ษออออออออปษออป  ษออปษออออออออปษอออออออปษอออออป   ษออปษออออออออปษออป
   บDBC     บบ  บ  บ  บบ        บบ       บบ     ศป  บ  บบ        บบ  บ
   บ        บบ  บ  บ  บบ        บบ       บบ      ศป ศออผบ        บบ  บ
   ศออป  ษออผบ  บ  บ  บศออป  ษออผบ  ษอป  บบ  ษอป  ศปษออปบ  ษออป  บบ  บ
      บ  บ   บ  บ  บ  บ   บ  บN  บ  บ บ  บบ  บ บ   บบ  บบ  บ  บ  บบ  บ
      บ  บ   บ  บ  บ  บ   บ  บU  บ  บ บ  บบ  ศอผ  ษผบ  บบ  ศออผ  บบ  บ
      บ  บ   บ  บ  บ  บ   บ  บK  บ  บ บ  บบ      ษผ บ  บบ        บบ  บ
      บ  บ   บ  บ  บ  บ   บ  บE  บ  บ บ  บบ     ษผ  บ  บบ  ษออป  บบ  บ
      บ  บ   บ  บ  บ  บ   บ  บM  บ  ศอผ  บบ     ศป  บ  บบ  บ  บ  บบ  ศอออป
      บ  บ   บ  ศออผ  บ   บ  บ   บ       บบ  ษป  ศป บ  บบ  บ  บ  บบ      บ
      บ  บ   บ        บ   บ  บ   บ       บบ  บศป  ศปบ  บบ  บ  บ  บบTutorsบ
      ศออผ   ศออออออออผ   ศออผ   ศอออออออผศออผ ศอออผศออผศออผ  ศออผศออออออผ


Nag and Timeremoving with W32dasm
ฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐฐ

Welcome to my second "English" Tutorial.
Please excuse my bad English but I am German 

Ok Lets start.

The Programm that we crack today calls Constructer 98.

Unfortunately, I don't know any valid download adress.
I get this programm from a CD.

As tools to crack you need a disassembler i use the W32Dasm v. 8.93
you can find it on www.crackstore.com.
And a Hex Editor Hex Workshop 2.54 also availible on crackstore.

As first we start the program and look for the protection.
We`ll find a Nagscreen with follow message on start.
" The evaluation Copy of Contstructer 98 will expired on ##.##.##"

Ok first introduces your system clock  30 days.

And start the Programm again.

Now you get a Nagscreen with an nother message.

"Your free trial preiod has expired! ...................." 

Ok now start W32Dasm 8.93 and disassemble the constructer98.exe.

After disassembling look at the strg*ref......scroll a littlebit; below
you will find the follow strg's:

"xl"
"XX.CPP"
"XXTYPE.CPP"
"Y"
"Yellow"
"YellowGreen"
"You have 30 days of your 30 day "
"You must save the file before "
"You must save the site before "
"You must select the entire tag "
"You must specify a browser to "
"You must type in a name"
"You select an image file"
"Your free trial preiod has expired!" <------- The Strg from the Nagscreen.
"YY]"
"yyyy"
"yyyy"


----------------------
                     -

Doubbleclick at the Strg, and close the ref window.

Now you are back at the dissambling Window.
Scroll up to the function beginning.

Below the beginning you'll find either a conditional or a unconditional Jump Adress.
You recognize her at this (C) for conditional or a (U) for the unconditional Jump Adress.

Click on "Goto" --> Goto Location Code , and type the Conditional Jumpadress into the Textbox, but without the (C) !!!

Press the Goto Button.

And you will land here 


:0042C527 7552                    jne 0042C57B  <-- This is the bad Jump.
          ^^^^                    ^^^
          ||||                    |||
         Hexdata                ASM Code

Invert the Hexdata.

Change the  7552 to a 7452 with the Hexeditor.
To find this posission in the hexcode you must note the Offset below at the statusbar from 
W32Dasm. ( The Offset at the Statusbar beginns with @Offset ................ in File:...)
!! Not the first Offset note the second Offset area.!!

Go to the Hexeditor and load the Constructor98.exe into.
Press Ctrl+F5 and push the (  |o| Dec    |o| Hex   )  Hex Button.
                                         ^^^^^^^
After then type your offset into the textbox and press OK.

Now your courser still stand before 7552 Now change to 7452 and Save your changing.


If you start Constructor 98 again you will see the first Nag Screen with the message:

" The evaluation Copy of Contstructer 98 will expired on ##.##.##"

But you can use the Programm ;)

But we dontlike nags and kill them also.


Look at the Strg*ref.

"Text="
"Text="
"TEXT="
"TextHeight"
"tgtTypPtr != 0 && __isSameTypeID(topTypPtr, "
"tgtTypPtr != 0 && IS_STRUC(tgtTypPtr->tpMask)"
"This evaluation copy of Constructor "        <----- Here is it.
"This program has not been properly "
"Thistle"
"Tomato"
"Tool windows must be owned by "
"top"
"Top"
"TOPMARGIN="
"topTypPtr != 0 && IS_STRUC(topTypPtr->tpMask)"
"tp1"
"tp1->tpName"



Doubbleclick on it.

Now the same method how the first Nag.
Scroll up to the beginning of function
and Goto the Conditional Jump adress.

:0042C579 742F                    je 0042C5AA

This ist your Jump.

Change the Jump to

:0042C579 90                    nop 0042C5AA
:0042C579 90                    nop 0042C5AA

((Offset 0002BB79))


Nope the complete Jump.

Start constructor again and the Nag with the Message:

"Your free trial preiod has expired!........"  pop ups again.


But load again the constructor.exe into the w32dasm and debugg the process
After disassembling click on Debug and Load Process type nothing into the textbox and press load.

Press F9 to run the Programm.
If you see the Nag Screen Press F7 to look who calls this Nag.
Dont press the OK button press the Terminate Process button at your Debugging window.
You will land here:

:0047512B 8945FC                  mov dword ptr [ebp-04], eax

Scroll up and you see this call:

:00475126 E8C5A20700              Call 004EF3F0
            ^^
Change the call to 

:00475126 E890A20700              Call 004EF3F0
            ^^


Start Constructor and the nag be killed.
But Constructor calls the end of the programm directly. :(

But Remember that the Nags change ever you change a nag the other one will pop up.

Now we rechange the First nag with the Message:

" The evaluation Copy of Contstructer 98 will expired on ##.##.##"

You remember that we has change it from


:0042C579 742F                    je 0042C5AA   

To 


:0042C579 9090                    nop 0042C5AA

ok rechange it to 


:0042C579 742F                    je 0042C5AA

and Save.

Turn with the system clock 30 Days back to the regular systemtime
and start the Programm again.

Great it works :))

Fine we has crack it ;)

NUKEM [DBC]
webmaster@da-breaker-crew.de
ICQ: 54106488
http://kickme.to/dbc