SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING ImageNameChanger v1.1.01 A Cracking Tutorial by ASTAGA [WTF/TTM] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM Sie haben jede Menge von Bildern in einem Verzeichnis die Sie von Ihrer Digitalkamera oder vom Internet geladen haben. Die Bilder aus dem Internet haben meistens bedeutungslose Namen die nur schwer auf den Inhalt der Datei weisen und diejenigen von Digitalkameras sind sowieso von 001.jpg bis unendlich dur chnummeriert. Ein umbenennen der Bilder in einem Explorer oder einem Bildbea rbeitungsprogramm erfordert jedes Mal mehrer Tastatur- und Ma usklicks und nicht wenig Zeit. ImageNameChanger ändert den Nam en der Bilder einfach und unkompliziert. o I don't even understand one word ... Scheisse !!! o WHERE TO DOWNLOAD Author : Jürgen Walter Copyright : Jürgen Walter Homepage : http://www.jw.ms/Hauptseite.htm URL : http://www.jw.ms/INC/inc.exe Size : 1.5 MB as of 1/23/01 Rel Date : April 26, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce This is a VB6 based program. Before you apply this tute please check your WINICE.DAT, make sure that MSVBVM60.DLL export state ment is enable ( unmarked ). Secondly, as I always remind you when cracking VB program, don't even hesitate to try common breakpoint within SoftIce first instead of using SmartCheck. In this case you can set breakpoint i.e __vbaHresultCheckObj , __vbavaradd, rtcmsgbox, rtcinputbox or old weapon MultiByteTo WideChar, etc., where SoftIce can break into. And last thing is trace the codes patiently and thoroughly, once you notice your fake code appear in the Data Window - scrollup/down data window screen - most of the time the real code in wide format is laying there. Third, read useful VB crack tute made by Razzia, CrackZ, T@r nado, and Eternal_Bliss. IT IS A MUST ! Search them at DaPopes and/or Krobar websites. 1. Run INC.EXE, in the registration dialog box type these below informations : Name/Firma : Pirates Order Ort : [TTM] <== can be anything you like Registrierung sschlussel : 73881050 Do not click REGISTRIEREN button yet ( hereinafter refered to as OK button ) 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, F5, F11 then F12 12 times until you see and break at : _______________________________________________________________ 015F:6602D252 E81259FFFF CALL 66022B69 <== break here 015F:6602D257 83BE400E000000 CMP DWORD PTR [ESI+00000E40],00 015F:6602D25E 0F854ACC0000 JNZ 66039EAE 015F:6602D264 85C0 TEST EAX,EAX 015F:6602D266 0F8C4DCC0000 JL 66039EB9 015F:6602D26C FF7510 PUSH DWORD PTR [EBP+10] 015F:6602D26F FF750C PUSH DWORD PTR [EBP+0C] 015F:6602D272 E83E010000 CALL 6602D3B5 015F:6602D277 837D0C00 CMP DWORD PTR [EBP+0C],00 015F:6602D27B 8BF0 MOV ESI,EAX 015F:6602D27D 7411 JZ 6602D290 015F:6602D27F FF750C PUSH DWORD PTR [EBP+0C] 015F:6602D282 6A00 PUSH 00 015F:6602D284 FF35C0F61066 PUSH DWORD PTR [6610F6C0] 015F:6602D28A FF15C4100066 CALL [KERNEL32!HeapFree] 015F:6602D290 8BC6 MOV EAX,ESI 015F:6602D292 5F POP EDI 015F:6602D293 5E POP ESI 015F:6602D294 5D POP EBP 015F:6602D295 C20C00 RET 000C _________________ MSVBVM60!.text+0002C252 ____________________ Disable previous breakpoint, and set a new one as follow : : bd * [enter] ==> hmemcpy no longer needed : bpx 015F:6602D252 [enter] Press F10 5 times - stop at 015F:6602D26F - dump SS register : d 010A16C8 [enter] your fake code at virtual address 0167:010A16C8 ??? Keep continue pressing F10 and step pass RET(urn) instruction at 015F:6602D295, soon afterward you'll drop at these below location : 015F:6605FF35 E800D3FCFF CALL 6602D23A 015F:6605FF3A C20800 RET 0008 <== drop here ____________ MSVBVM60!.text+0005EF35 ____________ Press F10 once ( step pass this 2nd RETurn instruction ), finally you'll drop at these below snippet codes : 015F:0041C7A6 56 PUSH ESI DROP 015F:0041C7A7 FF90A0000000 CALL [EAX+000000A0] <== HERE _________________________ INC!.text+0001B7A6 ___________________ Disable previous breakpoint, and create a new one by typing : : bd * [enter] : bpx 015F:0041C7A7 Press X to let SoftIce break into this location and repeat registration procedure if necessary. 5. If nothing goes wrong you'll break again at these below snippet codes : 015F:0041C7A6 56 PUSH ESI BREAK 015F:0041C7A7 FF90A0000000 CALL [EAX+000000A0] <== HERE 015F:0041C7AD DBE2 FCLEX 015F:0041C7AF 85C0 TEST EAX,EAX 015F:0041C7B1 7D12 JGE 0041C7C5 ==> jump to 015F:0041C7B3 68A0000000 PUSH 000000A0 015F:0041C7B8 68B06D4000 PUSH 00406DB0 015F:0041C7BD 56 PUSH ESI 015F:0041C7BE 50 PUSH EAX 015F:0041C7BF FF1550104000 CALL [MSVBVM60!__vbaHresult CheckObj] 015F:0041C7C5 8B45B0 MOV EAX,[EBP-50] <== ret jump 015F:0041C7C8 C745B000000000 MOV DWORD PTR [EBP-50],000 015F:0041C7CF 894594 MOV [EBP-6C],EAX _________________________ INC!.text+0001B7A6 ___________________ Break due to BPX #015F:0041C7A7 Press F10 5 times - stop at 015F:0041C7C8 - dump EAX register : :d eax your fake 73881050 in wide format at virtual address 0167:0053098C. Press F10 once - stop at 015F:0041C7CF - dump SS register :d 005309B0 [enter] did you see 3.7.3.4.6.4.4.3.6. at virtual address 0167:005309B0 ?? Write it down! Here is an excerpt from my Data Window : EAX=0053098C EBX=6610886E ... ESI=0109F8F4 EDI=00530A6C EBP=0065FA9C ... o d I s Z a P c CS=015F DS=0167 SS=0167 ... SS:0065FA30=005309B0 <==== dump --------------------------byte--------------PROT---(0)--------- 0167:005309B0 33 00 37 ... 00 33 00 3.7.3.4.6.4.4.3. <== real 0167:005309C0 36 00 00 ... 00 00 A0 6...d.e.r...<... <== code 0167:005309D0 24 00 00 ... 00 65 00 $...P.i.r.a.t.e. 0167:005309E0 73 00 20 ... 00 5B 00 s. .O.r.d.e.r.[. 0167:005309F0 54 00 54 ... 00 30 00 T.T.M.].....0.0. 6. Let's review your work and look at CALL instruction at 015F: 0041C7BF, as I told you before you can set breakpoint : : bpx __vbaHresultCheckObj instead of HMEMCPY when you start to crack this program. And with only 2 keystrokes of F10 you can fish the real serial number. Alternatively, you can also set BPX __vbavartsteq , and with 8 keystrokes of F10 you'll find correct serial number. SmartCheck will exactly show you posible CALL instruction, memory location where S/N is generated or even the S/N it self. Combining these 2 applications will enhance your cracking sense and skill, but I hate working 2 times and jerkin' back and forth between them. If you believe in SmartCheck can do anything, just test your skill by cracking these 3 programs called " Brojac Impulsa " , " WhatzNew " and " MixVibes Pro " ... can you find the S/N ???? The reason I prefer using SoftIce is trying something else like walking in the dark without flashlight until i found the way out from the jungle of MSVBVM.DLL. If not, there will be no VB cracking tute is born and released in the scene. I admitted what the +ORC says " there always another way " ... it's TRUE ! Further, cracking VB proggie is 'unstable' - whatever you called - unbelievable because sometime we dropped in different stack/data segment when attempting to crack/neuter in the next time. So, don't be surprised if you find correct S/N whether in the MSVBVMxx.DLL, OLEAUT32.DLL or main program's code. [LOL]. 7. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 8. Repeat registration procedure and keyed-in 373464436 as your S/N. Click OK button ..... there you're registered. Da hast Du Dich aber anscheißen lassen !. 9. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\INC] [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\INC\ Pfad] "Quelle"="" "Ziel"="" [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\INC\ Key] "Key"="847608877" [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\INC\ BenutzerInfo] "NameFirma"="Pirates Order" "Ort"="[TTM]" 10. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [TTM/D4C/C4A] tute-ImageNameChanger1101.zip [EOF] 1/23/01 5:09:33 PM :bl 00) * BPX KERNEL!HMEMCPY 01) * BPX #015F:660BB00E 02) BPX #015F:6602D252