------------ HOW TO FIND REAL SERIAL NUMBER BY USING SOFTICE ---------------


Program : Flash 32 Version 3.10
File Size : 1.76MB
Web-site : http://www.logipole.com/indexe.html
Cracked By : Ex3cutor
Email : Ex3cutor@hotmail.com


About the program :


Flash 32 is a powerful screen, image and sound capture tool.
Use your mouse to capture a portion of the screen (any shape, any size), an 
individual window component, an entire window or a full screen. Capture from 
scanner, from your audio card (save under WAV, MP3), from files (exe, dll, 
ani, cur, bmp, ico, icl...), from the clipboard, include the cursor or not, 
or even another cursor. Captures can be saved in a wide variety of image 
formats (97 different, including jpeg, gif, tif, tga, eps, vrml, png, pcd, 
psd...)
You can even capture web sites, images from the Internet cache, images from 
webcams all over the Internet and produce videos clips.
Other neat features include image resizing, cropping, filters, color 
adjustment, definable hotkeys, automated captures, printing, animation 
production (avi, mpeg, fli, flc). Flash 32 produces buttons, screen savers, 
animated cursors, wallpapers, desktop themes, windows logos... Flash 32 is a 
handy tool for anyone who needs to capture, create animations or convert 
images easily.


******************** START SEARCHING FOR THE REAL LICENCE KEY 
*****************************


1) Start Flash 32 Version 3.10

   Show the registration box

   Key in as follows :

   Name : <TNT>
   First Name : Ex3cutor
   Key : 1234567890


2) Press 'OK' ....

   An error message will appear to say that your key is INVALID !

   This is expected as our key is FAKE !

   What we do now is to remember the error message :

   "Invalid Key
    Please enter your name and key as they have been delivered to you"


3) Now, disassemble the program and do a dead listing by W32Dasm ...

   Go to 'Refs' -> 'String Data References' and search for our error message 
"Invalid Key"

   It will lead you to the following codes :

   * Possible StringData Ref from Data Obj ->"Invalid key"
                                  |
   :0041FC42 68C8C04500              push 0045C0C8
   :0041FC47 55                      push ebp


4) Trace the codes a bit backward, and stop at

   * Referenced by a (U)nconditional or (C)onditional Jump at Address:
   |:0041FBF2(C)
   |
   :0041FC13 8B442410                mov eax, dword ptr [esp+10]
   :0041FC17 8D9424BC000000          lea edx, dword ptr [esp+000000BC]
   :0041FC1E 35F0BD6824              xor eax, 2468BDF0
   :0041FC23 52                      push edx
   :0041FC24 A398A94600              mov dword ptr [0046A998], eax
   :0041FC29 E8E3010200              call 0043FE11
   :0041FC2E 8B0D98A94600            mov ecx, dword ptr [0046A998]
   :0041FC34 83C404                  add esp, 00000004
   :0041FC37 3BC1                    cmp eax, ecx
   :0041FC39 742E                    je 0041FC69
   :0041FC3B 6A10                    push 00000010

   * Possible StringData Ref from Data Obj ->"Register"
                                     |
   :0041FC3D 6830A24500              push 0045A230

   * Possible StringData Ref from Data Obj ->"Invalid key"
                                  |
   :0041FC42 68C8C04500              push 0045C0C8
   :0041FC47 55                      push ebp


   See the code at 0041FC37 ?
   It is a comparison !!! (cmp eax, ecx)

   This is a good place where we start !

   We can assume this is where the FAKE key and the REAL key are compared !

   If they are equal, it will jump directly to the code 0041FC69.
   Otherwise, just print out the error message !

   So, remember this code address : 0041FC13


5) Ok ! Let's start to fnd the REAL key by SOftIce now !

   Repeat step (1)

   However, do NOT press 'OK' this time !

   Fire up SoftIce by pressing "Ctrl D" and set a breakpoint as follow :

   bpx getdlgitemtexta [Enter]

   then press F5 to return back to the program



6) Now, click "OK" to go back to SoftIce.

   Type

   bc * [Enter] to clear our breakpoint

   Then, press F12 ONCE to reach to the following codes :

   :0041FA9E 85C0                    test eax, eax
   :0041FAA0 7538                    jne 0041FADA
   :0041FAA2 6A10                    push 00000010

   If nothing goes wrong, you'll be stopped at

   :0041FA9E 85C0                    test eax, eax


7) Set another break point by typing

   bpx 0041FC13 [Enter]

   Press F5 ONCE !

   If nothing goes wrong, you'll stop at the following codes :


   :0041FC13 8B442410                mov eax, dword ptr [esp+10]
   :0041FC17 8D9424BC000000          lea edx, dword ptr [esp+000000BC]
   :0041FC1E 35F0BD6824              xor eax, 2468BDF0
   :0041FC23 52                      push edx
   :0041FC24 A398A94600              mov dword ptr [0046A998], eax
   :0041FC29 E8E3010200              call 0043FE11
   :0041FC2E 8B0D98A94600            mov ecx, dword ptr [0046A998]
   :0041FC34 83C404                  add esp, 00000004
   :0041FC37 3BC1                    cmp eax, ecx
   :0041FC39 742E                    je 0041FC69
   :0041FC3B 6A10                    push 00000010


8) Press F10 twice to reach

   :0041FC1E 35F0BD6824              xor eax, 2468BDF0

   Type d edx [Enter]

   What did you see ?? it's our FAKE key ! (which is 1234567890 at this 
case)


9) Press F10 4 more times to reach

   :0041FC2E 8B0D98A94600            mov ecx, dword ptr [0046A998]

   Type ? eax [Enter]

   What did you see this time ??? It's our FAKE key again !


10) Press F10 1 more time to reach

    :0041FC34 83C404                  add esp, 00000004

    In order to retrieve the REAL key, what we need to do is just to type

    ? ecx [Enter]

    HeHeHe .... Here we go - the REAL key ! (which is 3368081549)


11) Exit SoftIce and register again with the REAL key !

    Go to 'About'

    Wow ! This software is now registered !!!


    Enjoy :)


********************************  END  
***************************************