Cracking for Newbies  - by Dahood
                

Target: Disk Utlility 

Tools used: W32dasm
	    Hview
	    

Protection: 1.Nag Screen


NOTE: This tutorial is not totally for newbies so i excpect that u know
1.how to use w32dasm
2.how to use hview (change,search,etc...)
3.Assembly


now after 30 days U have to uninstall the program , so if u dont uninstall it it still works  
u just get to see the nag screen.
i change my system date to like like 2 month ahead and all it did was show a nag. 
anyways there are 2 ways 
1.hard long ( good to know)
2.takes 2 sec

so make 2 copies of the program
Disassemble the program

1.
use copy 1
we are tryin to go striaght to the real program.
from the menu click on debug---->load process---->load and u should be here

//******************** Program Entry Point ********
:004114D0 55                      push ebp
:004114D1 8BEC                    mov ebp, esp

click step over untill u see 

:0041161D E875FF0000              call 00421597

now click in step in to and ull be here
:00421597 FF742410                push [esp+10]----u land here step over till
:0042159B FF742410                push [esp+10]
:0042159F FF742410                push [esp+10]
:004215A3 FF742410                push [esp+10]
:004215A7 E87C830000              call 00429928 ---->when u get here click step into
and u should be here

:00429928 53                      push ebx
:00429929 56                      push esi

keep stepinto over till u see
:0042995F FF5658                  call [esi+58] now step into and ull be here

:0040A04F 55                      push ebp
:0040A050 8BEC                    mov ebp, esp
now step over untill ( we are almost there just tryin to trace the of the nag)
there has to be je or jne to nag other wise real program

:0040A18D E863040000              call 0040A5F5 now step into and u should be here

0040A5F5 55                      push ebp
step over till u get here

:0040A63C 740A                    je 0040A648 **if this jmp makes it it will jmp over :0040A642
:0040A63E 8B06                    mov eax, dword ptr [esi]
:0040A640 8BCE                    mov ecx, esi
:0040A642 FF90C0000000            call dword ptr [eax+000000C0] **when u get here the nag shows

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040A631(C), :0040A63C(C)
|
:0040A648 33C0                    xor eax, eax
:0040A64A 5E                      pop esi
:0040A64B C9                      leave
:0040A64C C3                      ret

so now we know if this jmp  je 0040A648 makes it to 0040A648. then it will jmp over 
0040A642 which calls the nag 
so lets change je to jne
        :0040A63C 740A                    je 0040A648 
will be :0040A63C 750A                    jne 0040A648

now open the program.... did it work yes

for this u have 
2. open the copy 2 in hview 
make sure ur in text mode
and search for & R e g i s t e r and u will find it at 00451570 loo
u should see   FF FF 80 26 00 52 00 65 00 67 ==  change the 80 to 7e

save and exit now try it does it work???? yes
 but when ur in the program the about button wont work, but the first way the about button work
u chose what is better for u

i hope i didnt confuse u and if u have any question, comments
my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com

i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there 
tutorials
also a big thanks to krobar's site http://zor.org/krobar
 
				Cracking for Newbies  - by Dahood50FBC 8B80F0010000            mov eax, dword ptr [eax+000001F0]