SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING


UNINSTALL MANAGER v3.10
A Cracking Tutorial 
by ASTAGA [WTF/TTM]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.
Read END NOTES section at the end of this file.



ABOUT THE PROGRAM 


Removing files from your system is a lot harder than installing 
them. Megabytes of junk files on your hard disk waste space, 
slowdown your system, and conflict with software. The solution 
to this overcrowded mess is Uninstall Manager. Uninstall Manager 
is the program that lets you safely remove unwanted software 
and return your system to its original state. 


Easy to use, fast and powerful uninstaller.
The best way to check all new additions to 
your system without installation monitoring.
Removing files from your system is a lot harder
than installing them. With U.M. you can completely
remove unwanted software in a few minutes.
System: Win95/98


WHERE TO DOWNLOAD


Author   	: Ahmet Hidayetoglu
Copyright	: Nokta Software
Homepage 	: http://members.tripod.com/~umpage
		  http://umhome.cjb.net/
URL		: http://209.235.102.9/~sam15195/um310.zip
		  http://209.235.102.9/~sam15195/um/dwn.htm
Size 		: 463 KB as of April 30, 2000
Rel Date	: April 12, 2000



HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.  Run UNINSMAN.EXE, in the registration dialog box type these
    below informations :

	Name	 : Pirates Order
	Code    : 73881050

    Do not click OK button yet
    

2.  Load SoftIce by pressing [ CTRL + D ], set a breakpoint as 
    follow :
    

	BPX hmemcpy     [enter]   and
   	F5  to return to the main program


3.  Now, click OK button... you'll return back into SoftIce!
    In within SoftIce press F11, F5, F11, then F12 11 times 
    until you see main program's code.

	Disable breakpoint, do a search string as follow :
	: bd *  [enter]
	: s 0 l fffffffffffff E8 2E 66 FB FF 8B 45  [enter]
	Pattern found at 0167:0047A819
	: bpx 0167:0047A819  [enter]

	Press F5  to let SoftIce break into this location


4.  If nothing goes wrong you'll break again at these below
    snippet codes : 

	______________________________________________________________

	015F:0047A813  8B86F8020000    MOV   EAX,[ESI+000002F8]
	015F:0047A819  E82E66FBFF      CALL  00430E4C <== break here
	015F:0047A81E  8B45F8          MOV   EAX,[EBP-08]
	015F:0047A821  E8EEE0F8FF      CALL  00408914
	015F:0047A826  3BD8            CMP   EBX,EAX ****
	015F:0047A828  7504            JNZ   0047A82E 
	015F:0047A82A  B301            MOV   BL,01


	_____________________ UNINSMAN!CODE+00079813 __________________

	Break due to BPX #015F:0047A819
	While you're at 015F:0047A819 - dump ECX register :

	: d ecx  [enter] ==>  your name in lower case at virtual
				address 0167:01AA4570
	Press F10 once - see that fake code copied into memory

	Press F10 once - stop at 015F:0047A821 - dump EAX register

	: d eax  [enter] ==>  your fake code at virtual 0167:01AA458C

	Press F10 once - stop at 015F:0047A826 - a classic comparison
	instruction, let's check the contents of EAX and EBX registers.
	
	: ? EBX  [enter] 
	046755DA  0073881050  " gU " ==> your fake code

	: ? EBX  [enter]
	000005AF  0000001455  "  "   ==> your potential reg code.
					     Write it down.                                                      


5.  Disable all breakpoints by typing 

	BD *   [enter]
	Press F5 or X to return to the main program
     

6.  Repeat registration procedure and keyed-in 1455 as your S/N. 
    Click OK button .....  there you're registered.


7.	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as
	follows : 
	REGEDIT4
	[HKEY_CURRENT_USER\Software\NoktaSoftware\UninstallManager]
	"Path"="d:\\program files\\um31"
	"Reg"="I@Xazi|m{(Gzlmz"


8.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [WTF/TTM/D4C/C4A] tute-uninstallmanager310.zip
[EOF] First edited : April 30, 2000 6:08:55 PM
Revised/Updated : 1/15/01 10:31:03 PM