=============================================================================================================== Title : WINZIP 8.0 (PROGRAM) Version : 8.0 Protection : Serial Number Producer : http://www.winzip.com Cracker : Zaks (tntpcclub@hotmail.com) Tools : Softice Difficulty : Very Easy Tutorial No. : 5 Font : Courier New (8) =============================================================================================================== 1) Install Winzip 8.0 . Restart your computer with Softice loaded. Run winzip32.exe. Click on "Enter Registration Code". Type Zaks as Name and 123456789 as Registration #. Click ok and a message box pops up with "Incomplete or incorect information". OK that is enough to us to see that a message box appers and we have to make brakepoint (bpx) on getwindowtexta or getdlgitemtexta (I have found that getdlgitemtexta is the right one). Click ok and we are again in Winzip registration window and our info is there as well. Gtrl-d and we are in Softice. Now type "bpx getdlgitemtexta" (whitout inverted commas of course) then press Enter. F5 and we are back in Windows and we see our Winzip registration window with name Zaks and number 123456789. So we click ok and ... we are in Softice. We press F5 once and Softice pops up again (we can press F5 more times and we must do it to see how much times Softice breaks before returning us to Windows. This time if we press F5 once again we are back in Windows so pressing F5 just one time is enough). Then to go to an usuful piece of code we must press F12 (it is the same way we were using F5 so we see pressing F12 just once is enough). So we see something like this : 00407FD5 PUSH ESI ................. (skipped some code here) 00407FB5 CALL 004079D5 ; We know this is an usual check routine TEST EAX,EAX JZ 00408005 ; Tracing with F10 and if wrong code here we take this jump So we trace the code with F10 go over the call and on JZ we take the jump and unfortunately it lead us to : ................. 00408018 CALL 00430025 ; Call to our messagebox with "Incomplete or incorect .. " and back in Windows 2) So now we are sure that the check routine above is the right one. We must get into this call and there if we are lucky and have the skills we will find our true serial number. So once again click ok and we are in Softice again. Press F5 then F12 and begin tracing with F10. When you are at line 00407FB5 CALL 004079D5 press F8 and you are inside the call. Trace with F10 and if a register look suspiceous to you (you think the right serial may be in it) use d register or ? register (exmpl d eax or ? eax). On the first to pages (I am using Softice in 60 lines mode) there is no valuable info about our serial but later we see : 00407AC5 PUSH EAX ; Our true serial is stored here in EAX We quickly type d eax and excelent we have found our serial : 29520290. We continue tracing and before ret (which will retutn us to test eax,eax) we see once again 00407B34 PUSH EAX Again d eax give us another serial : 81960656. Great. We type in Softice bc* to clear our breakpoints then we press F5 to leave Softice. We are now filling our right info in Winzip reg window Name Zaks, Reg # 29520290 or 81960656. Press Ok then Ok once again then Yes (we agree with the terms He-He) and we are registered. =============================================================================================================== 09.23.2000 Written by Zaks. No more