KEYGEN IS DEMON, PATCHING IS EVIL, SERIAL FISHING IS LESS ATTITUDE SENTRY'98 v2.4 A Cracking Tutorial by ASTAGA [WTF/TTM] Sentry ‘98 is an exciting program that allows you to take control of your Windows 95/98 computer. With Sentry ‘98, you can set up Windows 95/98 user accounts for each user of your computer. Each user has his or her own desktop, Start Menu, Programs folder and other Windows folders. In addition, you can place restrictions on users to con trol use of the computer and minimize the risk that other users will accidentally delete important files or configu ration settings. Sahalie Software, LLM Softech Developments Ltd. http://www.sentry98.com http://www.sentry98.com/sntry98.zip 1.2 MB as of January 27, 2001 Rel Date June 19, 1999 1. Run the program, in the registration dialog box type this below info : License Code : 73881050 2. Within SoftIce set a new breakpoint : : bpx hmemcpy [enter] Press F5 to return to main program 3. Click OK button, soon afterward you'll return back into SoftICe. Press F11 then F12 around 11 times until you reach these below snippet codes : ______________________________________________________________ 015F:00452EAA E8A5DEFDFF CALL 00430D54 015F:00452EAF 8B55D8 MOV EDX,[EBP-28] <== break here 015F:00452EB2 8B45F8 MOV EAX,[EBP-08] ==> D EDX 015F:00452EB5 E85A0CFBFF CALL 00403B14 015F:00452EBA C645F701 MOV BYTE PTR [EBP-09],01 015F:00452EBE 33C0 XOR EAX,EAX 015F:00452EC0 5A POP EDX 015F:00452EC1 59 POP ECX 015F:00452EC2 59 POP ECX 015F:00452EC3 648910 MOV FS:[EAX],EDX 015F:00452EC6 68DB2E4500 PUSH 00452EDB 015F:00452ECB 8B45F0 MOV EAX,[EBP-10] 015F:00452ECE E8F9FFFAFF CALL 00402ECC ==> F8 015F:00452ED3 C3 RET _________________ SENTRY!CODE+00051EAA _______________________ : bd * [enter] : bpx 015F:00452EAA [enter] Press F10 once - stop at 015F:00452EB2 : : d edx [enter] ==> your fakecode appear at virtual address 0167:00C46760. Now I'll bring you directly to the location where S/N can be trapped. If you curious how do I get into this address,just follow breakpoint history listing at the bottom this file. Let's do a search string as follow : : s 0 l ffffffffffff E8 AA FE FF FF 8B 55 [enter] Pattern found at 0167:0048B5C1 ( 0048B5C1 ) Disable all breakpoints, and set a new one as follow : : bd * [enter] : bpx 015F:0048B5C1 [enter] Press X or F5 to let SoftIce break into this location NOTE : Repeat registration procedure if necessary 4. If you do the right thing, you'll break and see these below snippet codes : ______________________________________________________________ 015F:0048B5C1 E8AAFEFFFF CALL 0048B470 <== break here 015F:0048B5C6 8B55FC MOV EDX,[EBP-04] 015F:0048B5C9 8B45F8 MOV EAX,[EBP-08] 015F:0048B5CC E80FD0F7FF CALL 004085E0 ==> D EAX/EDX 015F:0048B5D1 85C0 TEST EAX,EAX 015F:0048B5D3 7502 JNZ 0048B5D7 __________________ SENTRY!CODE+0008A5C1 _______________________ Press F10 3 times - stop at 015F:0048B5CC - dump EAX and EDX registers : : d eax [enter] ==> did you see 7388224 at virtual address 0167:00C46AA8 ? Write it down!. : d edx [enter] ==> your fake code appear at virtual address 0167:00C46760. 5. Let's register the program by using 7388224 as your license code. Click OK .... there you're registered. Click HELP/ABOUT submenu, your lic code is there but 'Name' field is empty. You can personalized this field by manually editing registration info in the registry. 6. Registration info is stored in the registry as follow : REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Sahalie\Crowd Control] "License"="7388224" "Name"="Pirates Order" <== add this key using REGEDIT 7. About the S/N : If you trace ( press F8 ) the code starting from CALL instruction at 015F:00452ECE, you'll find the routines that first 4 digits of your ake code will be splitted and added with 224. S/N formula is XXXX224 where XXXX=any number. 8. Respect the Author and do not attemp to register this program by using your own user name, unless you pay US$20.00 for official licensing. END NOTES DON'T BE A LAMER BY DISTRIBUTING YOUR CRACK RELEASE BASED ON THIS TUTORIAL. ============== D I S C L A I M E R ============= THIS PAPER IS NOT INTENTED TO VIOLATE COPYRIGHTS LAW BUT EDUCATIONAL PURPOSES ONLY. I HOLD NO RES PONSIBILITY ( IN ANY SHAPE WHATSOEVER ) OF THE MIS-USE OF THIS MATERIAL. NO PARTS OF THIS PAPER IS SOLD/RENT FOR COMMERCIAL NOR PERSONAL BENEFIT. [EOF] ASTAGA [TTM] - tute-sentry9824.zip Tutorial Free Version C First Edited : 1/27/01 7:33:10 AM Revised/Updated : 2/8/01 3:24:13 PM Breakpoint History for Sentry98 v2.4 - ASTAGA [WTF/TTM] 00) * BPX KERNEL!HMEMCPY 01) * BPX #015F:00452EAA <== main prog's first break 02) * BPMB #0167:00C46760 RW DR3 <== fakecode 1st appearance 03) * BPMB #0167:00C382C0 RW DR2 <== fakecode 2nd appearance 04) * BPX #015F:004040BC <== routine where first 4 digits of 05) * BPX #015F:00403D65 fakecode is splitted, compared, etc 06) BPX #015F:0048B5C1 <== location where S/N is captured