Cracking for Newbies - by Dahood Target: BurnIn Test Version 3.0 Tools used: W32dasm Hview Protection: Nag Screen + time trail NOTE: This tutorial is not totally for newbies so i excpect that u know 1.how to use w32dasm 2.how to use hview (change,search,etc...) 3.Assembly we have to kill the nag and kill he time trail ok first the nag screen disassemble it and click on debug then load process now go step by step and see what calls the nag i landed here * Reference To: USER32.ShowWindow, Ord:026Fh | :00401B85 FF1510534300 Call dword ptr [00435310] ->shows nag :00401B8B 56 push esi * Reference To: USER32.UpdateWindow, Ord:0296h | :00401B8C FF1518534300 Call dword ptr [00435318] :00401B92 56 push esi :00401B93 E8980F0000 call 00402B30 :00401B98 83C404 add esp, 00000004 :00401B9B E8C01B0100 call 00413760 :00401BA0 85C0 test eax, eax :00401BA2 750C jne 00401BB0 --->if u click yes enter the program :00401BA4 E8871E0000 call 00403A30 :00401BA9 53 push ebx * Reference To: USER32.PostQuitMessage, Ord:01E5h | :00401BAA FF1514534300 Call dword ptr [00435314] now we know that the nag pops at the same time as the program but we can't access the program untill u select continue or quit if we change jne 00401BB0 to je 00401BB0 when u click continue u'll exit so why dont we change it to jmp 00401BB0 so it will always jump ***THIS WAY U KILLED THE TIME TRAIL **** test it out u still see the nag but u can access the program if u click quit or continue or hit the x and close it the real program doesnt close k good now lets kill the nag screen by looking for a string in ur nag like Key open ur fav hex editor and search for key remmember K e y in ASCII and in hex 4b 00 65 00 79 ull land at 004580E0 u should see FF FF 82 ========= é K e y change 82 to 7e so it will look like FF FF 7E ========= ~ K e y save it and open the program is the nag still there? k good... now the time trail we have 30 days to try it click help and about k now exit the program and change ur system time after 1 month and see what happens it gives u another nag sayin The evaluation time has expired! blah blah so we have to search for something like The evaluation time has expired click ok and ur suppose to exit BUT.. ur still in the program so all u have to do is like what we did in the nag screen in the first one open ur fav hex editor and find the string.......... damm it can u find anything casue i cant... k lets check it from a different point Debug->load process and trace where that dam messagebox cam from then terminate it and u should land here * Reference To: USER32.MessageBoxA, Ord:01C3h | :00413C75 FF1538534300 Call dword ptr [00435338] :00413C7B 56 push esi ------> u land here :00413C7C E813270100 call 00426394 :00413C81 57 push edi :00413C82 E80D270100 call 00426394 :00413C87 8B154C254500 mov edx, dword ptr [0045254C] :00413C8D 52 push edx :00413C8E E801270100 call 00426394 :00413C93 83C40C add esp, 0000000C * Possible Reference to Dialog: TESTCONFIG, CONTROL_ID:0003, "All On" | :00413C96 B803000000 mov eax, 00000003 -------> this must be a good call :00413C9B 5F pop edi \ ;since it says all on right?? hehe :00413C9C 5E pop esi \ :00413C9D 5D pop ebp \ :00413C9E 5B pop ebx / :00413C9F 83C40C add esp, 0000000C \ :00413CA2 C3 ret / \ k scroll up and see what calls this / \ :00413C2B 3BFE cmp edi, esi / :00413C2D 7E08 jle 00413C37****bad jump >>/ ;So lets make it JMP 00413c96 :00413C2F 3BD3 cmp edx, ebx :00413C31 0F84B2010000 je 00413DE9 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00413C2D(C) ----> so this jump calls our nag sayin expired | :00413C37 8B7578 mov esi, dword ptr [ebp+78] :00413C3A 8B7D70 mov edi, dword ptr [ebp+70] :00413C3D 03F7 add esi, edi :00413C3F 3BCE cmp ecx, esi :00413C41 7E60 jle 00413CA3 :00413C43 3BD3 cmp edx, ebx :00413C45 755C jne 00413CA3 so now instead of :00413C2D 7E08 jle 00413C37 --->if over 30 days show nag ;but u can still enter the program change it to :00413C2D jmp 00413c96 ----->ID:0003, "All On" u get it to jump over every thing to the good jump , instead of jumping to the messagebox if lower or equal try this do it work yep...... This is my Third tutorial. i hope i didnt confuse u and if u have any question, comments my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there tutorials also a big thanks to krobar's site: http://zor.org/krobar Cracking for Newbies - by Dahood </font></dt>