Cracking for Newbies - by Dahood Target: Password Protector v 1.0 Tools used: W32dasm Hview Protection: 1.Serial NOTE: This tutorial is not totally for newbies so i excpect that u know 1.how to use w32dasm 2.how to use hview (change,search,etc...) 3.Assembly open the program and try to register. it will always give u the same message so this is a little different from other programs. Disassemble the program and look for the message u got and ull end up here: :004128EB 8B8840010000 mov ecx, dword ptr [eax+00000140] :004128F1 85C9 test ecx, ecx :004128F3 0F8496000000 je 0041298F --------->go to this jmp and what did u find... "Unregistered version" :004128F9 A108114700 mov eax, dword ptr [00471108] :004128FE 89442408 mov dword ptr [esp+08], eax :00412902 C744241C00000000 mov [esp+1C], 00000000 :0041290A E887C20300 call 0044EB96 :0041290F 8B4004 mov eax, dword ptr [eax+04] * Possible StringData Ref from Data Obj ->"name" | :00412912 6818094700 push 00470918 * Possible StringData Ref from Data Obj ->"name" | :00412917 6818094700 push 00470918 :0041291C 8D4C2414 lea ecx, dword ptr [esp+14] * Possible StringData Ref from Data Obj ->"Register" <-------------ull land here | :00412920 680C094700 push 0047090C :00412925 51 push ecx :00412926 8BC8 mov ecx, eax :00412928 E8C6C40300 call 0044EDF3 :0041292D 50 push eax :0041292E 8D4C240C lea ecx, dword ptr [esp+0C] :00412932 C644242001 mov [esp+20], 01 :00412937 E808950200 call 0043BE44 :0041293C 8D4C240C lea ecx, dword ptr [esp+0C] :00412940 C644241C00 mov [esp+1C], 00 :00412945 E8C1930200 call 0043BD0B :0041294A 8D542408 lea edx, dword ptr [esp+08] :0041294E 8D44240C lea eax, dword ptr [esp+0C] :00412952 52 push edx * Possible StringData Ref from Data Obj ->"This product is licensed to:" | :00412953 68EC084700 push 004708EC :00412958 50 push eax :00412959 E8B6960200 call 0043C014 :0041295E 8B00 mov eax, dword ptr [eax] :00412960 8D4E5C lea ecx, dword ptr [esi+5C] :00412963 50 push eax :00412964 C644242002 mov [esp+20], 02 :00412969 E826890200 call 0043B294 :0041296E 8D4C240C lea ecx, dword ptr [esp+0C] :00412972 C644241C00 mov [esp+1C], 00 :00412977 E88F930200 call 0043BD0B :0041297C 8D4C2408 lea ecx, dword ptr [esp+08] :00412980 C744241CFFFFFFFF mov [esp+1C], FFFFFFFF :00412988 E87E930200 call 0043BD0B :0041298D EB0D jmp 0041299C * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004128F3(C) | * Possible StringData Ref from Data Obj ->"Unregistered version" | :0041298F 68D4084700 push 004708D4 :00412994 8D4E5C lea ecx, dword ptr [esi+5C] :00412997 E8F8880200 call 0043B294 at :004128F1 85C9 test ecx, ecx ---->test if ur registered or unregistered :004128F3 0F8496000000 je 0041298F ---->jmps if equal to unregistered ;otherwise keep reading the code so change :004128F3 0F8496000000 je 0041298F to :004128F3 0F8596000000 jne 0041298F now try to register..put ur name and any number ...Thank you restart.. u notice that after u restart the program at the title bar it still says unregistered... k try the help--->about .....u are registered so all we have to do is change the title bar from unregistered to ...... search for the string (Unregistered) and ull land here * Possible Reference to String Resource ID=57344: "Password Protector" | :0040C4EE 6800E00000 push 0000E000 ;Shows :0040C4F3 8D4C2414 lea ecx, dword ptr [esp+14] ;Password :0040C4F7 C684243801000002 mov byte ptr [esp+00000138], 02 ; Protector :0040C4FF E8B8FD0200 call 0043C2BC ;and the :0040C504 399E40010000 cmp dword ptr [esi+00000140], ebx ; checks if we are registerd :0040C50A 750E jne 0040C51A ; if not then jmp to (Unregistered) * Possible StringData Ref from Data Obj ->" (Unregistered)" | :0040C50C 68C0064700 push 004706C0 :0040C511 8D4C2414 lea ecx, dword ptr [esp+14] :0040C515 E8CDFB0200 call 0043C0E7 u probably noticed b4 the (Unregistered) it says Password Protector Change :0040C50A 750E jne 0040C51A to :0040C50A 740E je 0040C51A now in the help menu u still have &Buy Now... and &Register.... if u wana get rid of them or change the text or disable them keep reading if not ur done.... open ur fav hex editor and find & R e g i s t e r dont forget to put zero's between in the hex so in hex it would look like this 26 00 52 00 65 00 67 00 69 etc... Buy now should be around it anyways once u find it b4 the & R e g u should see 80 something like this 57 80 26 00 52 00 65 00 67 00 69 change the 80 to 7e to disable it for buy now same thing change 80 to 7e open the program and check it out... i hope i didnt confuse u and if u have any question, comments my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there tutorials also a big thanks to krobar's site http://zor.org/krobar Cracking for Newbies - by Dahoodhex editor and go to add 46d3f