Net Executive Screen Saver Engine 1.0.5.2517

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Net Executive Screen Saver Engine 1.0.5.2517

Type : Screen Saver
Protection : Serial
Tech : Serial fishing

Crack : Enter fake S/N and in SICE BPX GETWINDOWTEXTA

0x40B399 MOV EAX,[EAX] ---------> REAL S/N
0x40B39B PUSH EAX
0x40B39C MOV EAX,[ESP+0C] -----> FAKE S/N
0x40B3A0 PUSH EAX
0x40B3A1 CALL 41919C
...............................
0x40B3AF SETZ AL ----------------> FLAG SET

Registration Info :

S/N = 101593/071389

880 CALL 4BCD20
0x4BD885 TEST AL,AL
0x4BD887 JZ 4BD895

INSIDE THIS CALL ...

0x4BCDAA CALL 47CFB8
0x4BCDAF CMP EBX,[EBP-04] --- REAL S/N ; EBX = FAKE S/N FIRST SET
0x4BCDB2 JNZ 4BCDB9
0x4BCDB4 CMP EAX,[EBP-08] --- REAL S/N ; EAX = FAKE S/N SEC SET
0x4BCDB7 JZ 4BCDBD

Registration Info :

Name = DHEERAJ
S/N = E5514B1E-47FB1F3D

0x67A04579 CALL EDI
...................
0x67A04589 CMP EAX,05 >> LOOP CHECKING FOR '-' AFTER 5 CHAR

SO OUR S/N IS IN THE FORM

S/N = XXXXX-XXXXX-XXXXX-XXXXX

Registration Info :

S/N = 0C587-C4255-55555-55555

LEA EAX,[EBP-0178] --- FAKE PASSWORD
0x41E412 LEA EDX,[EBP-0194] --- REAL PASSWORD
0x41E418 MOV CL,[EAX]
0x41E41A CMP CL,[EDX] ---- COMPARE BOTH

So change real encrypted key :

C2smjxwrs7Sj6 => C2.HEKRCFNhaw. -- offset = E3EFC
Hex = 43 32 2E 48 45 4B 52 43 46 4E 68 61 77 00

Registration Info : Change real encrypted key and enter following code in register window

Key = 3254-345-345
First name = DHEERAJ
Last name = MXB
Password = BDPWBYAI

- "Muexplor.exe"
********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = 1531

5. LIBRARIAN - "Librarian.exe"
**********************
Same shit is also used here,so just scan for hex string - "2B C6 40 3B C3"
and change :
"2B C6" ----> "33 C0"
OFFSET = ADF1

6. ON DISPLAY - "Mupanel.exe"
***********************
Use API Spy we can see it is reading three registry keys - "Eval1 - Eval2 - Eval3"
starting from address 0x004091E6 ...
So in SICE BPX 4091E6 ...TRACE ....

0x40937D MOV EAX,[0041AD10]
0x409382 JNZ 00409393
0x409384 CMP EAX,1E = 30 DAYS

So it is storing no: of days at 0x0041AD10 ....So in SICE
BPMB 41AD10 RW ---- Restart ....

0x409355 TEST EAX,EAX
0x409357 MOV [0041AD10],EAX --- STORE NO: OF DAYS :)
0x40935C JLE 40936C

So our crack will be :

0x409355 XOR EAX,EAX - 33 C0 - OFFSET = 9355

E86C0A0000 CALL 004111F5
015F:00410789 48 DEC EAX --------> Make EAX = 0
015F:0041078A 7403 JZ 0041078F ---> BAD Boy
015F:0041078C 48 DEC EAX
015F:0041078D 750C JNZ 0041079B ---> Good Boy

Patch : Offset : FB89

015F:00410784 E86C0A0000 CALL 004111F5
015F:00410789 90 NOP
015F:0041078A 90 NOP
015F:0041078B 90 NOP
015F:0041078C 90 NOP
015F:0041078D EB0C JMP 0041079B

Opps this DREAMPOP.EXE is using CRC checking :(