Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com


Main | Index

RAM Cheat 1.1

Type : Game Cheat
Protection : Serial
Tech : Serial Fishing


Crack : This program is developed by the same people of WinHex ...
WinHex uses API SetTimer to set the timing of NAG .... so let us see if this is done here also.

So enter any two fake 5 digit number as CODE I and CODE II ...Now click "OK" button.
It will tell us to restart program as it uses "Ramcheat.cfg" file to store S/N.It is a configuration
file used store S/N and it is only checked at startup.

So in SICE BPX SETTIMER ...now start RamCheat ... when we pop in to programs code section
look the code above this API.

0x410DAD CMP EAX,[EDI+14] >> CODE II - IN HEX FORMAT
0x410DB0 SETZ BYTE PTR[00417A07]
..................................................
0x413947 CALL 40FB60
0x41394C CMP EAX,[00416F2C] >> CODE II - IN HEX FORMAT | EAX = REAL CODE II -IN HEX FORMAT

Registration Info :

CODE I = 55555
CODE II = 552929

BP-20]
....INSIDE THIS CALL ....
0x66ABC95D CMP BYTE PTR [EBX],18 ----> 24 CHAR
.................................................
0x66ABC96B CMP CL,AL => AL = 2D '-' ; CL = 5TH CHAR OF S/N
.................................................
0x66ABC973 CMP [EBX+0A],AL
.................................................
0x66ABC97C CMP [EBX+0F],AL
.................................................
0x66ABC985 CMP [EBX+14],AL
.................................................
0x66ABCB79 CALL 66ABCD60 ---------- LOOK UP TABLE
.................................................
0x66ABCB8C CALL 66ABCD60 ---------- LOOK UP TABLE
.................................................
0x66ABCD98 CMP BL,AL --------------- COMPARE LOOK UP TABLE COUNTS [BL] WITH AL
.................................................
------- LOOP .... GO UP ----TILL ALL CHARS OF S/N ARE FINISHED------

Registration Info :

5.0 Pro Player Key :

Name = DHEERAJ
Organization = MxB
S/N = EMXP-GJ4Q-QG2E-Q44M-5555

Future Pro Player Key :

Name = DHEERAJ
Organization = MxB
S/N = KUCA-4PG4-448D-GUDN-5555


eturns Integer: 1

Registration Info :

Name = DHEERAJ
Product ID = 3897695580138
Unlock Key = 1283792544077

Note : This is where the program is storing its 50 execution count :Inside the registry ..

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control]
"winsystem"="††"
"windows"="„†zŒ‡}Œ…"

Those invalid charecters are its count if you increase it you will get 50>+ execution ..

 


0x40A6AB CMP EDI,EAX =>3C --"60" ; EDI = NO: DAYS USED
0x40A6AD JLE 40A70A = 7E 5B --> GOOD BOY OFFSET = A6AD
...........................................
NOW BPMB 5F5A78 RW --- CONTINUE
...........................................
0x40A942 PUSH 5F5A78
0x40A947 CALL [005B42A8]
0x40A94D ADD ESP,04
0x40A950 CMP EDI,EAX
0x40A952 JLE 40A973 = 7E 1F --> GOOD BOY OFFSET = A952

So all you want to do is to convert :
JLE ---> JMP i.e 74 ===> EB

 


Suppose we just try to redirect this check to an original and virgin