SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING
Registry Compare v1.21
A Cracking Tutorial
by ASTAGA [WTF/TTM]
DISCLAIMER
This reading material is not intended to violate Copyrights
and/or it is law, but educational purposes only. I hold no
responsibility ( by all means and in any shape whatsoever )
of the mis-used of this material.
Read END NOTES section at the end of this file.
ABOUT THE PROGRAM
Easily See The Differences Between States of Your Registry!
Registry Compare for Win95, Win98 and WinME:
Registry Compare can be used to easily see what is being
done by a program or Windows itself to your registry. The
software itself does not modify anything in your registry.
For example, if you have a new program to install and want
to know everything that it does to your registry, you can
use Registry Compare to find out.
The first thing that you want to do is go to Edit, take
first snapshot. Now that you have the first snapshot, run
the program or conduct the activity of which you want to
see the effects on the registry. Return to Registry Compare,
and click Edit, take second snapshot. You can exit the
Registry Compare software and even restart your system in
between snapshots. After you have both snapshots, click
Edit, Compare snapshots and the differences will be display
ed in the white box. If you want to save the results for
future reference, go to File, Print results and they will be
sent to your default printer.
Features :
o
WHERE TO DOWNLOAD
Author : KMCS Software
Copyright : KMCS Software
Homepage : http://www.kmcsonline.com
URL : http://www.kmcsonline.com/DOWNLOAD.HTM
http://kmcsonline.com/anonftp/pub/RGCOMPARE.EXE
Size : 663 KB as of
Rel Date :
HOW TO GET VALID SERIAL NUMBER by using SoftIce
1. Run COMPARE.EXE, in the registration dialog box type these below
informations :
Code : 73881050911
Do not click OK button yet
2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as
follow :
BPX multibytetowidechar [enter] and
F5 to return to the main program
3. Now, click OK button... you'll return back into SoftIce!
In within SoftIce press F11, F5, F11, then F12 6 times
until you see and break at :
______________________________________________________________
015F:0F79B202 E8D2DFFEFF CALL 0F7891D9
015F:0F79B207 33C0 XOR EAX,EAX ==> d eax
015F:0F79B209 EBF0 JMP 0F79B1FB
015F:0F79B20B 8B442404 MOV EAX,[ESP+04]
015F:0F79B20F A3E8B77B0F MOV [0F7BB7E8],EAX
015F:0F79B214 3D07080000 CMP EAX,00000807
015F:0F79B219 771A JA 0F79B235
015F:0F79B21B 744C JZ 0F79B269
_____________________ VB40032!.text+text+0007A202 _____________
: bd * [enter] ==> no longer needed
: bpx 015F:0F79B202 [enter]
Press F10 once - stop at 015F:0F79B207 - display EAX register
: d eax [enter] see that fake code at virtual address
0167:0167:0412414 ???
Create a new breakpoint by typing :
: bd * [enter]
: bpr 0167:0412414 0167:0412414+10 rw [enter]
Press X to let SoftIce break into this location
5. If nothing goes wrong you'll break again at these below
snippet codes :
015F:0F79B356 33C0 XOR EAX,EAX
015F:0F79B358 F366A7 REPZ CMPSW <==
015F:0F79B35B 7405 JZ 0F79B362
015F:0F79B35D 1BC0 SBB EAX,EAX
015F:0F79B35F 83D8FF SBB EAX,-01
015F:0F79B362 5F POP EDI
015F:0F79B363 5E POP ESI
015F:0F79B364 C20C00 RET 000C
___________________ VB40032!.text+0007A356 ___________________
Break due to BPR #0167:00412414 #0167:00412424 RW
While stay at 015F:0F79B358 - dump ESI and EDI registers :
:d esi your fake code at virtual address 0167:0167:00412414.
:d edi did you see R.C.E.Q.7.0.N.S. at virtual address
0167:0167:004089E8 ? Write it down! Remove trailing
dot sign (.) between each character.
7. Disable all breakpoints by typing
BD * [enter]
Press F5 or X to return to the main program
8. Repeat registration procedure and keyed-in RCEQ70NS as
your S/N.
Click OK button ..... there you're registered.
9. Where the hell is my registration code is stored ??
The correct registration code is stored in the registry as
follows :
REGEDIT4
10. How can I practise with my own user name ?
- I strongly recommended you not to do this !
E N D N O T E S
Distributing your serial number is illegal and is no
different than distributing illegal
copies of the registered
software. Violation of
this rule may
result in
temporary or permanent revocation of this
license and cancellation of the
serial number;
the original licensee
will also be held responsible for
damages, physical and estimated.
Do not distribute your crack release based on this tutorial, because
you become a LAMER(s)!!!!!!!!
( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
personal computer, using Hex Editor, ripping off other group(s)
crack release, repacking (distro) them under his name.
Adopted from newsgroup alt.cracks, alt.crackers - February 1997 )
More about LAMER(s):
lamer /n./ [prob. originated in skateboarder slang]
Synonym for luser, not used much by hackers but common among warez
d00dz, crackers, and phreakers. Oppose elite. Has the same connota
tions of self-conscious elitism that use of luser does among
hackers.
< SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >
Never attribute to malice that which is adequately
explained by stupidity
ASTAGA [WTF/TTM/D4C/C4A] tute-RegistryCompare121.zip
[EOF] 1/19/01 7:09:01 AM-off message.