----------------------------------------------- How to find a serial in NetInfo ----------------------------------------------- Cracker: stealthFIGHTER Target: NetInfo v3.6 Tools: Soft Ice Brain Where: http://www.netinfo.co.il Sorry for my english, its not my mother language. ----------- Step 1: ----------- === Run NetInfo ... press Help ... Register NetInfo and enter your name and fake s/n. Set breakpoint: BPX HMEMCPY (some was copied to memory) and type X to go back. Press OK ... crrrr ... we are in softice. === Now press 2 times "F5" then "F11" to get to CALLer. Now press "F12" key 10 times till you get: === 0137:00413EE7 CALL 00415E72 <--- start rountine 0137:00413EEC LEA EDI, [ESI+60] 0137:00413EEF MOV ECX, EDI 0137:00413EF1 CALL 00415DCA 0137:00413EF6 MOV ECX, EDI <--- D EAX = our name and fake s/n 0137:00413EF8 CALL 00415DC4 0137:00413EFD LEA EBX, [ESI+64] 0137:00413E00 MOV ECX, EBX 0137:00413E02 CALL 00415DCA 0137:00413E07 MOV ECX, EBX 0137:00413E09 CALL 00415DC4 0137:00413E0E MOV EAX, [EDI] 0137:00413E10 MOV ECX, [ESI+68] 0137:00413E13 PUSH 05 0137:00413E15 PUSH EAX 0137:00413E16 PUSH ECX 0137:00413E17 CALL [00418098] <--- trace into this CALL ("F8") === Once you traced into the CALL [00418098], press "F10" to go through (some CALLs with TESTs and JMPs - ignore it all) the code till you come here: === :1000204D PUSH ECX <--- our pushed name :1000204E PUSH 1000B530 <--- our pushed fake s/n :10002053 CALL 10001F10 <--- make real s/n :10002058 ADD ESP, 0C <--- D EAX - our REAL s/n === Type D EAX and in the data window you´ll get your REAL s/n. (I get 1142-DF2856B2-3CE6) === Type real s/n. ??? No nag? Go to About. Yeah. Registered to ... === == = --------------------------------------------------------- If i make a mistake, please e-mail me to: stealthfighter@another.com ---------------------------------------------------------