*****Tut Begins***** Program: 3D Mark 2000 Pro (Build 335) Home Page: http://www.madonion.com Size: 19Mb Prog Synopsis: Provides a benchmark check on your computer for 3D gaming. Tools needed: SoftIce Method: This really didn't start out to be a tutorial. I was just killing some time and thought I'd benchmark my 'puter so I downloaded 3D Mark from madonion.com (If you're going to do this, be prepared for a long download - have a beer, few ciggies, sex etc - since this baby is 19.4 megabytes!). I understood that this proggie was freeware and when I clicked on the setup.exe, I was suprised to find a box requesting my name and registration number. I then realised that this was to make the proggie into the 'Pro' version. Since I hadn't even got the thing installed yet, I had no idea what the difference between the 'Pro' and 'Standard' version was! OK not to be outdone, lets crack the mutt! I put in the following: Reg-Name jkon7 Reg-Code 12121212 Of course, I got the wrong code message. Grrr! *#$! Press the OK to get rid of the message and open Sice and set a bpx hmemcpy. F5 out of Sice, press the OK to register button and Sice fires up. Press F11 - F5 - F11 - F12(7 times) to get back into the proggie and arrive at 0167:0123E254 mov ecx, [ebp+10] OK F10 down (through a few jumps and returns etc) and you eventually get to 0167:01231BA1 call 0123155C <----------------F8 here On checking the data window just before I arrived at this call I noticed my S/N being displayed so I thought I ought to go into this call (by pressing F8) to see what was happening. F8 leads to 0167:0123155C push ebp F10 down to 0167:01231565 call 01232A60 <---------------F8 here Again I could see my S/N so let's F8 into this - which leads to 0167:01232A60 mov ecx, [ebp+04] F10 down to 0167:0123156E jnz 012315C1 Now at this point Sice indicated I was going to jump but I had a feeling about this (maybe I'm gaining a little zen :-) and the jump seemed to me to be a long way down and by-passing a lot of code so I decided to change the 'jump' into a 'no jump'. You can do this in 2 ways: 1. Using your mouse to highlight the 'z' in the flags register and pressing the 'Insert' button on the keyboard and then clicking back on the highlighted code line (which will now change to show 'no jump') or 2. Entering r fl z at the command line. Anyway, having done this I F10 'd down to 0167:012315D4 push edi <----------------d eax here If you do a d eax at this point you see in the data window the true 'echo' i.e. S/N. In my case this was RP547-RVF8X-YXVRK Disable your breakpoint - come out of Sice and enter your 'echo'. Job done - yee haw!! Now I can start to find out what this Pro proggie does! Hope this helps. jkon7 Remember the crackers code - if you use a proggie, please buy it! ******Tut Ends******