-------------------------------------------
How to register AudioTools
-------------------------------------------

Cracker: stealthFIGHTER 

Target: AudioTools v3.0

Tools: RegMon
	W32dasm
	Hiew
	Brain

Where: http://www.btinternet.com/~amfish/index.htm

Sorry for my english, its not my mother language.


-----------
Step 1:
-----------

===
Run RegMon ... run AudioTools ... wait until the program is loaded.
Go to RegMon and turn off the capture. Now in RegMon scroll up
till you get something like this:
===

OpenKey	HKCU\Software\Quantum\Audio\Audiotools	NOTFOUND	
OpenKey	HKCU\Software\Quantum\Audio\Audiotools	NOTFOUND
OpenKey	HKCU\Software\Quantum\Audio\Audiotools	NOTFOUND

===
This means that we havenæ„’ this items in our REGEDIT. So run REGEDIT -> go to
HKEY_CURRENT_USER\Software\. Right click on Software and create new key
called "Quantum". Now right click on Quantum and create new key called "Audio".
And now right click on Audio and create new (last) key called "Audiotools".
It should be like this:
===

|--Quantum
	|--Audio	
	|--Audiotools

===
Ready? Good. In RegMon clear all events and enable capture.
Run AudioTools and wait until program si loaded.
Go to RegMon and scroll up till you get something like this:
===

OpenKey		HKCU\Software\Quantum\Audio\Audiotools		SUCCESS
QueryValueEx	HKCU\Software\Quantum\Audio\Audiotools\User		NOTFOUND
OpenKey		HKCU\Software\Quantum\Audio\Audiotools		SUCCESS
OpenKey		HKCU\Software\Quantum\Audio\Audiotools		SUCCESS
QueryValueEx	HKCU\Software\Quantum\Audio\Audiotools\User name	NOTFOUND
OpenKey		HKCU\Software\Quantum\Audio\Audiotools		SUCCESS
OpenKey		HKCU\Software\Quantum\Audio\Audiotools		SUCCESS
QueryValueEx	HKCU\Software\Quantum\Audio\Audiotools\User-id		NOTFOUND
OpenKey		HKCU\Software\Quantum\Audio\Audiotools		SUCCESS

===
Close RegMon. Run REGEDIT and go here:
HKEY_CURRENT_USER\Software\Quantum\Audio\Audiotools.
At this place make three new text values called: User, User name, User-id
All done? Now fill single text values. (I entered: iNFiNiTY in User, iNFiNiTY [2000]
as a User name and 123-456-789 as s User-id).
In the end press "F5" key to update the REGEDIT. Close REGEDIT.
===


-----------
Step 2:
-----------


===
Run AudioTools ... waiting ... B00M ... Invalid registration code entered - program
will exit. 
===
Run W32dasm and disassemble Atools.exe.
Ready? Click SDR window and find the text (Invalid registration code entered)
and dbl click on it. You should be here:
===


:004038BA FF1534C84400            	Call dword ptr [0044C834]
:004038C0 83C408                  	add esp, 00000008
:004038C3 F7D8                    		neg eax
:004038C5 1BC0                    		sbb eax, eax
:004038C7 F7D8                    		neg eax
:004038C9 25FF000000              	and eax, 000000FF
:004038CE 85C0                    		test eax, eax
:004038D0 7455                    		je 00403927
:004038D2 8B8D14FEFFFF            	mov ecx, dword ptr [ebp+FFFFFE14]
:004038D8 8B91B4010000            	mov edx, dword ptr [ecx+000001B4]
:004038DE 3B95A0FEFFFF            	cmp edx, dword ptr [ebp+FFFFFEA0]
:004038E4 7432                    		je 00403918			<--- bad boy

* Possible Reference to Dialog: DialogID_0090, CONTROL_ID:00FF, ""
                                  |
:004038E6 6AFF                    		push FFFFFFFF
:004038E8 6A00                    		push 00000000

* Possible Reference to String Resource ID=61255: "Invalid registration code entered - program will exit"
                                  |
:004038EA 6847EF0000              	push 0000EF47


===
Think a little. If we change the JE to JNE we donæ„’ get the nag.
Double click on JE 00403918 and write down the offset (38E4)
===
Run Hiew ... select decode mode ... press "F5" key and enter offset.
Now press "F3" key to edit and change 74 to 75. Then "F9" to update.
Run program again. No nag? Press Help -> About Audiotools -> Yes.
===

-------------------------------------
If i make a mistake, please e-mail me 
to: stealthfighter@another.com
-------------------------------------