-----------------------------------------------
How to find a serial in NetInfo
-----------------------------------------------

Cracker: stealthFIGHTER 

Target: NetInfo v3.6

Tools: Soft Ice
	Brain

Where: http://www.netinfo.co.il

Sorry for my english, its not my mother language.


-----------
Step 1:
-----------

===
Run NetInfo ... press Help ... Register NetInfo and enter your name
and fake s/n.
Set breakpoint: BPX HMEMCPY (some was copied to memory) and type
X to go back. Press OK ... crrrr ... we are in softice.
===
Now press 2 times "F5" then "F11" to get to CALLer.
Now press "F12"  key 10 times till you get:
===



0137:00413EE7	CALL 00415E72		<--- start rountine
0137:00413EEC	LEA EDI, [ESI+60]
0137:00413EEF	MOV ECX, EDI
0137:00413EF1	CALL 00415DCA
0137:00413EF6	MOV ECX, EDI		<--- D EAX = our name and fake s/n
0137:00413EF8	CALL 00415DC4
0137:00413EFD	LEA EBX, [ESI+64]
0137:00413E00	MOV ECX, EBX
0137:00413E02	CALL 00415DCA
0137:00413E07	MOV ECX, EBX
0137:00413E09	CALL 00415DC4
0137:00413E0E	MOV EAX, [EDI]
0137:00413E10	MOV ECX, [ESI+68]
0137:00413E13	PUSH 05
0137:00413E15	PUSH EAX
0137:00413E16	PUSH ECX
0137:00413E17	CALL [00418098]		<--- trace into this CALL ("F8")



===
Once you traced into the CALL [00418098], press "F10" to go through
(some CALLs with TESTs and JMPs - ignore it all) the code till you come here:
===


:1000204D	PUSH ECX		<--- our pushed name
:1000204E	PUSH 1000B530		<--- our pushed fake s/n
:10002053	CALL 10001F10		<--- make real s/n
:10002058	ADD ESP, 0C		<--- D EAX - our REAL s/n


===
Type D EAX and in the data window you´ll get your REAL s/n.
(I get 1142-DF2856B2-3CE6)
===
Type real s/n. ??? No nag? Go to About. Yeah.
Registered to ...
===
==
=
---------------------------------------------------------
If i make a mistake, please e-mail me 
to: stealthfighter@another.com
---------------------------------------------------------