Name      : URLegal

Version   : 2.1

Editor    : Paul Gerhart Software

Target    : Urlegal.exe

s/n saved : HKEY_LOCAL_MACHINE\SOFTWARE\Paul Gerhart Software\URLegal\User

Tools     : W32Dasm
            Hiew
            Brain
            
Cracker   : LW2000

Tutorial  : No.47

http://www.worldlynx.net/pgerhart/


---
DISCLAIMER
For educational purposes only!
I hold no responsibility of the mis-used of this material!
---


1.      Ok, go to the regscreen and enter the details:

        Name: LW2000

        Code: 1230099

        *BOOM* 'Name / Code mis-match. Try again.' Mhmm, wrong Code?
        Typical program bug ;)  Let's fix it.

2.      Load Urlegal.exe in W32Dasm and go to the String Data Reference.
        Doubleclick on our string:


        "Name / Code mis-match. Try again." 

        You should be here now:

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00403170(C), :0040318A(C)  <<-- here we go
|
:004031F6 6A00 push 00000000
:004031F8 6A00 push 00000000

* Possible StringData Ref from Data Obj->"Name/Code mis-match. Try again"



3.      Ok, we take a look at the conditional jumps from :00403170(C)
        and :0040318A(C). Doublerightclick on the first reference
        to go to the jump.

:00403169 E842040000 call 004035B0
:0040316E 85C0 test eax, eax
:00403170 0F8580000000 jne 004031F6 <<-- if eax <> 0 then error msg
:00403176 8D4DEC lea ecx, dword ptr [ebp-14]
:00403179 51 push ecx
:0040317A 8D5588 lea edx, dword ptr [ebp-78]
:0040317D 52 push edx
:0040317E E87D040000 call 00403600
:00403183 25FF000000 and eax, 000000FF
:00403188 85C0 test eax, eax
:0040318A 746A je 004031F6 <<-- if eax = 1 then error msg
:0040318C E8DFEAFFFF call 00401C70 

        We want to bypass the protection (if you ask why? - close this
        tut and never read anything else about cracking!), so lets
        think a bit about the code. If we do not jump, we go on in the
        reg process. Do you think the same? Lets NOP the jmps!

4.      Ok, note the offset from :00403170 and :0040318A and open the
        file in hiew. Goto the offset (F5) enter editmode (F3).
        Then change 0F8580000000 to 909090909090 and 746A to 9090.
        Save your work and try again to register!


Congratulation! You are a registered user.

FINISH! Easy, or?

cu LW2000
Any comments? Mail me LW2000@gmx.net or go to http://www.LW2000.cjb.net
----
tKC, thx for your tutors!
I started with tutor 1 and i still read them... they are the best!