


 				          How to crack Webslinky v1.13 
				                  by _PIRO_


toolz: W32dasm and Hiew    

Target: webslinky v1.13

Target Address: www.webslinky.com


 Ok well lets have a brief description of this program...This program is an offline browser.
Its ok but i like Webdigger better. Its got simple Name/Serial protection on it. It asks
for n/s when you try to d/l a webpagee.
Ok enough of that shit lets getta crackin :)

 Well install Webslinky and run it...No nags or shit like that. So lets type in a Url that you
would like to d/l. Oyah we get our trusty Name/Serial protection. So lets fill in your dummy 
code and hit OK. "INVALID REGISTARTION COMBINATION" ok remember that. Open up W32Dasm and 
dissasemble Webslinky. Done? ok hit your STRN button up in the tool bar. Go down to our
"INVALID REGISTARTION COMBINATION" double click on it and you should be here.

.00406B8E: 8D4C2410                     lea       ecx,[esp][00010]
.00406B92: C744242001000000             mov       d,[esp][00020],
.00406B9A: E8B1D9FFFF                   call     .000404550   
.00406B9F: 8D4C2414                     lea       ecx,[esp][00014]
.00406BA3: C7442420FFFFFFFF             mov       d,[esp][00020],0FFFFFFFF
.00406BAB: E8216E0100                   call     .00041D9D1   
.00406BB0: EB0E                         jmps     .000406BC0   

* Referenced by a (U)nconditional or (C)conditional Jump at Address:
|:00405B0E (C)
|

.00406BB2: 6A00                         push      000
.00406BB4: 6A00                         push      000

* Possible StringData Ref from Data Obj ->"Invalid registration combination."

.00406BB6: 6844654300                   push      000436544 
.00406BBB: E8CDE80100                   call     .00042548D   


Ok see that U/C Referenced Jump? Well thats where we need to be so scroll up a bit till your
there and this is what you should see


.00406B07: E804170000                   call     .000408210   
.00406B0C: 3BE8                         cmp       ebp,eax
.00406B0E: 0F859E000000                 jne      .000406BB2   
.00406B14: A1106E4300                   mov       eax,[000436E10]
.00406B19: C744241000000000             mov       d,[esp][00010],000
.00406B21: 89442414                     mov       [esp][00014],eax

* Possible StringData Ref from Data Obj ->"Software\FYA\Webslinky"

.00406B25: 6800624300                   push      000436200 
.00406B2A: 6801000080                   push      080000001 
.00406B2F: 8D4C2418                     lea       ecx,[esp][00018]
.00406B33: C744242800000000             mov       d,[esp][00028],000
.00406B3B: E850DAFFFF                   call     .000404590   
.00406B40: 84C0                         test      al,al
.00406B42: 744A                         je       .000406B8E   

and if your here you can see "Regname" bellow all this, this means that the serial process is
right above the section of code that enters the dummy code into the Registry and checks it on
start-up,so thats really good. Well we know that the JNE at 00406B0E needs to be changed to JE
cause thats the Jump that goes to our Bad Nag. So open Hiew and change that JNE to JE save it 
and open up Webslinky again. YUP its still not registered, but at least we no we know that it
checks the registry and not some INI or DAT file. So go back to 00406B0E in W32Dasm and scroll
up till your green bar is on the Call that is 2 lines above the JNE. The CALL is what does the
calculation of your N/S. Hit RIGHT ARROW key. You should land here

* Referenced by a CALL at Addresse:
|:00406B07   , :00406E9C
|

.00408210: 53                           push      ebx
.00408211: 55                           push      ebp
.00408212: 56                           push      esi
.00408213: 57                           push      edi

So this means that there is 2 calls that go here. So we want to go to :00406E9C but not in 
W32Dasm. So open HIEW back up and goto Webslinky. Hit enter 2 times to get to the ASM section
now hit F5 and enter .00406E9C and you should end up at a CALL you see the JE a few lines 
bellow it? Well we need to change that to JNE. Did it?? ok good now hit F9 to update then leave 
HIEW. Open Webslinky back up and try to D/L a site... BOYYAH ;) no more Nags so its regstered.
Many, Many programs have this same routine where when you follow the CALL it will be refered
twice, so just change the JMP bellow both CALL's and it usually does the trick.



I tried to go slow and explain what is goin on so that you may be able to apply this knowledge
to another program...I hope you found this helpful but if you didnt follow a certain part just
E-mail me or ICQ message me with your question....bye for now...L8terz



You want a Patch?? ok i'll give you 2 one in PASCAL and one in PCOM, hmm this TuT is a little 
long so you can download them at 

www.geocities.com/SiliconValley/Hardware/5734/tutsource.zip

 				Email	xx_piro_xx@hotmail.com
				ICQ#	38754864

*Greetz to C4A and The Camper Crew, and all the craxors in the werld*, must jump