------------ HOW TO FIND REAL SERIAL NUMBER BY USING SOFTICE ---------------


Program : FullDisk 4.2
File Size : 1.18MB
Web-site : http://www.worldlynx.net/pgerhart/
Cracked By : Ex3cutor
Email : Ex3cutor@hotmail.com


About the program :


FullDisk lets you view your hard disk contents on a tree-by-tree basis. FullDisk gives you a Tree to navigate among your local or network drives and their folders. Select a drive or folder and FullDisk computes the size of that branch and shows you the results on a per-folder basis using a colored list box of sub-directories. Also, the data is shown as a color pie chart. Double clicking on the pie chart or the list box navigates down the tree. Menu picks, popup-menu and the Tree help you naviagate and select how you want the data presented or saved. FullDisk is for Win95/98 and WinNT/2K.



******************** START SEARCHING FOR THE REAL LICENCE KEY *****************************


1) Start FullDisk 4.2

   Go to 'File' --> 'Register...' to show the registration box.

   Key in as follows :

   Name : Ex3cutor
   Code : 12345678

   Now click 'Valide My Codes' to see what error message will come out !

   opps ! We have 2 error message !

   The first error message is 'Invalid character in user name' followed by the second message
   'Name/Code mis-match. Try again.'

2) Damn ! Our user name is not accepted due to an invalid character '3'. That's ok ! I'll tell
   you later how to bypass this check. But first of all, let's change our user name to :

   Name : Executor
   Code : 12345678

   This time, do NOT click 'Valide My Codes'! Fire up SoftIce by pressing "Ctrl D" and set a
   breakpoint as follow :

   bpx hmemcpy [Enter]

   then press F5 to return back to the program

3) Now, click 'Valide My Codes' to go back to SoftIce.

   Within SoftIce, press F5 once !

   then, type

   bc * [Enter] to clear our breakpoint

   Then, press F11 once followed by F12 8 times to reach to the following codes :


   00407771 6A32                    push 00000032
   00407773 8B4DFC                  mov ecx, dword ptr [ebp-04]
   00407776 83C164                  add ecx, 00000064
   00407779 51                      push ecx
   0040777A 8B5508                  mov edx, dword ptr [ebp+08]
   0040777D 52                      push edx


   If nothing goes wrong, you'll stop at

   00407771 6A32                    push 00000032


4) Now set another break point as follows :

   bpx 406531 [Enter]

   Press F5 once

   We'll then step into the following codes :

   00406531 898578FFFFFF            mov dword ptr [ebp+FFFFFF78], eax
   00406537 8D4588                  lea eax, dword ptr [ebp-78]
   0040653A 50                      push eax
   0040653B 8B8D7CFFFFFF            mov ecx, dword ptr [ebp+FFFFFF7C]
   00406541 E828FDFFFF              call 0040626E
   00406546 898574FFFFFF            mov dword ptr [ebp+FFFFFF74], eax
   0040654C C645FC01                mov [ebp-04], 01
   00406550 8D4D88                  lea ecx, dword ptr [ebp-78]
   00406553 E818070000              call 00406C70
   00406558 85C0                    test eax, eax

   If nothing goes wrong, you'll stop at

   00406531 898578FFFFFF            mov dword ptr [ebp+FFFFFF78], eax

5) Now press F10 7 times to stop at

   00406550 8D4D88                  lea ecx, dword ptr [ebp-78]

   Look at the register window !

   Under the register ESI=xxxxxxxx
   Did you see SS:xxxxxxxx=xxxxxxxx ???            (* where xxxxxxxx=memory address *)
                                           (* it may be different from different computers *)

   In my case, it shows

   SS:0064F968=00664660

   Now display the address 00664660 by typing

   d 664660 [Enter]

   What did you see ? Our REAL code is there !!! (which is B23DC219 in this case !)

6) Exit SoftIce and enter this REAL code (B23DC219). You'll then be welcomed by a "Thank-you"
   message !

7) If your user name contains 1 or more 'invalid characters' and you insist of using this user
   name, I'm gonna show you how to patch this program to make it accept any user name !

   Do a dead listing of this program by W32DASM !

   Search for the string "Invalid character in user name"



   * Referenced by a (U)nconditional or (C)onditional Jump at Address:
   00406356(C)

   004063AE C745E001000000          mov [ebp-20], 00000001
   004063B5 6A00                    push 00000000
   004063B7 6A00                    push 00000000

   * Possible StringData Ref from Data Obj ->"Invalid character in user name"
                                  |
   004063B9 68F8574100              push 004157F8

   * Reference To: MFC42.Ordinal:04B0, Ord:04B0h
                                  |
   004063BE E81B780000              Call 0040DBDE
   004063C3 EB05                    jmp 004063CA


   As you can see, the call to this error message is from 00406356.
   Now go to 00406356

   * Referenced by a (U)nconditional or (C)onditional Jump at Address:
   0040633D(C)

   00406346 837DC800                cmp dword ptr [ebp-38], 00000000
   0040634A 750C                    jne 00406358
   0040634C 837DD800                cmp dword ptr [ebp-28], 00000000
   00406350 7506                    jne 00406358
   00406352 837DD400                cmp dword ptr [ebp-2C], 00000000
   00406356 7456                    je 004063AE


   Now, what you have to do to patch this program to make it accept any user name is to change

   00406356 7456                    je 004063AE

                      | |
                      | |
                      | |  TO
                      \ /
                       |
   00406356 7556                    jne 004063AE

   Now the program will accept any user name.

   The rest is as simple as 1-2-3 !
   Just repeat the search for real code again starting from step (1)

   Enjoy :)