11, F5, F11, then F12 11 times 
    until you see and break at :

	______________________________________________________________

	015F:0040AB4C  E891400000          CALL      0040EBE2
	015F:0040AB51  6A32                PUSH      32  ==> d ecx
	015F:0040AB53  8B4DFC              MOV       ECX,[EBP-04]
	015F:0040AB56  83C164              ADD       ECX,64 
	...

	_________________________ CLEANUP!.text+9B4C _______________

	While stay at 015F:0040AB51 - dump ECX register :

	: d ecx  [enter] ==> your name appear at virtual 0167:006654C0

	Now, let's do a search string for your fake code as follow :

	: bd *  [enter]  ==> no longer needed
	: bpx 015F:0040AB4C  [enter]
	: s 0 l fffffffffffffff '73881050'  [enter]
	Pattern found at 0167:00664340  <=== may differ in your PC
	
	Disable and create new breakpoint as follows :

	: bd *  [enter]
	: bpr 0167:00664340 0167:00664340+8  rw  [enter]
	Press F5  to let SoftIce break into new location


5.  If nothing goes wrong you'll break again at these below
    snippet codes : 

                     
	015F:78002E90  8B02   MOV       EAX,[EDX] 
	015F:78002E92  3A01   CMP       AL,[ECX] ==> D ECX ; D EDX
	015F:78002E94  7530   JNZ       78002EC6
	....
	_________________________ MSVCRT!.text+1E90 _________________

  	While break at   015F:78002E92 do these followings :            
                                                         
	:d edx	   did you see interesting  D7D8BD33 at virtual
		   address 0167:00665510 ?  write it down!

	:d ecx    your fake code at virtual address 0167:00664340


7.  Disable all breakpoints by typing 

	BD *   [enter]
	Press F5 or X to return to the main program
     

8.  Repeat registration procedure and keyed-in   D7D8BD33   as 
    your S/N. 
    Click OK button .....  there you're registered.


9.	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as
	follows : 
	REGEDIT4
	[HKEY_LOCAL_MACHINE\Software\Paul Gerhart Software\
	CleanUp\User]
	"Name"="Red Rackham"
	"Code"="D7D8BD33"


10.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [WTF/TTM/D4C/C4A] tute-cleanup19.zip
[EOF] First Edited : 12/27/00 6:08:55 PM
Updated : 1/16/01 11:49:06 PM ( for MoLoToV CoMpuTeR's )

History of BPX Listing for CleanUp v1.9 - ASTAGA [TTM]
00) * BPX KERNEL!HMEMCPY
01) * BPX #0001:00009B4C
02) * BPX #0001:0000E347
03) * BPR #0167:00664340 #0167:00664348 RW
04) * BPMB #0167:00664340 RW DR3