SERIAL NUMBER IS FISHY - DECLINE YOUR PATCH'ITCH'ING


WinNc 2000 Professional 2.02 
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.
Read END NOTES section at the end of this file.



ABOUT THE PROGRAM 

WinNc 2000 is a file manager for Windows 95/98/2000 and NT 4.0 
that can replace the existing Windows Explorer. WinNc uses the 
same key shortcuts and the same mouse functionality as a well-
known file manager for DOS (NC). WinNc can connect to network 
neighborhoods, servers, and other computers in a network, and 
is able to view what's inside compressed files as if they were 
directories. WinNc has full drag-and-drop functionality; an 
internal viewer that can view JPEG, GIF, BMP, TGA, WMF, PCX, 
MP3, WAV, FLC, DOCS, XLS, HTML, MID, and AVI files, and an 
internal viewer similar to the one in NC for DOS. WinNc's uti
lities enable you to split, encrypt, and FTP your files. Tips 
can be turned off after registration

WinNc has all the makings of an excellent replacement for Win
dows Explorer. It features an attractive, independent double-
pane view (selecting a path or file in one pane has no effect 
on the other) and offers drag-and-drop support for moving 
files between the panes. Lots of tool buttons and menu items 
provide access to standard file-management methods. You can 
easily format, copy, move, delete, view, and edit files. 
In addition, WinNc supports file splitting, encryption, and 
compression using the standard ZIP format. Use it to create 
shortcuts, compare and synchronize folders, back up important 
data, read network drives, search for files, and more. 
You can even use it to handle all of your file transfers via 
FTP. An internal text editor and graphic file viewer are also 
part of the package. 



WHERE TO DOWNLOAD


Author   	: Dunes Multimedia
Copyright	: Dunes Multimedia
Homepage 	: http://www.dunesmm.nl/winnce/
URL		: http://www.simtel.net/pub/simtelnet/win95/fileutl/winnc202.zip
		  ftp://ftp.simtel.net/pub/simtelnet/win95/fileutl/winnc202.zip 		  http://www.dunesmm.nl/winnce/download_regio.html
Size 		: 2.4MB  as of Dcember 17,2000
Rel Date	: July 2000




HOW TO GET VALID SERIAL NUMBER by using SoftIce



1.  Run WINNC.EXE, in the registration dialog box type these below 
    informations :

	Name	 : Pirates Order
	Company : Red Rackham
	Code    : 73881050

    Do not click OK button yet
    

2.  Load SoftIce by pressing [ CTRL + D ], set a breakpoint as follow :
    

	BPX hmemcpy     [enter]   and
   	F5  to return to the main program

3.  Now, click OK button... you'll return back into SoftIce!
    In within SoftIce press F11, F5, F11, then F12 11 times until you 
    see and break at :

	______________________________________________________________

	015F:00516D8B  E8C8F1EFFF    CALL   00415F58
	015F:00516D90  8D55F8        LEA    EDX,[EBP-08] <== break here
	015F:00516D93  A1B82D5800    MOV    EAX,[00582DB8]
	015F:00516D98  8B80CC010000  MOV    EAX,[EAX+000001CC]
	015F:00516D9E  E8B5F1EFFF    CALL   00415F58
	015F:00516DA3  BA01000080    MOV    EDX,80000001
	015F:00516DA8  8BC6          MOV    EAX,ESI
	015F:00516DAA  E859F9F2FF    CALL   00446708
	015F:00516DAF  8B55F4        MOV    EDX,[EBP-0C]
	015F:00516DB2  8B45FC        MOV    EAX,[EBP-04] ==> d edx
	015F:00516DB5  E8D6FBFFFF    CALL   00516990

	_________________________ WINNC32!CODE+00115D8B _______________

	: bc 00  [enter] ==> no longer needed
	: bpx 015F:00516D8B  [enter]
	Press F10 8 times - stop at 015F:00516DB2 - display EDX register

	: d edx  [enter]  	see that fake code at virtual address
				015F:00516DB2 ???

    	Create a new breakpoint by typing :
	: bd *  [enter]
	: bpr 0167:0126DD80 0167:0126DD80+15 rw	
	Press X  to let SoftIce break into this location


5.  If nothing goes wrong you'll break again at these below
    snippet codes : 

	EAX=00000006   EBX=38383337   ECX=32343932 .. ESI=0127A050
	EDI=0126DD80   EBP=0088FB60   ESP=0088FB28   
	CS=015F   DS=0167   SS=0167   ES=0167   FS=2BA7   GS=0000                       
	______________byte______________________________PROT________
	
	015F:00403A49  8B0E       MOV       ECX,[ESI]
	015F:00403A4B  8B1F       MOV       EBX,[EDI] <== break here
	015F:00403A4D  39D9       CMP       ECX,EBX
	015F:00403A4F  7558       JNZ       00403AA9

	_________________________ WINNC32!CODE+2A49 ___________________

	Break due to BPR #0167:0126DD80 #0167:0126DD95 RW
	Press F10 once - stop at 015F:00403A4D - check EBX, ECX, EDI, 
	and ESI registers : 

	:? ebx                                                                          
	38383337  0943207223  "8837"  ==>	your fake code in reverse
						order                                                  
                                                         
	:? ecx                                                                          
	32343932  0842283314  "2492"  ==>	your potential red code in
						reverse order

	:d esi	   did you see interesting  2942-5141-7761 at virtual
		   address 0167:0127A050 ?  write it down!

	:d edi    your fake  73881050 at virtual address 0167:0126DD80



7.  Disable all breakpoints by typing 

	BD *   [enter]
	Press F5 or X to return to the main program
     

8.  Repeat registration procedure and keyed-in 2942-5141-7761 as 
    your S/N. 
    Click OK button .....  there you're registered.


9.	Where the hell is my registration code is stored ??

	The correct registration code is stored in the registry as
	follows : 
	REGEDIT4
	[HKEY_CURRENT_USER\Software\WinNc 2.0]
	"LanguageDll"=""
	"ShowTips"=dword:00000000
	"State"=dword:00000001
	"RegistrationName"="Pirates Order"
	"CompanyName"="Red Rackham"
	"SerialKey"="2942-5141-7761"


10.  How can I practise with my own user name ?

	-  I strongly recommended you not to do this !




					E N D   N O T E S


		Distributing your serial number is illegal and is no 
			different than distributing illegal 
				copies of the registered 
				 software. Violation of
					this rule may 
					  result in 
			temporary or permanent revocation of this
			     license and cancellation of the 
			              serial number; 
				   the original licensee
			   will also be held responsible for 
			    damages, physical and estimated.


   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
      < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 		Never attribute to malice that which is adequately 
				explained by stupidity


ASTAGA [D4C/C4A] tute-winnc2kpro202.zip
[EOF] 12/17/00 6:08:55 PM