KEYGEN IS DEMON, PATCHING IS EVIL , SERIAL FISHING IS LESS ATTITUDE


ListWiz v1.0c
A Cracking Tutorial
by ASTAGA [WTF/TTM]


DESCRIPTION

Have a lot of files? Quick way to create list 
files!
Lists multiple directories and/or drives.
Creates WinAmp Play Lists too!
Fully configurable, add your own file types.
Sort by directory or filename.
If you have a lot of multimedia files, it can 
be hard to keep track of what files you have. 
Some script based list generators can tie up 
your computer for hours while generating a 
list file. ListWiz will generate a list for 
you in just minutes while you can keep using 
your computer.



ListWiz Version 1.0. 
ListWiz 32-bit (747KB)
© Paul P.M. Beuger
http://www.wavget.com/download.html
http://www.wavget.com/dllistwiz.html
http://www.wavget.com/listwiz32.exe



1.	Run the program, in the registration dialog box
	type these below infos :

		Name : Pirates Order
		Code : 8857045

2.	Within SoftIce, set HMEMCPY as your breakpoint.
	Press F5 to return to main program.
	Click OK button.

3.	When returning back into SoftIce, press F11 once 
	and F12 several times until you see these below
	snippet codes :
	____________________________________________________________

	015F:004515EA  E8B5CCFDFF  CALL 0042E2A4
	015F:004515EF  8B55D8      MOV  EDX,[EBP-28] <== drop here
	015F:004515F2  8B45F8      MOV  EAX,[EBP-08]
	015F:004515F5  E83A25FBFF  CALL 00403B34
	015F:004515FA  C645F701    MOV  BYTE PTR [EBP-09],01
	015F:004515FE  33C0        XOR  EAX,EAX
	015F:00451600  5A          POP  EDX
	015F:00451601  59          POP  ECX
	_____________________ LISTWIZ!CODE+000505EA ________________

	Disable previous breakpoint, and set a new one as follows :

	: bd *  [enter] ==> Hmemcpy no longer needed
	: bpx 015F:004515EA  [enter]

	Press F10 once - stop at 015F:004515F2 :
	: d edx  [enter]  ==> your fake code appear at virtual 0167:
	                      00BF10A0

	Now, create new breakpoint as follow :
	: bpm 0167:00BF10A0  [enter]
	Press X or F5  to let SoftIce breakinto new location


4.	Heres the snippet codes when you break into new location
	________________________________________________________
	
	015F:00403E97  8B1F    MOV       EBX,[EDI]
	015F:00403E99  39D9    CMP       ECX,EBX <== break here
	015F:00403E9B  7558    JNZ       00403EF5
	015F:00403E9D  4A      DEC       EDX

	____________________ LISTWIZ!CODE+2E97 _________________

	Break due to BPMB #0167:00BF10A0 RW DR3

	While stay at 015F:00403E99 , did you recognize that you
	have dropped at an interesting CMP instruction.
	Let's dump EDI, ESI and the contents of EBX and ECX regis
	ters.
	Do these below steps accordingly :

	: ? ebx  [enter]
	37353838  0926234680  "7588"  ==> part of fakecode in reverse
                                       order.

	: ? ecx  [enter]
	58464E42  1481002562  "XFNB"  ==> part of potential regcode
                                       in reverse order.

	Actually, it's too obvious that valid regcode is copied
	around virtual address 0167:00BF10D0 as you can observe
	in your Data Window screen as follow :

	EAX=00000007  EBX=37353838  ECX=58464E42 .. ESI=00BF10D4
	EDI=00BF10A0  EBP=006BF588  ESP=006BF54C .. o d I s z A
	CS=015F   DS=0167   SS=0167  ES=0167   FS=2DE7   GS=0000
	----------------------------byte--------------PROT---(0)--

	0167:00BF10A0 38 38 35 ..... 92 BE 00  8857045.....x...
	0167:00BF10B0 20 00 00 ..... 00 00 00   ...............
	0167:00BF10C0 01 00 00 ..... 00 00 00  .... ...........
	0167:00BF10D0 0E 00 00 ..... 42 4C 4A  ....BNFXEBUXRBLJ
	0167:00BF10E0 4B 53 00 ..... 2F 00 00  KS..tdG.tdG../..
	0167:.....
 	----------------------------------------------------------

	: d esi  [enter]  your realcode BNFXEBUXRBLJKS appear at 
	                  0167:00BF10D4. Write it down.

	: d edi  [enter]  your fakecode appear at 0167:00BF10A0


5.	Let's register the program by using  BNFXEBUXRBLJKS  as
	your regcode.
	Click  OK  ..... there you're registered.


6.	Respect the Author and do not attemp to register this
	program by using your own user name, unless you pay
	US$20.00 for official licensing.




				END NOTES


	DON'T BE A LAMER BY DISTRIBUTING YOUR CRACK RELEASE
	               BASED ON THIS TUTORIAL.

	 ============== D I S C L A I M E R =============
	 THIS PAPER IS NOT INTENTED TO VIOLATE COPYRIGHTS 
	 LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES
	 PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE
	 MIS-USE OF THIS MATERIAL. NO PARTS OF THIS PAPER
	 IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT.



[EOF] ASTAGA [TTM] - tute-listwiz10c.zip
Tutorial Free Version C
2/8/01 12:13 AM
Breakpoint history for ListWiz v1.0c - ASTAGA [TTM/WTF]
00) * BPX KERNEL!HMEMCPY
01)   BPX #015F:004515EA
02)   BPMB #0167:00BF10A0 RW DR3