SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING


File Edit 2000 v1.0 
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.
Read END NOTES section at the end of this file.



ABOUT THE PROGRAM 


A Windows™ notepad replacement with all the bells and whistles, 
and few surprise features at this price...

Major Features:	
			Advanced formatting controls
			Appearance customisation
			Automatic word count function
			Built-in calculator
			Insert file at cursor feature
			No file size limit	
			Save selected text to file feature
			System command line access
			System tray minimization
			Unix / Mac file import / export..plus more



WHERE TO DOWNLOAD


Author   	: G Pearson
Copyright	: G Pearson
Homepage 	: http://www.gpcom.f2s.com
URL		: http://www.simtel.net/pub/simtelnet/win95/editor
		  /fe2k_10.zip
Size 		: 800 KB  as of December 24,2000
Rel Date	: July 2000




HOW TO GET VALID SERIAL NUMBER by using SoftIce


I remind you that this program is packed with UPX v1.01,
and no unpacking procedure is taken in this tutorial.
An unexpected occurances might happen in your PC if you 
do not unpacking it them at first attemp.



1.  Run FILEEDIT.EXE, in the registration dialog box type these below 
    informations :

	Code    : 73881050  ( appear in the form ******** )

    Do not click OK button yet
    

2.  Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow :
    

	BPX hmemcpy     [enter]   and
   	F5  to return to the main program

3.  Now, click OK button... you'll return back into SoftIce!
    In within SoftIce press F5, then F12 11 times until you 
    see and break at :

	______________________________________________________________

	015F:00453573  E83C18FCFF    CALL   00414DB4  <== break here 
	015F:00453578  8B45F8        MOV    EAX,[EBP-08] 
	015F:0045357B  5A            POP    EDX ==> D EAX
	015F:0045357C  E80F03FBFF    CALL   00403890 ==> D EDX 
	015F:00453581  85C0          TEST   EAX,EAX 
	015F:00453583  751C          JNZ    004535A1
	015F:00453585  E83A4EFBFF    CALL   004083C4 


	_________________________ FILEEDIT!UPX0+00052573 _______________

	: bc 00  [enter] ==> no longer needed
	: bpx 015F:00453573  [enter]

	Press F10 2 times - stop at 015F:0045357B - display EAX register

	: d eax  [enter]  	see that fake code at virtual address
				0167:00BFD540  ??

	Now, take your time to scroll up ( Alt+PgUp ) one or two
	times - see that chronological order of sequence numbers
	- wasn't it too obvious ??
	Here what will you see in the Data Window :

	0167:00BFD410 34 30 35  2D 34 30  405568..FE201-40
	0167:00BFD420 36 35 36  30 37 35  6569..FE201-4075
	0167:00BFD430 37 30 0D  35 37 31  70..FE201-408571 
	0167:00BFD440 0D 0A 46  32 0D 0A  ..FE201-409572.. 
	0167:00BFD450 46 45 32  0A 46 45  FE201-410573..FE 
	0167:00BFD460 32 30 31  45 32 30  201-411574..FE20 
	0167:00BFD470 31 2D 34  30 31 2D  1-412575..FE201- 
	....
	....
	0167:00BFD530 00 00 00  00 00 00  ................ your fake    
	0167:00BFD540 37 33 38  C4 45 00  73881050.588`.E. <== code

	But, what is my real code anyway ?
	Press F10 once - stop at 015F:0045357C - display EDX
	register :

	: d edx  [enter]	see that FE201-315648 at virtual address
				0167:00BFD31C ??  again, several lines
				below are couples of another potential
				reg codes ...lookie at the prefix FE201.
				They're all starts with "FE201-", so 
				take one of them.
				Further, I think they're all hardcoded
				inside packed .EXE file.



5.  Disable all breakpoints by typing 

	BD *   [enter]
	Press F5 or X to return to the main program
     

8.  Repeat registration procedure and keyed-in FE201-412897  as 
    your S/N. 
    Click OK button .....  there you're registered.


9.	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as
	follows : 
	REGEDIT4
	[HKEY_CURRENT_USER\Software\Microsoft\Lod]
	[HKEY_CURRENT_USER\Software\Microsoft\Lod\Peel]
	"TimesUsed"="-1"

	Note : deletion over "TimeUsed" value will return the
	program unregistered.


10.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [D4C/C4A] tute-fileedit2k10.zip
[EOF] 12/24/00 2:53:38 AM