How to crack StayOn 98 v1.5 by _PIRO_ toolz: W32Dasm Hiew Target:StayOn 98 v1.5 Target Address:http://www.bmtmicro.com Hello I seen you've d/l my 4th tut. Ok well lets have a brief description of this program...This program is supposed to keep your ISP from disconnecting you...i never got it to werk since my modem is fukt up but maybe you'll be able to get it to werk. Ok enough of that shit lets getta crackin :) Ok install StayOn and open it...see that annoying ass "You have % Uses Remaining!" well once we've run out of uses it wont let you turn it on so we want to fix the Uses limit...so lets fire up W32Dasm and see what we got. Ok its all loaded up right???? Hit the STRN button and see what we got...at the bottom you'll see "You have % Uses Remaining!" double click on that then close STRN. .00401AAE: C7407000000000 mov d,[eax][00070],000000000 ;" .00401AB5: 8B4DA8 mov ecx,[ebp][-0058] .00401AB8: E8E7060000 call .0004021A4 -------- (1) .00401ABD: 85C0 test eax,eax .00401ABF: 7573 jne .000401B34 -------- (2) .00401AC1: 8B4DA8 mov ecx,[ebp][-0058] .00401AC4: E8700A0000 call .000402539 -------- (3) .00401AC9: 8B4DA8 mov ecx,[ebp][-0058] .00401ACC: E8190E0000 call .0004028EA -------- (4) .00401AD1: 8B4DA8 mov ecx,[ebp][-0058] .00401AD4: 8B5170 mov edx,[ecx][00070] .00401AD7: 83C201 add edx,001 ;"" .00401ADA: 8B45A8 mov eax,[ebp][-0058] .00401ADD: 895070 mov [eax][00070],edx .00401AE0: 8B4DA8 mov ecx,[ebp][-0058] .00401AE3: E85C0C0000 call .000402744 -------- (5) .00401AE8: 8B4DA8 mov ecx,[ebp][-0058] .00401AEB: 8B5170 mov edx,[ecx][00070] .00401AEE: 8955B0 mov [ebp][-0050],edx .00401AF1: C745B41E000000 mov d,[ebp][-004C],00000001E ;" .00401AF8: 8B45A8 mov eax,[ebp][-0058] .00401AFB: 8B4870 mov ecx,[eax][00070] .00401AFE: 894DB8 mov [ebp][-0048],ecx .00401B01: 8B55A8 mov edx,[ebp][-0058] .00401B04: 8B45B4 mov eax,[ebp][-004C] .00401B07: 2B4270 sub eax,[edx][00070] .00401B0A: 8945B4 mov [ebp][-004C],eax .00401B0D: 8B4DB4 mov ecx,[ebp][-004C] .00401B10: 51 push ecx * Possible StringData Ref from Data Obj ->"You Have %d Uses remaining!" .00401B11: 68D4504000 push 0004050D4 ;" @P+" .00401B16: 8D55BC lea edx,[ebp][-0044] .00401B19: 52 push edx Hmm...that JNE looks really interesting right??? What the JNE does is compare the 2 EAX's and if they are Not Equal it jumps to our Uses Limit...Make sure that the Green bar is on the JNE then look down at the bottom and you'll see our Offset that we need which happens to be "EBF" well now we know what we have to patch so lets make a copy StayOn "You can use either Wincommander or i use Ms-Dos" and open it with HIEW...hit ENTER 2 times in HIEW to get to the ASM editing section then hit F5 to goto our Offset, put in "EBF" and hit ENTER...we are now at our line that we need to patch so hit F3 to edit then F2 to get to ASM Editng...and change the JNE to JE...hit F9 to save and close down HIEW...re-open StayOn and VIOLA!! no more limit :) I tried to go slow and explain what is goin on so that you may be able to apply this knowledge to another program...I hope you found this helpful but if you didnt follow a certain part just E-mail me or ICQ message me with your question....bye for now...L8terz Email xx_piro_xx@hotmail.com ICQ# 38754864 *Greetz to C4A and Bruteforce* then hit F9 to update and goto your second CALL which is at E141 and do the same as you