/------------------------------HellSpawn 2K1-----------------------\
| Author: KahnAbyss |
| Target: HighGrow 2.0 |
| Tools: SoftIce 4.05 |
| Any Prog Software |
| Ill use VB |
| Crack Type: Patch/Registry |
| Level: Normal |
\-----------------------------------------------------------------------------/
HighGrow can be found at: http://www.geocities.com/slick_software/index.html
---------------------------------> INTRODUCTION <---------------------------------------------
HighGrow is a simulation software wich you have
to make Cannabis plant grow.... BlahBlahBlah...
This software is locked with a serial number
----------------------------------------------------------------------------------------------------------------
Part 1: Dig Protection
=================
Step 1: Make Backup
---------------------------------------
As usual you should make a backup of the exe file...
I called it HighGrow.ori
Step 2: Get Serial
--------------------------------
Go into SoftIce then type bpx MessageBoxA
when you press ok softice gonna popup
press F11 to get back to the caller you should be here:
016F:004162AA PUSH 00429E20
016F:004162AF PUSH 14
016F:004162B1 PUSH 0D
016F:004162B3 PUSH 00000456
016F:004162B8 PUSH EBX
016F:004162B9 CALL [USER32!SendDlgItemMessageA]
016F:004162BF CMP EAX,0F
016F:004162C2 JZ 004162F3
016F:004162C4 PUSH 30
016F:004162C6 PUSH 0042A064
016F:004162CB PUSH 0042A204
016F:004162D0 PUSH EBX
016F:004162D1 CALL [USER32!MessageBoxA] <== Error Message
016F:004162D7 PUSH 00000456 <== You should be here
016F:004162DC PUSH EBX
Ok from here we know at 4162B9 they set the error message
At 4162D1 they send the message
So put a break point at 4162C2 and click ok again
When Softice popup type r fl z to change the zero flag
Press F10 to trace it down a little bit
016F:004162F3 LEA EAX,[ESP+0C]
016F:004162F7 PUSH EAX
016F:004162F8 CALL 004157A0
016F:004162FD LEA EDX,[ESP+10] <== Put serial in EDX
016F:00416301 ADD ESP,04 <== Stop here
016F:00416304 MOV EAX,00429E20
Type d Edx to see what is into it...
you should see something like:
0177:0072F744 31 36 32 2D 50 4C 4F 4A-4D 4E 49 2D 31 30 34 00 162-PLOJMNI-104.
So here is our serial 162-PLOJMNI-104
Lets try it... Ok it works but our job isnt over yet...
Time limit of 60 dayz is over but you cant import/export seeds...
Serial is stored into Registry at
"HKEY_CURRENT_USER\SoftWare\Slick Software\HighGrow"
Registration Code
Step 3: Enable Import Function
-------------------------------------------------
Clear all previsious breakpoint into SoftIce then
put one at DialogBoxParamA
when you'll click on Import or export SoftIce will popup
press F11 to get back to the caller you should be here:
016F:00406B10 MOV EAX,[ESP+04] <== Beginning of Function
016F:00406B14 PUSH 00
016F:00406B16 MOV ECX,[ESP+0C]
016F:00406B1A PUSH 00406650
016F:00406B1F PUSH EAX
016F:00406B20 PUSH 00429BFC
016F:00406B25 PUSH ECX
016F:00406B26 CALL [USER32!DialogBoxParamA]
016F:00406B2C RET <== You'll be here
Put a breakpoint on 406B10 then click on Import again
Press F11 to get back from Caller you should be here:
016F:004041AC JZ 004041CB <== Jump to Call of NagScreen
016F:004041AE CALL 004061B0
016F:004041B3 ADD ESP,08
016F:004041B6 TEST EAX,EAX
016F:004041B8 JZ 00404231
016F:004041BA PUSH ESI
016F:004041BB CALL 00403D80
016F:004041C0 ADD ESP,04
016F:004041C3 XOR EAX,EAX
016F:004041C5 POP EDI
016F:004041C6 POP ESI
016F:004041C7 POP EBX
016F:004041C8 RET 0010 <== End Of Function
016F:004041CB CALL 00406B10 <== Call to NagScreen
016F:004041D0 ADD ESP,08 <== You'll be here
Put a breakpoint on 4041AC then click Import again
If you done everything right SoftIce should popup
Change the value of (Z)ero Flag by typing r fl z
Press F5 to resume execution then a box should appear
to import seeds...
Step 4: Enable Export Function
-------------------------------------------------
Clear all breakpoint except the one that point on 406B10
Press Export Function then F11 to get back from caller
you should be here:
016F:004041E2 JZ 0040420C <== Jump After Retrun
016F:004041E4 PUSH 00
016F:004041E6 PUSH 00
016F:004041E8 PUSH 00000188
016F:004041ED PUSH 00000454
.....
.....
016F:00404208 POP EBX
016F:00404209 RET 0010 <== End Of Function
016F:0040420C PUSH EDI
016F:0040420D PUSH ESI
016F:0040420E CALL 00406B10 <== Call To NagScreen
016F:00404213 ADD ESP,08 <== You'll be here
Put a breakpoint on 4041E2 then change the (Z)ero Flag again
Depending on wich seed you point when you press Export
you should be able to Export it or you'll have a message that you
can only export seeds that you have breeded or imported...
You can fix that to but its not my goal in this tutorial so dig it by yourself
The only thing left is to code the crack... we have both offset to patch
so it shouldn't be a prob...
Part 2: Crack Source Code (VB)
=========================
Ok here it have few new stuff against my old crack...
Its just API used by Visual Basic to access Registry
Ive made it this way for lazy bum that should still had to
insert serial number into HighGrow after running the crack...
Private Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" _
(ByVal hKey As Long, ByVal lpSubKey As String, _
ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" _
(ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, _
ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Private Sub cmdCrack_Click()
Dim Handle As Long
Dim Serial As String
Dim OffSetChk As String * 1
Serial = "162-PLOJMNI-104"
FileNo = FreeFile
If Dir(App.Path & "\HighGrow.exe") = "" Then 'Check if in HighGrow directory
MsgBox "Copy the crack into HighGrow directory", vbOKOnly, "HighGrow 2.0 Crack"
Else
Open App.Path & "\HighGrow.exe" For Binary As #FileNo
Get #FileNo, &H35AD, OffSetChk 'Check 1St Offset (Import)
If Hex(Asc(OffSetChk)) <> 74 Then
MsgBox "Crc Error", vbOKOnly, "HighGrow 2.0 Crack"
Close #FileNo
Exit Sub
End If
Get #FileNo, &H35E3, OffSetChk 'Check 2Nd Offset (Export)
If Hex(Asc(OffSetChk)) <> 74 Then
MsgBox "Crc Error", vbOKOnly, "HighGrow 2.0 Crack"
Close #FileNo
Exit Sub
End If
RetVal = RegOpenKeyEx(&H80000001, "SoftWare\Slick Software\HighGrow", 0, &HF003F, Handle)
If RetVal <> 0 Then
MsgBox "Unexpected Error Occured", vbOKOnly, "HighGrow 2.0 Crack"
Close #FileNo
Exit Sub
Else
OffSetChk = Chr(&H75)
Put #FileNo, &H35AD, OffSetChk 'Patch 1St Offset
Put #FileNo, &H35E3, OffSetChk 'Patch 2Nd Offset
RegSetValueEx Handle, "Registration Code", 0, 1, ByVal Serial, Len(Serial) 'Set Serial into Registry
MsgBox "HighGrow 2.0 Successfully Cracked!", vbOKOnly, "HighGrow 2.0 Crack"
End If
RegCloseKey Handle
Close #FileNo
End If
End Sub