SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING


E-mail Man v1.0
A Cracking Tutorial 
by ASTAGA [WTF/TTM]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.
Read END NOTES section at the end of this file.



ABOUT THE PROGRAM 


Designed for small businesses that use e-mail lists, E-mail 
Man takes the chore out of sorting, extracting, and editing 
e-mail address. E-mail Man takes e-mail lists, like those 
created by Atomic Harvester or other e-mail extractors and 
manipulates those lists to remove duplicates, invalid char
acters, words line "nospam", "maillist", "mailserve", etc.
.. E-mail Man allows you to compare two lists so you can 
remove your unsubscribe customers.
Features:
Syntax Checker 
Word Search and Delete 
Compare Two Lists 
Transfer between Lists 
Import/Export Features 
Auto Search 




WHERE TO DOWNLOAD


Author   	: DCM Software
Copyright	: DCM Software
Homepage 	: http://www.dcmsoftware.bizland.com
URL		: http://www.dcmsoftware.bizland.com/mail10.zip
		  http://www.dcmsoftware.bizland.com/mailman.html
Size 		: 593 KB  as of December 27,2000
Rel Date	: December 11, 2000




HOW TO GET VALID SERIAL NUMBER by using SoftIce


How to not ( always ) depend on Razzia or CracKz' approaches,
that's my intention in this tute. Imagine, you're somewhere
else and need to crack a VB prog and you forgot that famous 
search ' comparison' strings and/or BPINT3'ing ?



1.  Run EMAILMAN.EXE, in the registration dialog box type these 
    below 
    informations :

	Name	 : PIRATES ORDER
	Code    : 7388105088

    Do not click OK button yet
    

2.  Load SoftIce by pressing [ CTRL + D ], set a breakpoint as 
    follow :
    

	BPX hmemcpy     [enter]   and
   	F5  to return to the main program


3.  Now, click OK button... you'll return back into SoftIce!
    In within SoftIce press F11, F5, F11, then F12 12 times 
    until you see and break at :

	__________________________________________________________

	015F:7B33154F  E8F824FDFF       CALL      7B303A4C
	015F:7B331554  83BFF40D000000   CMP       DWORD PTR [EDI+
					    00000DF4],00 <== BREAK HERE
	......
	015F:7B331593  5D               POP       EBP
	015F:7B331594  C20C00           RET       000C
	015F:7B34A5C0  E86F6FFEFF       CALL      7B331534
	015F:7B34A5C5  C20800           RET       0008                              


	015F:00424BFD  FF91A0000000     CALL      [ECX+000000A0]
	015F:00424C03  85C0             TEST      EAX,EAX
	015F:00424C05  7D18             JGE       00424C1F ==> jump
	...
	...
								  ret jump
	015F:00424C1F  8B55E8           MOV       EDX,[EBP-18] <==
	015F:00424C22  52               PUSH      EDX ==> d edx
	015F:00424C23  FFD7             CALL      EDI
	015F:00424C25  8BD0             MOV       EDX,EAX ==> d eax
	015F:00424C27  B93CA04200       MOV       ECX,0042A03C
	015F:00424C2C  FFD6             CALL      ESI
	015F:00424C2E  8D4DE8           LEA       ECX,[EBP-18]
	015F:00424C31  FF1514D44200     CALL      [0042D414]
	015F:00424C37  8D4DE0           LEA       ECX,[EBP-20]
	015F:00424C3A  FF1518D44200     CALL      [0042D418]
	015F:00424C40  681A820600       PUSH      0006821A

	cont'd
	015F:00424C45  C7855CFFFFFF0200 MOV       DWORD PTR [EBP-00A4]
							,00000002
	015F:00424C4F  FF1540D24200     CALL      [0042D240]
	015F:00424C55  8BD0             MOV       EDX,EAX ==> d eax
	015F:00424C57  8D4DE4           LEA       ECX,[EBP-1C]
	015F:00424C5A  FFD6             CALL      ESI
	015F:00424C5C  BA9CB64000       MOV       EDX,0040B69C
	015F:00424C61  8D4DE8           LEA       ECX,[EBP-18]
	015F:00424C64  FF1594D34200     CALL      [0042D394]
	015F:00424C6A  8D855CFFFFFF     LEA       EAX,[EBP-00A4]
	015F:00424C70  8D4DE4           LEA       ECX,[EBP-1C]
	015F:00424C73  50               PUSH      EAX
	015F:00424C74  8D55E8           LEA       EDX,[EBP-18]
	015F:00424C77  51               PUSH      ECX
	015F:00424C78  52               PUSH      EDX
	015F:00424C79  E8A2090000       CALL      00425620
	015F:00424C7E  8BD0             MOV       EDX,EAX ==> d eax
	015F:00424C80  B96CA04200       MOV       ECX,0042A06C
	015F:00424C85  FFD6             CALL      ESI
	015F:00424C87  8D45E4           LEA       EAX,[EBP-1C]

	cont'd
	015F:00424C87  8D45E4           LEA       EAX,[EBP-1C]
	015F:00424C8A  8D4DE8           LEA       ECX,[EBP-18]
	015F:00424C8D  50               PUSH      EAX
	015F:00424C8E  51               PUSH      ECX
	015F:00424C8F  6A02             PUSH      02
	015F:00424C91  FF1598D34200     CALL      [0042D398]
	015F:00424C97  83C40C           ADD       ESP,0C
	015F:00424C9A  8D955CFFFFFF     LEA       EDX,[EBP-00A4]
	015F:00424CA0  C7855CFFFFFF030  MOV       DWORD PTR [EBP-00A4]
						       ,00000003
	015F:00424CAA  52               PUSH      EDX
	015F:00424CAB  686CA04200       PUSH      0042A06C
	015F:00424CB0  684CA04200       PUSH      0042A04C
	015F:00424CB5  E866090000       CALL      00425620
	015F:00424CBA  8BD0             MOV       EDX,EAX ==> d eax
	015F:00424CBC  B964A04200       MOV       ECX,0042A064
	015F:00424CC1  FFD6             CALL      ESI
	015F:00424CC3  A13CA04200       MOV       EAX,[0042A03C]
	015F:00424CC8  50               PUSH      EAX ==> D EDX / EAX
	015F:00424CC9  FFD7             CALL      EDI
	015F:00424CCB  8BD0             MOV       EDX,EAX

	____________________ EMAILMAN!.text+00023C87 __________________


	Start from 015F:7B331554 , press F10 and stop at the address
	i've pointed out ... 
	There are two RET command before you reach 015F:00424C22, 
	while here dump EAX register : 

	: d edx  ==> 	Did you see 7.3.8.8.1.0.5.0.8.8. at virtual 
			address 0167:0046E8A8 ?
			It's your fake code in wide format.

	Press F10 2 times - stop at 015F:00424C25 - dump EAX	
	register :

	: d eax  ==> 	Again your fake code in wide format, but now
			taking position at 0167:0046EC74


	Press F10 10 times - stop at 015F:00424C55 - dump EAX	
	register :

	: d eax  ==> 	Did you see 4.2.6.5.2.2...0.8.8 at 0167:
			0046E8A8 ??  what the heck is this ... 

	Press F10 13 times - stop at 015F:00424C7E - dump EAX	
	register :

	: d eax  ==> 	Did you see 4.0.O.G.Y.1.0.5.3.D.X.3.D.V.X.X.
			at 0167:0046F554 ?? 
			I don't know what is this maybe potential S/N
			maybe not ... observe by yourself .


	Press F10 16 times - stop at 015F:00424CBA - dump EAX	
	register :

	: d eax  ==> 	Did you see 1.3.D.D.-.D.9.1.2.-.6.8.1.4.
			-.A.4.A.2  at 0167:0046F588 ??
			Get smile now .... 


	Press F10 4 times - stop at 015F:00424CC8 - dump EDX and EAX
	registers :

	: d edx  ==> 	Did you see this 1.3.D.D.-.D.9.1.2.-.6.8.1.4.
			-.A.4.A.2  at 0167:0046F588 ??
			Write it down, and remove that prevailing dot
			sign (.) from every characters when keyed-in
			this potential s/n.

	: d eax  ==> 	your fake code is looks like this in wide format
			7.3.8.8.1.0.5.0.8.8 , it's at 0167:0046EC74



5.  Disable all breakpoints by typing 

	BD *   [enter]
	Press F5 or X to return to the main program
     

6.  Repeat registration procedure and keyed-in 13DD-D912-6814-A4A2
    as  your S/N. 
    Click OK button .....  there you're registered.


7.	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as
	follows : 
	REGEDIT4
	[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\
	E-mail Man\Install]
	"Registered User"="PIRATES ORDER"
	"Installation Date"="02562/0"
	"Nr of Times operated"="/"
	"Registration Number"="06HH0C846197071E7@1"
	"Logon"=""


8.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [WTF/TTM/D4C/C4A] tute-lockdown11.zip
[EOF] 1/7/01 2:16:34 AM
	Patching is EVIL !
	KeyGen is DEVIL !
	Serial Fishing is in BETWEEN !