SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING UNINSTALL MANAGER v3.10 A Cracking Tutorial by ASTAGA [WTF/TTM] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. Read END NOTES section at the end of this file. ABOUT THE PROGRAM Removing files from your system is a lot harder than installing them. Megabytes of junk files on your hard disk waste space, slowdown your system, and conflict with software. The solution to this overcrowded mess is Uninstall Manager. Uninstall Manager is the program that lets you safely remove unwanted software and return your system to its original state. Easy to use, fast and powerful uninstaller. The best way to check all new additions to your system without installation monitoring. Removing files from your system is a lot harder than installing them. With U.M. you can completely remove unwanted software in a few minutes. System: Win95/98 WHERE TO DOWNLOAD Author : Ahmet Hidayetoglu Copyright : Nokta Software Homepage : http://members.tripod.com/~umpage http://umhome.cjb.net/ URL : http://209.235.102.9/~sam15195/um310.zip http://209.235.102.9/~sam15195/um/dwn.htm Size : 463 KB as of April 30, 2000 Rel Date : April 12, 2000 HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run UNINSMAN.EXE, in the registration dialog box type these below informations : Name : Pirates Order Code : 73881050 Do not click OK button yet 2. Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow : BPX hmemcpy [enter] and F5 to return to the main program 3. Now, click OK button... you'll return back into SoftIce! In within SoftIce press F11, F5, F11, then F12 11 times until you see main program's code. Disable breakpoint, do a search string as follow : : bd * [enter] : s 0 l fffffffffffff E8 2E 66 FB FF 8B 45 [enter] Pattern found at 0167:0047A819 : bpx 0167:0047A819 [enter] Press F5 to let SoftIce break into this location 4. If nothing goes wrong you'll break again at these below snippet codes : ______________________________________________________________ 015F:0047A813 8B86F8020000 MOV EAX,[ESI+000002F8] 015F:0047A819 E82E66FBFF CALL 00430E4C <== break here 015F:0047A81E 8B45F8 MOV EAX,[EBP-08] 015F:0047A821 E8EEE0F8FF CALL 00408914 015F:0047A826 3BD8 CMP EBX,EAX **** 015F:0047A828 7504 JNZ 0047A82E 015F:0047A82A B301 MOV BL,01 _____________________ UNINSMAN!CODE+00079813 __________________ Break due to BPX #015F:0047A819 While you're at 015F:0047A819 - dump ECX register : : d ecx [enter] ==> your name in lower case at virtual address 0167:01AA4570 Press F10 once - see that fake code copied into memory Press F10 once - stop at 015F:0047A821 - dump EAX register : d eax [enter] ==> your fake code at virtual 0167:01AA458C Press F10 once - stop at 015F:0047A826 - a classic comparison instruction, let's check the contents of EAX and EBX registers. : ? EBX [enter] 046755DA 0073881050 " gU " ==> your fake code : ? EBX [enter] 000005AF 0000001455 " " ==> your potential reg code. Write it down. 5. Disable all breakpoints by typing BD * [enter] Press F5 or X to return to the main program 6. Repeat registration procedure and keyed-in 1455 as your S/N. Click OK button ..... there you're registered. 7. Where the hell is my registration code is stored ?? The correct registration code is stored in the registry as follows : REGEDIT4 [HKEY_CURRENT_USER\Software\NoktaSoftware\UninstallManager] "Path"="d:\\program files\\um31" "Reg"="I@Xazi|m{(Gzlmz" 8. How can I practise with my own user name ? - I strongly recommended you not to do this ! E N D N O T E S Distributing your serial number is illegal and is no different than distributing illegal copies of the registered software. Violation of this rule may result in temporary or permanent revocation of this license and cancellation of the serial number; the original licensee will also be held responsible for damages, physical and estimated. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > Never attribute to malice that which is adequately explained by stupidity ASTAGA [WTF/TTM/D4C/C4A] tute-uninstallmanager310.zip [EOF] First edited : April 30, 2000 6:08:55 PM Revised/Updated : 1/15/01 10:31:03 PM