Name      : Windows Sniper

Version   : 2.1

Editor    : unHUman Software

Target    : WindowsSniper.Exe

Tools     : W32Dasm
            Hiew
            Brain
            
Cracker   : LW2000

Tutorial  : No.38

www.unhuman.com


---
DISCLAIMER
For educational purposes only!
I hold no responsibility of the mis-used of this material!
---

Ok, hope you have already read the tut about windows sniper from +SEKt0r.
Here ist another approach. Let's denag our target!

1.      Ok, enter the details:
        Name: LW2000
        Code: 1234

        *Boom* Shit, wrong code, think we found a bug... ;) 
        Let's note the msg and open the bitch in W32Dasm.

2.      Same procedure as everytime, click on the string 
        data reference and search for our string. Mhmm, found very often.
        So let's look for
        "You must agree to the license before you can use Windows Sni"
        This string was used for the license agreement.
        

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040C539(C)
|
:0040C5DA 8BCE                    mov ecx, esi
:0040C5DC E896260100              call 0041EC77
:0040C5E1 8B8684080000            mov eax, dword ptr [esi+00000884]
:0040C5E7 85C0                    test eax, eax
:0040C5E9 0F854B010000            jne 0040C73A   <--- Bad Boy!
:0040C5EF 8DBE14080000            lea edi, dword ptr [esi+00000814]

* Possible Reference to String Resource ID=00001:
"You must agree to the license before you can use Windows Sni"
                                  |
:0040C5F5 BB01000000              mov ebx, 00000001
:0040C5FA 8BCF                    mov ecx, edi
:0040C5FC 899E84080000            mov dword ptr [esi+00000884], ebx
:0040C602 E88966FFFF              call 00402C90
:0040C607 3BC3                    cmp eax, ebx
:0040C609 744A                    je 0040C655
:0040C60B 8B07                    mov eax, dword ptr [edi]
:0040C60D 8BCF                    mov ecx, edi
:0040C60F FF90B8000000            call dword ptr [eax+000000B8]
:0040C615 8BCF                    mov ecx, edi
:0040C617 E87466FFFF              call 00402C90
:0040C61C 85C0                    test eax, eax
:0040C61E 7535                    jne 0040C655
:0040C620 6AFF                    push FFFFFFFF
:0040C622 50                      push eax

* Possible Reference to String Resource ID=00009:
"The 30 day trial of Windows Sniper has expired. Windows Sni"
                                  |
:0040C623 6A09                    push 00000009
:0040C625 E8EB820100              call 00424915
:0040C62A 6A00                    push 00000000



3.      Looks quite clear =)
        Simply change the jne to je. To do this, open hiew and goto
        Offset C5E9 (noted from W32Dasm). Press F3 to edit and change
        0F85 to 0F84. Save your work.


Congratulation! You have denaged Windows Sniper!



FINISH! Easy, or?

cu LW2000
Any comments? Mail me LW2000@gmx.net !!!
----
tKC, thx for your tutors!
I started with tutor 1 and i still read them... they are the best!