KEYGEN IS DEMON, PATCHING IS EVIL, SERIAL FISHING IS LESS ATTITUDE



SENTRY'98 v2.4
A Cracking Tutorial 
by ASTAGA [WTF/TTM]



Sentry ‘98 is an exciting program that allows you to take 
control of your Windows 95/98 computer.  With Sentry ‘98, 
you can set up Windows 95/98 user accounts for each user 
of your computer.  Each user has his or her own desktop, 
Start Menu, Programs folder and other Windows folders.  
In addition, you can place restrictions on users to con
trol use of the computer and minimize the risk that other 
users will accidentally delete important files or configu
ration settings.


Sahalie Software, LLM
Softech Developments Ltd.
http://www.sentry98.com
http://www.sentry98.com/sntry98.zip
1.2 MB  as of January 27, 2001
Rel Date June 19, 1999


1.	Run the program, in the registration dialog box
	type this below info :

		License Code : 73881050

2.	Within SoftIce set a new breakpoint :

	: bpx hmemcpy  [enter]
	Press F5 to return to main program

3.	Click OK button, soon afterward you'll return
	back into SoftICe.
	Press F11 then F12 around 11 times until you
	reach these below snippet codes :
	______________________________________________________________

	015F:00452EAA  E8A5DEFDFF   CALL  00430D54
	015F:00452EAF  8B55D8       MOV   EDX,[EBP-28] <== break here
	015F:00452EB2  8B45F8       MOV   EAX,[EBP-08] ==> D EDX
	015F:00452EB5  E85A0CFBFF   CALL  00403B14
	015F:00452EBA  C645F701     MOV   BYTE PTR [EBP-09],01
	015F:00452EBE  33C0         XOR   EAX,EAX
	015F:00452EC0  5A           POP   EDX
	015F:00452EC1  59           POP   ECX
	015F:00452EC2  59           POP   ECX
	015F:00452EC3  648910       MOV   FS:[EAX],EDX
	015F:00452EC6  68DB2E4500   PUSH  00452EDB
	015F:00452ECB  8B45F0       MOV   EAX,[EBP-10]
	015F:00452ECE  E8F9FFFAFF   CALL  00402ECC ==> F8
	015F:00452ED3  C3           RET

	_________________ SENTRY!CODE+00051EAA _______________________

	: bd * [enter]
	: bpx 015F:00452EAA  [enter]

	Press F10 once - stop at 015F:00452EB2 :
	: d edx  [enter]  ==> your fakecode appear at virtual
	                      address 0167:00C46760.

	Now I'll bring you directly to the location where S/N
	can be trapped. If you curious how do I get into this
	address,just follow breakpoint history listing at the
	bottom this file.
	Let's do a search string as follow :

	: s 0 l ffffffffffff E8 AA FE FF FF 8B 55  [enter]
	Pattern found at 0167:0048B5C1 ( 0048B5C1 )

	Disable all breakpoints, and set a new one as
	follow :

	: bd *  [enter]
	: bpx 015F:0048B5C1 [enter]
	Press X or F5  to let SoftIce break into this location

	NOTE : Repeat registration procedure if necessary


4.	If you do the right thing, you'll break and see these
	below snippet codes :
	______________________________________________________________

	015F:0048B5C1  E8AAFEFFFF CALL  0048B470 <== break here
	015F:0048B5C6  8B55FC     MOV   EDX,[EBP-04]
	015F:0048B5C9  8B45F8     MOV   EAX,[EBP-08]
	015F:0048B5CC  E80FD0F7FF CALL  004085E0 ==> D EAX/EDX
	015F:0048B5D1  85C0       TEST  EAX,EAX
	015F:0048B5D3  7502       JNZ   0048B5D7
	
	__________________ SENTRY!CODE+0008A5C1 _______________________

	Press F10 3 times - stop at 015F:0048B5CC - dump EAX
	and EDX registers :

	: d eax  [enter]  ==> did you see 7388224 at virtual
	                      address 0167:00C46AA8 ?
	                      Write it down!.

	: d edx  [enter]  ==> your fake code appear at virtual
	                      address 0167:00C46760.


5.	Let's register the program by using 7388224 as your
	license code.
	Click OK .... there you're registered.
	Click HELP/ABOUT submenu, your lic code is there but
	'Name' field is empty. You can personalized this field
	by manually editing registration info in the registry.


6.	Registration info is stored in the registry as follow :
	REGEDIT4
	[HKEY_LOCAL_MACHINE\Software\Sahalie\Crowd Control]
	"License"="7388224"
	"Name"="Pirates Order" <== add this key using REGEDIT


7.	About the S/N : If you trace ( press F8 ) the code 
	starting from CALL instruction at 015F:00452ECE, 
	you'll find the routines that first 4 digits of 
	your ake code will be splitted and added with 224.
	S/N formula is XXXX224 where XXXX=any number.


8.	Respect the Author and do not attemp to register this
	program by using your own user name, unless you pay
	US$20.00 for official licensing.


				END NOTES


	DON'T BE A LAMER BY DISTRIBUTING YOUR CRACK RELEASE
	               BASED ON THIS TUTORIAL.

	 ============== D I S C L A I M E R =============
	 THIS PAPER IS NOT INTENTED TO VIOLATE COPYRIGHTS 
	 LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES
	 PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE
	 MIS-USE OF THIS MATERIAL. NO PARTS OF THIS PAPER
	 IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT.



[EOF] ASTAGA [TTM] - tute-sentry9824.zip
Tutorial Free Version C
First Edited    : 1/27/01 7:33:10 AM
Revised/Updated : 2/8/01 3:24:13 PM
Breakpoint History for Sentry98 v2.4 - ASTAGA [WTF/TTM]
00) * BPX KERNEL!HMEMCPY
01) * BPX #015F:00452EAA <== main prog's first break
02) * BPMB #0167:00C46760 RW DR3 <== fakecode 1st appearance
03) * BPMB #0167:00C382C0 RW DR2 <== fakecode 2nd appearance
04) * BPX #015F:004040BC <== routine where first 4 digits of
05) * BPX #015F:00403D65 fakecode is splitted, compared, etc
06)   BPX #015F:0048B5C1 <== location where S/N is captured