Name      : ArtGem

Version   : 1.0

Editor    : RL Vision

Target    : artgem.exe

s/n saved : HKEY_CURRENT_USER\Software\RL Vision\ArtGem\

Tools     : W32Dasm
            Hiew
            Brain
            
Cracker   : LW2000

Tutorial  : No.56

http://www.rlvision.com



---
DISCLAIMER
For educational purposes only!
I hold no responsibility of the mis-used of this material!
---

1.      Ok, this is an easy one! Go to help and click on register.
        Enter the details:

        Name: LW2000
        Company: CiA
        Key-Code: 1230099

        Click on ok. *BOOM* 'Invalid code'.


2.      Mhmm, a bug! Yes, we have found a bug! Lets fix it... ;)

        Open artgem.exe in W32Dasm and go to the SDR.
        Doubleclick on our string, so you should the this piece of code:


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00403268(C)  <--- here we go
|
:004032F1 8B0DF4204600            mov ecx, dword ptr [004620F4]
:004032F7 6A10                    push 00000010

* Possible StringData Ref from Data Obj ->"ArtGem"
                                  |
:004032F9 68A8814500              push 004581A8

* Possible StringData Ref from Data Obj ->"Invalid Key!"
                                  |
:004032FE 68D4814500              push 004581D4
:00403303 51                      push ecx


3.      We go to 00403268 and take a look into the code:


:00403248 8D542444                lea edx, dword ptr [esp+44]
:0040324C 6A10                    push 00000010
:0040324E 8D442420                lea eax, dword ptr [esp+20]
:00403252 52                      push edx
:00403253 50                      push eax
:00403254 E827810400              call 0044B380
:00403259 8D4C2428                lea ecx, dword ptr [esp+28]
:0040325D 51                      push ecx
:0040325E E89DDDFFFF              call 00401000  <-- check routine
:00403263 83C410                  add esp, 00000010
:00403266 85C0                    test eax, eax  <-- test
:00403268 0F8483000000            je 004032F1    <-- Bad Boy
:0040326E 8D7C2444                lea edi, dword ptr [esp+44]
:00403272 83C9FF                  or ecx, FFFFFFFF
:00403275 33C0                    xor eax, eax


        In 0040325E we have a call, where the serial is checked.
        If the serial is correct eax=1 else eax=0. So what to do?
        Go into the Call and note the offset (1000h). Then open the file
        in Hiew and modify the code...

4.      Press F5 inside hiew and go to Offset 1000, then press F3 for
        EditMode. F2 let you enter asm commands.

        Now type:
                
                mov eax,1   [Enter]
                ret         [Enter]
        
        [Esc] will close the edit window. Save your work.

        What have we done? We move the needed 1 into eax and return from
        the call. So every serial is correct now =)

        Try it!



Congratulation! You are a registered user.

FINISH! Easy, or?

cu LW2000
Any comments? Mail me LW2000@gmx.net or go to http://www.LW2000.cjb.net
----
tKC, thx for your tutors!
I started with tutor 1 and i still read them... they are the best!or?