Cracking for Newbies  - by Dahood
                

Target: Memo Kit v 2.5

Tools used: W32dasm
	    Hview
	    

Protection:
1.time trail u have 30 time to try this program 
2.Nag

NOTE: This tutorial is not totally for newbies so i excpect that u know
1.how to use w32dasm
2.how to use hview (change,search,etc...)
3.Assembly


move the system date 30 days ahead and open the program  write down the expired message

Disassemble the program 
and search for expire  and u should be here




:0040FE1C 7E6F                    jle 0040FE8D 
:0040FE1E 6A00                    push 00000000
:0040FE20 8B4D08                  mov ecx, dword ptr [ebp+08]
:0040FE23 51                      push ecx

* Reference To: USER32.EnableWindow, Ord:00B2h
                                  |
:0040FE24 FF1548574700            Call dword ptr [00475748]
:0040FE2A 6A10                    push 00000010

* Possible StringData Ref from Data Obj ->"MemoKit trial version has expired!"
                                  |
:0040FE2C 6844924300              push 00439244

* Possible StringData Ref from Data Obj ->"You are using the expired trial "
                                        ->"version of Memokit."


scroll up 
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040FCAD(C)
|
:0040FDBA 83BDF4FEFFFF02          cmp dword ptr [ebp+FFFFFEF4], 00000002
:0040FDC1 0F853D010000            jne 0040FF04

now go to the conditional jmp |:0040FCAD
and u should be here

:0040FCAD 0F8507010000            jne 0040FDBA

change this jmp to 

:0040FCAD 0F8407010000            je 0040FDBA

open hview go to the offset (found at the botton of w32dasm) which is F0AD
and change jne to je 

f9 to save f 10 to exit

now test it

change the date 1 month ahead and test it again its always 30 days 

now we have a nag when we exit the program lets fix that

this is the easy part the about box is the nag so lets search for that about
and u should find this 
* Possible StringData Ref from Data Obj ->"MemoKitAbout"
                                  |
:0040F690 68C0754300              push 004375C0
:0040F695 8B4D08                  mov ecx, dword ptr [ebp+08]
:0040F698 51                      push ecx


go down a bit till u see this 
* Possible StringData Ref from Data Obj ->"about4.bmp"
                                  |
:0040F6C9 68F8904300              push 004390F8

all u have to do is 
change :0040F6C9 68F8904300              push 004390F8
to     :0040F6C9 68F8903400              push 003490F8


now this gets rid of nag and the about box


i hope i didnt confuse u and if u have any question, comments
my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com

i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there 
tutorials
also a big thanks to krobar's site http://zor.org/krobar
 
				Cracking for Newbies  - by Dahood