/------------------------------HellSpawn 2K1-----------------------\ | Author: KahnAbyss | | Target: Media Cleaner 5.0 | | Tools: SoftIce 4.05 | | WDasm 8.93 | | Any Prog Software | | Ill use VB | | Crack Type: Patch | | Level: Normal | \-----------------------------------------------------------------------------/ Part I: Cracking The Code ==================== Step 1: BACKUP!!! --------------------------------- Make backup of files Cleaner 5.exe Step 2: Find the good entry point ------------------------------------------------------- Ok as you can see it asks for Name Organisation then a Key... but you can't press Ok until you entered the good key... so close the software. Open your backup file with WDasm then search in Imported Function until you find this one: mcp3avi.WINAPI_RegisterAboutWindowsClass Well we can guess that's the Splash screen with infos... So we'll open mcp3avi.dll with WDasm Search in string data reference until you find: REGISTRATION_DIALOG double click on it you should be here: * Referenced by a (U)nconditional or (C)onditional Jump at Address: :1000D6C6(C) :1000D6CB 8B4808 mov ecx, dword ptr [eax+08] :1000D6CE 8B5004 mov edx, dword ptr [eax+04] :1000D6D1 6A00 push 00000000 :1000D6D3 68F0D60010 push 1000D6F0 :1000D6D8 51 push ecx * Possible StringData Ref from Data Obj ->"REGISTRATION_DIALOG" :1000D6D9 68F0D20610 push 1006D2F0 :1000D6DE 52 push edx You see that the function is called by 1000D6C6 Press F12 then enter 1000D6C6 and you'll be here: * Referenced by a (U)nconditional or (C)onditional Jump at Address: :1000D6B6(C) :1000D6B9 A3E4410810 mov dword ptr [100841E4], eax :1000D6BE 8B08 mov ecx, dword ptr [eax] :1000D6C0 81F968010000 cmp ecx, 00000168 :1000D6C6 7403 je 1000D6CB <--- Call the Registration Form :1000D6C8 33C0 xor eax, eax :1000D6CA C3 ret Now enter SoftIce then type bpx GetDlgItemTextA Run Cleaner and SoftIce should popup Press F11 to get back to the caller you should be into the Dll file type bpx 1000D6C6 Desable previsious breakpoints Run Cleaner again and SoftIce should popup. If you type r fl z the Registration Screen won't popup but it still don't run the software so trace down with F10 until you are here: 016F:00408A54 JNZ 00408A6E 016F:00408A56 MOV EAX,FFFFFFFF 016F:00408A5B TEST AX,AX 016F:00408A5E JZ 00408A6E <--- Start the software if RegInfo are ok 016F:00408A60 CALL 004099A0 <--- Call of Register Function 016F:00408A65 TEST AL,AL <--- You'll be here 016F:00408A67 JNZ 00408A6E <--- Start the software if RegInfo are ok Step 3: Test some jumps ------------------------------------------ Ok as you can see on line 408A5E and 408A67 it jumps to the same place (408A6E). We can guess its the software entry point.... Run Cleaner again then when you'll be into the exe file type bpx 408A5E. Desable all previsious breakpoints Run Cleaner for the last time then type r fl z then F5 to resume execution Wouhou it works!!! :p So we'll have to patch at 408A5E You can patch at 408A67 too but if you do that you'll have to patch the dll at 1000D6C6 since the Registration Window will popup... Since less you patch files better cracks are I'll use 408A5E in my source codes... but its up to you.... Part II: Crack source code (VB) ========================= You just need a command button called cmdCrk and you're ok Private Sub cmdCrk_Click() Dim FileNo As Integer Dim OffSetChk As String * 1 If Dir(App.Path & "\Cleaner 5.exe") = "" Then 'Check if its in app directory MsgBox "Copy Crack into soft directory", vbOKOnly, _ "Media Cleaner 5 Crack" Else FileNo = FreeFile Open App.Path & "\Cleaner 5.exe" For Binary As #FileNo If LOF(FileNo) <> 3435520 Then 'Check file lenght MsgBox "Wrong File Size", vbOKOnly, "Media Cleaner 5 Crack" Else Get #FileNo, &H7E5F, OffSetChk If Hex(Asc(OffSetChk)) <> 74 Then 'Check if good version MsgBox "Crc error", vbOKOnly, "Media Cleaner 5 Crack" Exit Sub Else OffSetChk = Chr(&H75) Put #FileNo, &H7E5F, OffSetChk 'Patch the file End If End If Close #FileNo End If MsgBox "Crack Successfully Completed!", vbOKOnly, "Media Cleaner 5 Crack" End Sub