SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING
Registry Bookmarks v1.0
A Cracking Tutorial
by ASTAGA [WTF/TTM]
DISCLAIMER
This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.
Read END NOTES section at the end of this file.
ABOUT THE PROGRAM
Registry Bookmarks
Use the power of bookmarks to access your favorite
Registry keys.
Registry Bookmarks enables power users and developers to
quickly access their favorite Registry settings. You can
bookmark any key in the Registry and then access it
directly from the system tray. This powerful feature
allows you to create a set of Registry keys that you
frequently access eliminating the need to manually open
REGEDIT. The software comes with a set of predefined comm
only used keys. Registry Bookmarks uses the REGEDIT tool
so you don’t need to learn how to edit, delete or rename
Registry keys. Users that access the Registry on a daily
basis will find Registry Bookmarks to be a great time
saver.
WHERE TO DOWNLOAD
Author : 4Developers LLC
Copyright : 4Developers LLC
Homepage : http://www.4developers.com/regb
URL : http://www.4developers.com/software/regb.exe
Size : 172 KB as of 1/10/01
Rel Date :
HOW TO GET VALID SERIAL NUMBER by using SoftIce
There is no changes in the protection scheme since I met
this program 2 years ago. However, it's small, handy and
usefull utility program.
1. Run XMGR.EXE, in the registration dialog box type these
below informations :
Name : Red Rackham
Code : 73881050
Do not click UNLOCK button yet
2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as
follow :
BPX Getwindowtexta [enter] and
F5 to return to the main program
3. Now, click UNLOCK button... you'll return back into SoftIce!
In within SoftIce press F11, F5, F11, then F10 once until
you break at :
______________________________________________________________
015F:00402268 E8C3370000 CALL 00405A30 <==BREAK HERE
015F:0040226D 68B0814000 PUSH 004081B0
015F:00402272 8D4DE8 LEA ECX,[EBP-18]
015F:00402275 E8C4350000 CALL 0040583E
015F:0040227A C745FC00000000 MOV DWORD PTR [EBP-04],000
015F:00402281 8B00 MOV EAX,[EAX]
015F:00402283 68D0834000 PUSH 004083D0
015F:00402288 50 PUSH EAX
015F:00402289 FF15E0974000 CALL [004097E0]
015F:0040228F C745FCFFFFFFFF MOV DWORD PTR [EBP-04],FFF
015F:00402296 83C408 ADD ESP,08
015F:00402299 83F801 CMP EAX,01
___________________________ RBOOK!.text+1268 __________________
Create new breakpoint for later evaluation :
: bd * [enter]
: bpx 015F:00402268 [enter]
Press F10 6 times - stop at 015F:00402283 - dump EAX register
:d eax [enter] ==> Your name at virtual address 0167:0077025C
Now, do a search string for your fake code :
: s 0 l fffffffffffffff '73881050' [enter]
Pattern found at 0167:004082B0 (004082B0)
:bpr 0167:004082B0 0167:004082B0+15 rw [enter]
: press X or F5 to let SoftIce break into this location
4. If nothing goes wrong you'll break again at these below
snippet codes :
015F:780047F2 8B02 MOV EAX,[EDX]
015F:780047F4 3A01 CMP AL,[ECX] <== break here
015F:780047F6 7530 JNZ 78004828
015F:780047F8 0AC0 OR AL,AL
015F:780047FA 7429 JZ 78004825
015F:780047FC 3A6101 CMP AH,[ECX+01]
015F:780047FF 7527 JNZ 78004828
...
______________________ MSVCRT!.text+37F2 ___________________
Break due to BPR #0167:004082B0 #0167:004082C5 RW
While at 015F:780047F4 - dump EDX register :
: d edx [enter] ==> did you see 8266-pNNY%$ at virtual
0167:007742FC ?
Write it down this potential reg code.
5. Disable all breakpoints by typing
BD * [enter]
Press F5 or X to return to the main program
6. Repeat registration procedure and keyed-in 8266-pNNY%$ as
your S/N.
Click OK button ..... there you're registered.
7. Where the hell is my registration code is stored ??
The correct registration code is stored in the registry as
follows :
REGEDIT4
8. How can I practise with my own user name ?
- I strongly recommended you not to do this !
E N D N O T E S
Distributing your serial number is illegal and is no
different than distributing illegal
copies of the registered
software. Violation of
this rule may
result in
temporary or permanent revocation of this
license and cancellation of the
serial number;
the original licensee
will also be held responsible for
damages, physical and estimated.
Do not distribute your crack release based on this tutorial, because
you become a LAMER(s)!!!!!!!!
( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
personal computer, using Hex Editor, ripping off other group(s)
crack release, repacking (distro) them under his name.
Adopted from newsgroup alt.cracks, alt.crackers - February 1997 )
More about LAMER(s):
lamer /n./ [prob. originated in skateboarder slang]
Synonym for luser, not used much by hackers but common among warez
d00dz, crackers, and phreakers. Oppose elite. Has the same connota
tions of self-conscious elitism that use of luser does among
hackers.
< SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >
Never attribute to malice that which is adequately
explained by stupidity
ASTAGA [WTF/TTM/D4C/C4A] tute-regbookmark10.zip
[EOF] 1/11/01 4:44:14 PMions of self-conscious elitism that use of luser does among