SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING
EZView v1.0
A Cracking Tutorial
by ASTAGA [D4C/C4A]
DISCLAIMER
This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.
Read END NOTES section at the end of this file.
ABOUT THE PROGRAM
EZView, A shareware image viewer application which supports
the bmp/dib, gif, jpeg and ico image formats.
I have seem numerous image viewers but none of them provided
exactly what I wanted. For such a simple requirement some of
the viewer programs I have used were overly complicated or
had special requirements.
What I wanted was a nice flexible program, small in size, un
obtrusive and easy to use.
So with that in mind here is a list of EZView features:
o The size of EZView.exe itself is less than 100k meaning
the program loads up quickly and impacts system perfor
mance as little as possible.
o Slideshow support is provided with every image in a
directory being displayed one by one.
o The most common image formats e.g. bmp, jpeg and gif are
supported. Some programs try to support every file format
under the sun with support for formats which are you are
very unlikely to meet in day to day use.
o Full - screen mode is provided allowing you to preview
the image without having other windows interfering.
o ...and so on
WHERE TO DOWNLOAD
Author : PJ Naughter
Copyright : PJ Naughter
Homepage : http://www.naughter.com
URL : http://www.naughter.com/download/ezview.zip
Size : 49 KB as of January 01, 2001
Rel Date : 8 May 2000
HOW TO GET VALID SERIAL NUMBER by using SoftIce
1. Run EZVIEW.EXE, in the registration dialog box type these below
informations :
Name : Pirates Order
Code : 73881050
Do not click OK button yet
2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint
as follow :
BPX GetWindowTextA [enter] and
F5 to return to the main program
3. Now, click OK button... you'll return back into SoftIce!
In within SoftIce press F11, F5, F11, then F12 4 times until
you see and break at :
_______________________________________________________________
015F:00409125 E89C0A0000 CALL 00409BC6 <== break here
015F:0040912A 85C0 TEST EAX,EAX
015F:0040912C 744C JZ 0040917A
015F:0040912E 57 PUSH EDI
015F:0040912F E80C90FFFF CALL 00402140
015F:00409134 8BF8 MOV EDI,EAX
015F:00409136 8B4664 MOV EAX,[ESI+64]
015F:00409139 8D4E60 LEA ECX,[ESI+60] ==> ? eax
015F:0040913C 50 PUSH EAX
015F:0040913D 51 PUSH ECX
015F:0040913E 8BCF MOV ECX,EDI
015F:00409140 E81BB0FFFF CALL 00404160
015F:00409145 8BCF MOV ECX,EDI
015F:00409147 E834AFFFFF CALL 00404080 ==> F8
...
_________________________ EZVIEW!.text+8125 ___________________
Press F10 7 times - stop at 015F:00409139 - dump EAX Register
: ? 046755DA or ? EAX [enter]
046755DA 0073881050 " gU " ==> your fake code at virtual
0167:xxxxxxxxxxxx
Press F10 again and stop at 015F:00409147 - follow this CALL
function by pressing F8 key.
5. Here you're upon following CALL instruction 015F:00409147 :
cont'd
015F:00404080 6AFF PUSH FF
015F:00404082 6850A74000 PUSH 0040A750
015F:00404087 64A100000000 MOV EAX,FS:[00000000]
015F:0040408D 50 PUSH EAX
015F:0040408E 64892500000000 MOV FS:[00000000],ESP
015F:00404095 83EC14 SUB ESP,14
015F:00404098 56 PUSH ESI
015F:00404099 680C134100 PUSH 0041130C ****
015F:0040409E 8DB120010000 LEA ESI,[ECX+00000120]
015F:004040A4 6838104100 PUSH 00411038
015F:004040A9 8D44240C LEA EAX,[ESP+0C]
015F:004040AD 6830104100 PUSH 00411030
015F:004040B2 50 PUSH EAX
015F:004040B3 8BCE MOV ECX,ESI
015F:004040B5 E816310000 CALL 004071D0
015F:004040BA 681C114100 PUSH 0041111C ****
015F:004040BF 8D4C2408 LEA ECX,[ESP+08]
015F:004040C3 C744242400000000 MOV DWORD PTR [ESP+24],00000000
015F:004040CB E830570000 CALL 00409800
015F:004040D0 6A00 PUSH 00
015F:004040D2 6818114100 PUSH 00411118 ***
015F:004040D7 6830104100 PUSH 00411030 ***
015F:004040DC 8BCE MOV ECX,ESI
015F:004040DE E88D300000 CALL 00407170
015F:004040E3 8D4C2408 LEA ECX,[ESP+08]
015F:004040E7 8BF0 MOV ESI,EAX
015F:004040E9 E822D6FFFF CALL 00401710
015F:004040EE 8B4C2404 MOV ECX,[ESP+04]
015F:004040F2 C644242001 MOV BYTE PTR [ESP+20],01
015F:004040F7 8B41F8 MOV EAX,[ECX-08]
015F:004040FA 8D4C2404 LEA ECX,[ESP+04]
015F:004040FE 50 PUSH EAX
015F:004040FF 50 PUSH EAX
015F:00404100 E8F5560000 CALL 004097FA
015F:00404105 50 PUSH EAX
015F:00404106 8D4C2410 LEA ECX,[ESP+10]
015F:0040410A E871D6FFFF CALL 00401780
015F:0040410F 33D2 XOR EDX,EDX
015F:00404111 3BF0 CMP ESI,EAX ==> ? EAX
015F:00404113 0F94C2 SETZ DL
_________________________ EZVIEW!.text+310F ___________________
I won't explain you what should performed with that long
snippet codes. However, I put a hints so you can evaluate
what was inside. Keep an eye on Register and Data Windows.
Press F10 - stop at 015F:00404111 - check that EAX and
ESI registers :
:? esi
046755DA 0073881050 " gU " ==> your fake code
:? eax
59468D0F 1497795855 "YF " ==> your potential red code.
Write it down.
7. Disable all breakpoints by typing
BD * [enter]
Press F5 or X to return to the main program
8. Repeat registration procedure and keyed-in 1497795855 as
your S/N.
Click OK button ..... there you're registered.
9. Where the hell is my registration code is stored ??
The correct registration code is stored in the registry as
follows :
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\PJ Naughter\EZView\General]
"Name"="Pirates Order"
"ID"=dword:59468d0f
10. How can I practise with my own user name ?
- I strongly recommended you not to do this !
E N D N O T E S
Distributing your serial number is illegal and is no
different than distributing illegal
copies of the registered
software. Violation of
this rule may
result in
temporary or permanent revocation of this
license and cancellation of the
serial number;
the original licensee
will also be held responsible for
damages, physical and estimated.
Do not distribute your crack release based on this tutorial, because
you become a LAMER(s)!!!!!!!!
( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
personal computer, using Hex Editor, ripping off other group(s)
crack release, repacking (distro) them under his name.
Adopted from newsgroup alt.cracks, alt.crackers - February 1997 )
More about LAMER(s):
lamer /n./ [prob. originated in skateboarder slang]
Synonym for luser, not used much by hackers but common among warez
d00dz, crackers, and phreakers. Oppose elite. Has the same connota
tions of self-conscious elitism that use of luser does among
hackers.
< SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >
Never attribute to malice that which is adequately
explained by stupidity
ASTAGA [D4C/C4A] tute-ezview10.zip
[EOF] 1/2/01 4:33:58 PM