Cracking for Newbies  - by Dahood
                

Target: Mr.Captor v 1.2

Tools used: W32dasm
	    Hview
	    ProcDump32 

Protection:
1.serial


NOTE: This tutorial is not totally for newbies so i excpect that u know
1.how to use w32dasm
2.how to use hview (change,search,etc...)
3.Assembly



Disassemble the program it crashes...... must be packed


open it in hview and at the top it says upx 1.20
k so we know what is it packed with
for most of the packed programs i use ProcDump
open procdump and click on unpack , pick a file , pick upx ....
anyways unpack it and save the unpacked to a different name like unpack.exe


now try to disassemble it again ??? better

at this point i know that u know what ur looking for right? ;)
k we tried to register and we wrote down the error message 
and when we searched we found 2 
1.
* Possible Reference to String Resource ID=32832: 
"rsion: %s'This is unregistered copy of Mr. CaptorRegistered"
                                  |
:00419FF7 C744246440800000        mov [esp+64], 00008040

* Possible Reference to String Resource ID=32833: "on
Serial #: Mr. Captor Home: Invalid serial number

it doesnt look interesting to me 

2.

* Possible Reference to String Resource ID=59238: "d copy of Mr. CaptorRegistered to: "
                                  |
:0041CBCE 6866E70000              push 0000E766
:0041CBD3 E8D819FFFF              call 0040E5B0
:0041CBD8 83C404                  add esp, 00000004
:0041CBDB EB3B                    jmp 0041CC18

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041CB90(C)
|
:0041CBDD C7866002000001000000    mov dword ptr [esi+00000260], 00000001
:0041CBE7 EBDE                    jmp 0041CBC7

* Possible Reference to String Resource ID=59239: ": Invalid serial number!Error opening filter!Scrolling er"
                                  |
:0041CBE9 6867E70000              push 0000E767
:0041CBEE E8BD19FFFF              call 0040E5B0
:0041CBF3 83C404                  add esp, 00000004
:0041CBF6 EB20                    jmp 0041CC18

now this looks better right... u see the conditional jmp 0041CB90 go to it and  u should be here


:0041CB8E 85C0                    test eax, eax
:0041CB90 754B                    jne 0041CBDD
:0041CB92 68CC634800              push 004863CC


to me it look like if the pass matchs at  jne 0041CBDD jmp to invalid serial else continue to

* Possible Reference to String Resource ID=59238: "d copy of Mr. CaptorRegistered to: "

easy right 
now open the unpacked file in ur fav hex editor (hview)
 u should know the offset add which 1c190
so f5 to go to the add
f3 to edit
change jne to je or 754B to 744B
f9 to save
f10 to exit
now open the program try to register..... it s disabled
ok try about and ur registered
good work

i hope i didnt confuse u and if u have any question, comments
my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com

i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there 
tutorials
also a big thanks to krobar's site http://zor.org/krobar
 
				Cracking for Newbies  - by Dahood