Name : Online Counter Version : 5.45.1612 Editor : SWR3 Target : OnlineCounter.Exe Tools : Softice 4.0 Snooper for Windows Brain Cracker : LW2000 Tutorial : No.20 http://www.swr3.de/Fun/Downloads/Onlinecounter/ --- DISCLAIMER For educational purposes only! I hold no responsibility of the mis-used of this material! --- 1. Ok, enter the details: Name: LW2000 Code: 1234 *Boom* Shit, wrong code, think we found a bug... ;) 2. Close OnlineCounter. Let's snoop a bit. Mhmm, VB40032.DLL in the import table. This means we have a visual basic 4 proggy. This is no real problem, this means only we can't use W32Dasm very well... but Softice =) Ok, first a little bit knowledge about VB4 proggies. The compare function is NOT in the *.exe, it is in the systemfile VB40032.DLL. Start Online Counter and enter the details, again. Press [ctrl]+[d] to switch to softice. bpx hmemcpy [F5] to return to app. Now press ok. Sice pops up. Press F11 to get the caller and then trace with F10 to the code until you are in VB40032.DLL. Now 'bd *' the old bpx's. The compare function in VB is always the same: : 56 push esi : 57 push edi : 8B7C2410 mov edi, [esp + 10] : 8B74240C mov esi, [esp + 0C] : 8B4C2414 mov ecx, [esp + 14] : 33C0 xor eax, eax : F366A7 repz cmpsw <<--- (WideChar) String ds:esi Let's search for this code. Enter: 's 0 l ffffffff 56,57,8b,7c,24,10,8b,74,24,0c,8b,4c,24,14,33,c0,f3,66,a7' If you don't like to type it every time, put it into a shortcut in the Winice.dat. I.e. my shortcut is [Alt]+[F4] (i love this window killer shortcut! ;) If you don't know how to add a shortcut for Sice, ask me or take a look in a softice tut in tKCs Cracking tutorials. 3. For Example, Sice found 0157:0E793B84. Then we will bpx on 0157:0E793B84. 'bpx 0157:0E793B84'. Then press F5 to return to the app. Sice will pop up at our bpx, then we can take a look at our fake serial ('d esi') and the correct serial ('d edi'). But remember this is the WideCharFormat!! This means '1234' is '1 2 3 4'. 4. Ok, all done? My serial is 851118H. Let's try it. Name: LW2000 Code: 851118H Congratulation! You are a registered user. FINISH! Easy, or? cu LW2000 Any comments? Mail me LW2000@gmx.net !!! ---- tKC, thx for your tutors! I started with tutor 1 and i still read them... they are the best!