SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING E-mail Man v1.0 A Cracking Tutorial by ASTAGA [WTF/TTM] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM Designed for small businesses that use e-mail lists, E-mail Man takes the chore out of sorting, extracting, and editing e-mail address. E-mail Man takes e-mail lists, like those created by Atomic Harvester or other e-mail extractors and manipulates those lists to remove duplicates, invalid char acters, words line "nospam", "maillist", "mailserve", etc. .. E-mail Man allows you to compare two lists so you can remove your unsubscribe customers. Features: Syntax Checker Word Search and Delete Compare Two Lists Transfer between Lists Import/Export Features Auto Search WHERE TO DOWNLOAD Author : DCM Software Copyright : DCM Software Homepage : http://www.dcmsoftware.bizland.com URL : http://www.dcmsoftware.bizland.com/mail10.zip http://www.dcmsoftware.bizland.com/mailman.html Size : 593 KB as of December 27,2000 Rel Date : December 11, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce How to not ( always ) depend on Razzia or CracKz' approaches, that's my intention in this tute. Imagine, you're somewhere else and need to crack a VB prog and you forgot that famous search ' comparison' strings and/or BPINT3'ing ? 1. Run EMAILMAN.EXE, in the registration dialog box type these below informations : Name : PIRATES ORDER Code : 7388105088 Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, then F12 12 times until you see and break at : __________________________________________________________ 015F:7B33154F E8F824FDFF CALL 7B303A4C 015F:7B331554 83BFF40D000000 CMP DWORD PTR [EDI+ 00000DF4],00 <== BREAK HERE ...... 015F:7B331593 5D POP EBP 015F:7B331594 C20C00 RET 000C 015F:7B34A5C0 E86F6FFEFF CALL 7B331534 015F:7B34A5C5 C20800 RET 0008 015F:00424BFD FF91A0000000 CALL [ECX+000000A0] 015F:00424C03 85C0 TEST EAX,EAX 015F:00424C05 7D18 JGE 00424C1F ==> jump ... ... ret jump 015F:00424C1F 8B55E8 MOV EDX,[EBP-18] <== 015F:00424C22 52 PUSH EDX ==> d edx 015F:00424C23 FFD7 CALL EDI 015F:00424C25 8BD0 MOV EDX,EAX ==> d eax 015F:00424C27 B93CA04200 MOV ECX,0042A03C 015F:00424C2C FFD6 CALL ESI 015F:00424C2E 8D4DE8 LEA ECX,[EBP-18] 015F:00424C31 FF1514D44200 CALL [0042D414] 015F:00424C37 8D4DE0 LEA ECX,[EBP-20] 015F:00424C3A FF1518D44200 CALL [0042D418] 015F:00424C40 681A820600 PUSH 0006821A cont'd 015F:00424C45 C7855CFFFFFF0200 MOV DWORD PTR [EBP-00A4] ,00000002 015F:00424C4F FF1540D24200 CALL [0042D240] 015F:00424C55 8BD0 MOV EDX,EAX ==> d eax 015F:00424C57 8D4DE4 LEA ECX,[EBP-1C] 015F:00424C5A FFD6 CALL ESI 015F:00424C5C BA9CB64000 MOV EDX,0040B69C 015F:00424C61 8D4DE8 LEA ECX,[EBP-18] 015F:00424C64 FF1594D34200 CALL [0042D394] 015F:00424C6A 8D855CFFFFFF LEA EAX,[EBP-00A4] 015F:00424C70 8D4DE4 LEA ECX,[EBP-1C] 015F:00424C73 50 PUSH EAX 015F:00424C74 8D55E8 LEA EDX,[EBP-18] 015F:00424C77 51 PUSH ECX 015F:00424C78 52 PUSH EDX 015F:00424C79 E8A2090000 CALL 00425620 015F:00424C7E 8BD0 MOV EDX,EAX ==> d eax 015F:00424C80 B96CA04200 MOV ECX,0042A06C 015F:00424C85 FFD6 CALL ESI 015F:00424C87 8D45E4 LEA EAX,[EBP-1C] cont'd 015F:00424C87 8D45E4 LEA EAX,[EBP-1C] 015F:00424C8A 8D4DE8 LEA ECX,[EBP-18] 015F:00424C8D 50 PUSH EAX 015F:00424C8E 51 PUSH ECX 015F:00424C8F 6A02 PUSH 02 015F:00424C91 FF1598D34200 CALL [0042D398] 015F:00424C97 83C40C ADD ESP,0C 015F:00424C9A 8D955CFFFFFF LEA EDX,[EBP-00A4] 015F:00424CA0 C7855CFFFFFF030 MOV DWORD PTR [EBP-00A4] ,00000003 015F:00424CAA 52 PUSH EDX 015F:00424CAB 686CA04200 PUSH 0042A06C 015F:00424CB0 684CA04200 PUSH 0042A04C 015F:00424CB5 E866090000 CALL 00425620 015F:00424CBA 8BD0 MOV EDX,EAX ==> d eax 015F:00424CBC B964A04200 MOV ECX,0042A064 015F:00424CC1 FFD6 CALL ESI 015F:00424CC3 A13CA04200 MOV EAX,[0042A03C] 015F:00424CC8 50 PUSH EAX ==> D EDX / EAX 015F:00424CC9 FFD7 CALL EDI 015F:00424CCB 8BD0 MOV EDX,EAX ____________________ EMAILMAN!.text+00023C87 __________________ Start from 015F:7B331554 , press F10 and stop at the address i've pointed out ... There are two RET command before you reach 015F:00424C22, while here dump EAX register : : d edx ==> Did you see 7.3.8.8.1.0.5.0.8.8. at virtual address 0167:0046E8A8 ? It's your fake code in wide format. Press F10 2 times - stop at 015F:00424C25 - dump EAX register : : d eax ==> Again your fake code in wide format, but now taking position at 0167:0046EC74 Press F10 10 times - stop at 015F:00424C55 - dump EAX register : : d eax ==> Did you see 4.2.6.5.2.2...0.8.8 at 0167: 0046E8A8 ?? what the heck is this ... Press F10 13 times - stop at 015F:00424C7E - dump EAX register : : d eax ==> Did you see 4.0.O.G.Y.1.0.5.3.D.X.3.D.V.X.X. at 0167:0046F554 ?? I don't know what is this maybe potential S/N maybe not ... observe by yourself . Press F10 16 times - stop at 015F:00424CBA - dump EAX register : : d eax ==> Did you see 1.3.D.D.-.D.9.1.2.-.6.8.1.4. -.A.4.A.2 at 0167:0046F588 ?? Get smile now .... Press F10 4 times - stop at 015F:00424CC8 - dump EDX and EAX registers : : d edx ==> Did you see this 1.3.D.D.-.D.9.1.2.-.6.8.1.4. -.A.4.A.2 at 0167:0046F588 ?? Write it down, and remove that prevailing dot sign (.) from every characters when keyed-in this potential s/n. : d eax ==> your fake code is looks like this in wide format 7.3.8.8.1.0.5.0.8.8 , it's at 0167:0046EC74 5. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 6. Repeat registration procedure and keyed-in 13DD-D912-6814-A4A2 as your S/N. Click OK button ..... there you're registered. 7. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ E-mail Man\Install] "Registered User"="PIRATES ORDER" "Installation Date"="02562/0" "Nr of Times operated"="/" "Registration Number"="06HH0C846197071E7@1" "Logon"="" 8. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [WTF/TTM/D4C/C4A] tute-lockdown11.zip [EOF] 1/7/01 2:16:34 AM Patching is EVIL ! KeyGen is DEVIL ! Serial Fishing is in BETWEEN !