Welcome to Cracking Tutorial #90! Hiya guys, Sorry for delays, again I was busy with coding and all shit... Here's a tut90.tKC... OK, let's rave! ...or crack babes? :) You'll need the following tools: (I use these tools, I assume you'll use 'em, but it doesn't mean that you'll need to use all those tools, so be sure to get them handy for the examples in this tutorial!) SoftICE v4.05 W32Dasm v8.93 Hacker's View v6.50 SmartCheck v6.03 ProcDump32 v1.6.2 TRW2000 v1.22 IDA v4.04 Windows Commander v4.03 (I use it coz of easier to multitask) Delphi, VB, C++, or TASM to code a keygen or a patch.. Don't ask me where to download all these tools since you had a chance to get them when you used my older tutorials. Here are a few good sites where you can grab tools from: http://protools.cjb.net http://w3.to/protools http://www.crackstore.com or ask any crackers to get you these tools! Are you ready?! OK! ;) WHY PATCHING WHILE SERIAL NUMBER IS FISHY Macro Magic 4.1Q A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM Macro Magic provides a revolutionary new way to save time by eliminating repetitive actions and simplifying complex tasks into one single step. Macro Magic was made for one purpose: To make your life easier! Have you ever noticed that while working on your computer you start going through the same actions day after day? Well, many people have forgotten this, but the purpose of your computer is to take over those repetitive tasks for you. WHERE TO DOWNLOAD Author : IOLO TECHNOLOGIES, LLC Homepage : http://www.iolo.com URL : http://members.loop.com/~unisyn/MMagic.exe Size : ? MB CONSTRAINTS :  The Author has changed their licensing code due to illegal registration method by making keygen, distributing valid serial number by individual and/or cracking group(s).  The Author has blacklisted several crackers name and their breaking serial number i.e DUELIST, LIDONG, PROF X , etc., so if you're using their serial number a warning message will appear in your screen. Further, the author changed the program so it will detect and refuse the using of CORE's keygen called cr-mm.exe.  The program will detects your installed SoftIce debugger in your PC! So, the program won't run and there is no warning message confirming this matter. FIRSTLY, you have to read ANTI SICE TIPS and TRICKS from major websites and Iam sure you know where to go and search.  I won't tell you what IAM DOING to crack this program (respect the Author and their works!) HOW TO GET A VALID SERIAL NUMBER by using SoftIce 1. Run MACROS.EXE, you'll soon face registration window, click ENTER LICENSE CODE button then type these following infos : User ID : Pirates Order Serial # : 907361205 Dont click OK button yet. 2. Fireup SoftIce [ ctrl+D ] and set new breakpoint : bpx hmemcpy [enter] F5 Click OK button, and when you returned back into SoftIce press F11, F5, F11, and F12 12 times to reach the main program codes. If nothing goes wrong you should land at 0137:4A1F52 ( BPX this location for further usage ). 3. Press F10 once and type D EAX [enter] you'll see your name in the Data Window. Press F10 once again and type D EDX [enter] you'll see your FAKE SERIAL# in the Data Window. 4. Keep on going press F10 6 (six) times, type D EDX [enter] you'll see nickname of DUELIST and if you scroll down a bit you'll see couples of crackers name and their serial number which are blacklisted by the Author. You also will see string "cr-mm" for which iam sure that is CORE's keygenerator file name for this program. 5. Press F10 21 (twenty one ) times - at 0137:4A1FB2, then type D 013F:00EEE1F8 [enter] or Right click at SS:0075F278=00EEE1F8 you'll see 66576-MP760-4450120105 in the Data Window, scroll up one line you will also get 6657648562935760495010 210544... looks interesting! WRITE IT DOWN, you'll need it later on. 6. Press F10 once - at 0137:4A1FB5, and type D EAX [enter], you'll have the same information as I described in the above explana- tion. 7. Press F10 36 (thirty six) times - at 0137:4A1FF5, type D EAX [enter] you'll see 58495-MR496-6331101124, and 58495693541014968414 21101133 in the Data Window, WRITE IT DOWN, you'll need it later on. At this stage you don't need dump memory address and/or register flag anymore, just watch WHAT WILL HAPPEN IN THE DATA WINDOW! 8. Keep on pressing F10 and stop at 0137:004A2035, the screen splashed and you get another interesting suspected serial number that is 61525-MD265-9301170154. One more time, take a note of this number. 9. Press F10 again and pass the call instruction at 0137:4A208B yeah... the classic INCORRECT REG CODE message appear in your screen, just click OK and you'll back into SoftIce again. NOTE: Here, you know where the 'Beggar Off' message was called by the program. Observe and follow this address in WDASM if you are going to patch this program to accept any fake number. 10. Disable current existing breakpoint(s) by typing BD * [enter] F5 to return to the program 11. Repeat registration procedure and keyed-in all fives suspected serial number you've noted it before. Upon successful registration you'll confirmed with " Thank you for Registering and description of license you have ". AD LIBITUM  This program according to HELP file has 5 ( five ) license type, you can notice this license type when you keyed-in the correct serial number i.e Personal Edition, Corporate Edition and Developer's Edition. The serial number which has "-" ( a dash ) are for one of those editions.  The rest serial numbers are for MacroMagic Remote Installation Manager ( Run MMADMIN.EXE, click FILE/REGISTER-EXPAND LICENSES/ ENTER LICENSE CODE menu ) to get 5 number of users and in my case is for 410 users respectively. END NOTES I HOLD NO RESPONSIBILITIES ( IN ANY SHAPE OR WHATSOEVER ) OF THE MISUSE ILLEGAL DISTRIBUTABLE REGISTRATION CODES FROM THIS TUTE. I'VE WARNED YOU, AS WELL AS THE AUTHOR THAT PERPETRATORS OF SOFTWARE PIRACY / ILLEGAL USERS OF THIS SOFTWARE WILL BE PROSECUTED BY ALL MEANS TO THE FULLEST EXTENT OF THE LAW. _ Never attribute to malice that which is adequately explained by stupidity _ This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > ASTAGA [D4C/C4A] [EOF] 6/23/00 6:08:49 AM support@iolo.com WHY PATCHING WHILE SERIAL NUMBER IS FISHY System Mechanic v3.5B A Cracking Tutorial by ASTAGA [D4C/C4A] ABOUT THE PROGRAM Macro Magic provides a revolutionary new way to save time by eliminating repetitive actions and simplifying complex tasks into one single step. Macro Magic was made for one purpose: To make your life easier! Have you ever noticed that while working on your computer you start going through the same actions day after day? Well, many people have forgotten this, but the purpose of your computer is to take over those repetitive tasks for you. WHERE TO DOWNLOAD Author : IOLO TECHNOLOGIES, LLC Homepage : http://www.iolo.com URL : http://members.loop.com/~unisyn/system_mechanic.exe Size : ? MB CONSTRAINTS :  The Author has changed their licensing code system due to illegal registration method by making keygen, distributing valid serial number by individual and/or cracking group(s). NICE TRY, BUD!  The Author has blacklisted two crackers name and their breaking serial number i.e DUELIST, R!SC, etc., so if you're using their serial number a warning message will appear in your screen. Further, the author changed the program so it will detect and refuse the using of cracker's keygen such as SERIAL.COM and SYSMECH.EXE  The program will detects your installed SoftIce debugger in your PC! So, the program won't run and there is no warning message confirming this matter. FIRSTLY, you have to read ANTI SICE TIPS and TRICKS from major websites and Iam sure you know where to go and search.  I won't tell you what IAM DOING to crack this program ( respect the Author and their works! ) HOW TO GET A VALID SERIAL NUMBER by using SoftIce 1. Run SYSMECHANIC.EXE, in the main window click PURCHASE button, click CLICK HERE TO ENTER YOUR USER ID... button then type these following infos: User ID : Pirates Order Serial # : 907361205 Don't click OK button yet. 2. Fireup SoftIce [ ctrl+D ] and set new breakpoint: bpx hmemcpy [enter] F5 Click OK button, and when you returned back into SoftIce press F11, F5, F11, and F12 12 times to reach the main program codes. If nothing goes wrong you should land at 0137:48F3AA ( BPX this location for further usage ). 3. Press F10 once and type D EAX [enter] you'll see your name in the Data Window. Press F10 once again and type D EDX [enter] you'll see your FAKE SERIAL# in the Data Window. 4. Keep on going press F10 and stop at 0137:48F3D0 , type D EDX [enter] you'll see nickname of DUELIST and if you scroll up a bit you'll see at least 2 crackers name and their keygen file names which are blacklisted by the Author. You also will see string "serial.com" and/or "sysmech.exe" for which iam sure that are DUELIST' and R!SC's keygenerator file name for this program. 5. Press F10 and stop at 0137:48F468, when you passed the call instruction you'll see 62536-ST364- , and if scroll up you'll found 6253608958975364454610610940 . wRITE down this posible code for further usage. 6. Press F10 again and stop at 0137:48F470, and type D EAX [enter] you'll see 62536-ST364-0490160164 appear in the Data Window. WRITE down this posible code for further usage. 7. Keep continue pressing F10 and stop at 0137:48F4B0 , type D EAX [enter] look at the Data Window, did you see 56475-PR477-4351121104 ? Yes, another posible reg code, write it down! 8. Press F10 again and stop at 0137:483F9D, there is CMP EBX,ECX instruction. If you curious about this comparison, just type ? EBX [enter] , and SoftIce will report : 33373039 0859254841 "3709" , wasn't it looks like a part of our fake S/N but in reverse order ? ? ECX [enter] , SoftIce will report : 37343635 0926168629 "7465" , what the hell is this ? another code in reverse order ? Press F10 then stop at 0137:48F4CF, right click on the SS Register which gives you 56475495521034770394011211534 . You can also dump memory address by typing : D 012EEACC [enter] Again, Write it down this interesting code. 9. Press F10 again and stop at 0137:48F4F0, then type D EAX [enter] look at the Data Window, did you see 67586-ND859-5440110115 ? Scroll up one line you'll see 6758658463925859505110110445 . Yes, another new posible reg codes, write it down! 10. Continue press F10 and stop at 0137:403056 or 0137:40305E and type : D ESI [enter] ---> Thank you for interest ...... D EDI [enter] ---> 67586-ND859-5440110115 Upto this stage I have no intention to continue tracing the code, so I decided to stop and disable current existing breakpoint(s) by typing : BD * [enter] F5 to return to the prog's registration window. Just click OK when the 'beggar off' message appear on the screen, and keyed-in the posible reg codes as our serial number. 11. Repeat registration procedure and keyed-in all fives suspected serial number you've noted it before. Upon successful registration you'll confirmed with " Thank you for Registering and description of license you have ". AD LIBITUM  This program according to HELP file has different kind of license type, you can notice this license type when you keyed-in the correct serial number i.e Professional Edition, Industrial Edition The serial number which has "-" ( a dash ) are for one of those editions.  The rest serial numbers are for ..... check by yourself and try your luck in the upgrade version maybe ... WHO KNOWS ? END NOTES I HOLD NO RESPONSIBILITIES ( IN ANY SHAPE OR WHATSOEVER ) OF THE MISUSE ILLEGAL DISTRIBUTABLE REGISTRATION CODES FROM THIS TUTE. I'VE WARNED YOU, AS WELL AS THE AUTHOR THAT PERPETRATORS OF SOFTWARE PIRACY / ILLEGAL USERS OF THIS SOFTWARE WILL BE PROSECUTED BY ALL MEANS TO THE FULLEST EXTENT OF THE LAW. _ Never attribute to malice that which is adequately explained by stupidity _ This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > ASTAGA [D4C/C4A] [EOF] 6/23/00 10:16:14 AM support@iolo.com How to improve Registry Crawler 2.1 to be faster Target: Registry Crawler 2.1 (exe 311296 bytes) WWW: http://www.4developers.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections: improvings - 4 ways search, bigger buttons, fast delete history Tools: Hiew, W32Dasm, Exescope 5.12 & Windows Commander 4.03 --------Last news about secret mondial establisment------- "Echelon" mondial espionage net of USA, England (in fact invisible government). Secret code: P-415. This net intercepts monthly about 100-200 milions of emails, talkings, other infos, for "happiness of human rights". Specialists saids about this: "a global system of supervising all men of the world". The president of European Parlament - woman Nicolae Fontaine saids: "I'm scandalized by the fact that this mondial espionage of everybody, including of occidental countries, doesn't determined official protests from anyone". You're smart - guess why? Last news: I have the proof from an advanced hacker that even if you hide your IP adress very good, Echelon has no problem to see your identity. All WWW is projected to be transparent for Echelon. Be unite to defeat "beast of bible". ------------ The tool Registry Crawler 2.1 is a need for a cracker! Grab it now! It can easily search all Registry to find you what you're looking, can memorate adresses from Registry (bookmarks) for fast access, great tool! It's a must have for a cracker! OK! Let's improve our tools a little! First, notice this: today will not find a serial for this, only a few good improvings for this tool will be commented. So, anyway a serial (to pass unregistered bug - he,he,he): N: My Person S: 8267-$HJa$ . Later maybe a tutor about how to find the serial. But everybody has a keygen or a serial of this great program! 1. First modification: making button Delete History to pass over 2 boring windows. See in Options->Delete History->window "Are you sure you want..."-> ->OK->window "Finished clearing...tralala". Will make a modification that permit us to quickly delete history, without boring questions. This for fastening our work with the program. Disassemble rcrawler.exe with W32Dasm and make a copy for cracking, y.exe. Alt-S-Enter, put words from first window: "Are you sure you want to clear the search list?" and search for them. Bingo at ball 4050FB (w32dasm). We take a close look at the code there. I estimate that code of our window is from 4050F2 to 405108 inclusive. You see that jump from 405108 that permit us to press yes/no at question. Will make all permanently yes. Replace with hiew all the code from 4050F2 (hiew 50F2) to 405109 (hiew 5109 inclusive) with 90's, about 24 times, save and test our y.exe. Bingo! Everything works perfectly! History is cleared without boring questions or windows! If you don't believe me put a bookmark in section Bookmarks of Registry Crawler 2.1; use regedit to find in Registry the next adress: HKEY_LOCAL_MACHINE\SOFTWARE\4Developers\RCrawler\History and see for yourself if history is cleared. A final remark: when removing a window or a function like we did above, replace with 90's the push's above connected with the text or API and cmps, jmps above it also! You can try to jump directly with EB xxxx (new adress)! Here's not working in this way! 2. Second modification: activating search for HKEY_CURRENT_USER. You can see that this program is maded from factory to search only on 2 ways at a time: HKEY_USERS & HKEY_LOCAL_MACHINE or any others 2. We will make now the program to search in HKEY_CURRENT_USER also. After I searched a few times after words "HKEY_CURRENT.." I arrived at this w32dasm adress: 406A1B (hiew 6A1B). From here it seems that program activate/dezactivate this search. Let's try. Hiew y.exe at 6A1B - 7507 -> 9090 to don't jump over this HKEY. Test and... OK! It's working fine! Next! 3. Third modification: activating search for HKEY_CLASSES_ROOT. Will do now Registry Crawler 2.1 to search in HKEY_CLASSES_ROOT also. After I searched a few times after words "HKEY_CLAS.." I arrived at this w32dasm adress: 4069C4 (hiew 69C4). From here it seems that program activate this search. Let's try. Hiew y.exe at 69C4 - 7507 -> 9090 to don't jump over this HKEY. Test and... ...OK! It's working! 4. Optionally, but a good improving (with Exescope 5.12) for faster access: a). Enter in y.exe with Exescope and make bigger buttons from panel Search, function "Search For", buttons Go & Cancel. You can enlarge vertically to be easier to press with mouse on higher working speed. b). Enter in Options (see hammer on window - icon) window, you see the next buttons -> Delete History, and down Cancel, OK. For faster access you must enlarge Delete History button to be as long as the write from below "Delete history will clear the search list" and vertically untill it reaches to word "General". Then move button OK near Delete history, enlarge untill is half of Delete History, then near OK put Cancel button enlarged similary as OK. Then equilibrate all there to obtain a nice design and save all modifications. For to see my choice of arranging Registry Crawler 2.1, look after file enhance_rc21.exe, from my site: www.geocities.com/john_aum/john_files . Use this enhancer only on shareware version of file rcrawler.exe! Has all the modifications from this tut! Plus serial from here or from my file (see info)! Note: this version has the posibility to be enlarged on all your screen. So, adjust properly! Enjoy this usefull & nice program! Bye now! ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ How to improve PatchMaker 0.99a to work faster Target: PatchMaker 0.99 (authors - Kill3xx/AVaLoN/RingZ3ro) WWW: http://protools.hpage.net or other Protools url's Cracker: --..__J_o_h_n_n_y__A_U_M__..-- Protections: look a few lines down Tools: HexWorkshop 3.02, Unaspack 1.0.9.0, Hiew, W32Dasm, Windows Commander 4.03 Exescope 5.12 --------Last news about secret mondial establisment------- "Echelon" mondial espionage net of USA, England (in fact invisible government). Secret code: P-415. This net intercepts monthly about 100-200 milions of emails, talkings, other infos, for "happiness of human rights". Specialists saids about this: "a global system of supervising all men of the world". The president of European Parlament - woman Nicolae Fontaine saids: "I'm scandalized by the fact that this mondial espionage of everybody, including of occidental countries, doesn't determined official protests from anyone". You're smart - guess why? Last news: I have the proof from an advanced hacker that even if you hide your IP adress very good, Echelon has no problem to see your identity. All WWW is projected to be transparent for Echelon. Be unite to defeat "beast of bible". ------------ This tut was promised some time ago in another stuff of mine, so here it is... I use frequently PatchMaker 0.99a because is fast, beatifull, permits many details to be introduced and make small cracks (which can be made more compact with Aspack 2.1) and also, not the last, permits many modifications (thousands). This is usefull when changing bitmaps, jpgs, icons, etc in our programs. But I encountered some problems when working with it; this are: 1. - a bug sometimes which announce you some errors and start reading from adress xxx... 2. - when we are in section BytePatch and selecting files for comparation, at the second file (the one modified by us) you must select type first, then our cracked file (usually another exe -> at me is y.exe) - a few more operations and more boring. 3. - for me, some words like patch, apply patch, patching..., patched succesfully, patching failure, already patched - are not the best, so I replaced them with my options (instead patch - crack, cracking, etc). 4. - if we don't select icon and bitmap we will have a crack with icon/bitmap of authors, which is unpleasant sometimes, so we must select always icon/bitmap of ours, very boring (why don't replace forever author icon/bmp's with ours). 1. First, the bug when try to perform Compile stage and Compile bmp is active. So, a message pops up and tell you that a error had place and start reading from another adress. It's not a serious and grave bug, and I tryed everything I can do but I cannot fixed it trough assembly. Maybe some of you can and please make a tutor and send it to tKC. So, what we can do? Do this: a. - when error window appears press Enter and verify all infos from section Project, to not have any strange symbols unpermitted by PatchMaker 0.99a; b. - press Enter and load a bitmap again and try again to compile; usually this method works best; try a few more times if not working from the first; c. if the first 2 methods don't give results, save Project, exit from PatchMaker and re-enter, load your project and compile; this is a good method too. 2. Changing Cracked Files (*.crk) from file type in EXE Files (*.exe) for faster work. Unpack pmaker.exe with Unaspack 1.0.9.0 from protools (279040 bytes) into 692736 bytes file. Good, then make a copy, y.exe and hiew y.exe to search for words "Cracked Files". Found them at 7796C. From that adress (inclusive) we write instead this words -> Cracked Files (*.crk)|*.crk this ---> EXE Files (*.exe) |*.exe <--- this is the final result. Let's make a probe... wow, working fine, our exe's are selected faster. Good! 3. Changing those words, like "patch" into "crack", etc. This is to easy for you, just search and replace, make tests, you can do it on your own, OK. See also if the resulted crack is how you wish (for example in my case -> crk_.exe instead patch.exe). You can even change the name of the program into Patchmaker 0.99b (instead "a" - kind of new version). 4. Changing inside icon/bitmap from PatchMaker so the result, the patch.exe or in my case -> crk_.exe is with our own icon/bitmap even we don't select for a new ones. If we search after icon/bitmap with any program which grab resources, we don't find anything because the begining of icon and/or bitmap is different from what these programs expect. So, what we can do? We will search manually for our icon/bitmap in our y.exe. Or extract icon/bitmap of authors from a patch.exe and search after similar strings in y.exe. Let's do this, cause it's easier. First extract icon and bitmap from patch.exe with Exescope 5.12. We got them. Good, now searching...I found for you (for training you must practice on your own) these adresses: for bitmap -> 81894 (see 28 00 00 - hex) and for icon -> -> hiew 84444 (see 28 00 00 - hex). Now you must open Hexworkshop 3.02 (or other hexeditor) and select-copy your desired icon or bitmap not from begining, but from this hexa 28 00 00 until it's end and gently replace the code in y.exe (see adresses). You must have selected the same amount of code (from 28 00 00 to end of icon or bmp and it must fit with the code from icon or bmp of y.exe). If all was replaced corectly, now when you make a new crack will see your own icon/bmp without to select them from section Project of PatchMaker 0.99a. So, with this modifications all will work faster, because this becomes very important when you make a lot of cracks weekly or some enhancers. After finishing with y.exe and is quite good (and fullfill your needs) use Aspack 2.1 to repack the new cracked file. Rename how you wish. OK. My job is done! PS. If you're wondering how PatchMaker 0.99a works, here's how: 1. in section Project put all data you wish, in info also if necessary; 2. goto section BytePatch, select FilesCmp then doubleclick your original.exe, (if original - chose type of file) and after, doubleclick your_cracked.exe; 3. now press Build, if all OK press Done; 4. now goto section Project again and if everything is fine you must see that Compile bmp or button is active, press Compile and your crack is done. Of course you can start from section BytePatch first also! Enjoy this remarcable program, thanks to our authors (crackers too). ---------------- Greets: tKC & CIA (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ Requests from people, here are my 2 winice.dat files I use for SoftICE, 1 for Win98 and another 1 for Win2000 (NT)... -----------------------------winice.dat for Win98----------------------------- NMI=ON SIWVIDRANGE=ON LOWERCASE=OFF MOUSE=ON NOLEDS=OFF NOPAGE=OFF PENTIUM=ON THREADP=ON VERBOSE=ON PHYSMB=256 SYM=1024 HST=256 DRAWSIZE=2048 TRA=8 NTSYMBOLS=ON INIT="lines 60;wd 13;wc 25;dex 1 ss:esp;code on;watch *ds:esi;watch ds:esi;ww;" INIT="watch eax;watch *eax;watch es:edi;faults off;code on;X;" F1="h;" F2="^wr;" F3="^src;" F4="^rs;" F5="^x;" F6="^ec;" F7="^here;" F8="^t;" F9="^bpx;" F10="^p;" F11="^G @SS:ESP;" F12="^p ret;" SF3="^format;" CF8="^XT;" CF9="TRACE OFF;" CF10="^XP;" CF11="SHOW B;" CF12="TRACE B;" AF1="^wr;" AF2="^wd;" AF3="^wc;" AF4="^ww;" AF5="CLS;" AF8="^XT R;" AF11="^dd dataaddr->0;" AF12="^dd dataaddr->4;" CF1="altscr off; lines 60; wc 32; wd 8;" CF2="^wr;^wd;^wc;" WDMEXPORTS=OFF MONITOR=0 EXP=c:\windows\system\kernel32.dll EXP=c:\windows\system\user32.dll EXP=c:\windows\system\gdi32.dll EXP=c:\windows\system\comdlg32.dll EXP=c:\windows\system\shell32.dll EXP=c:\windows\system\advapi32.dll EXP=c:\windows\system\shell232.dll EXP=c:\windows\system\comctl32.dll EXP=c:\windows\system\crtdll.dll EXP=c:\windows\system\version.dll EXP=c:\windows\system\netlib32.dll EXP=c:\windows\system\msshrui.dll EXP=c:\windows\system\msnet32.dll EXP=c:\windows\system\mspwl32.dll EXP=c:\windows\system\mpr.dll -------------------------------------eof-------------------------------------- -----------------------------winice.dat for Win2000--------------------------- PENTIUM=ON NMI=ON ECHOKEYS=OFF NOLEDS=OFF NOPAGE=OFF SIWVIDRANGE=ON THREADP=ON LOWERCASE=OFF SYM=512 HST=256 MACROS=32 DRAWSIZE=2048 INIT="X;" F1="h;" F2="^wr;" F3="^src;" F4="^rs;" F5="^x;" F6="^ec;" F7="^here;" F8="^t;" F9="^bpx;" F10="^p;" F11="^G @SS:ESP;" F12="^p ret;" SF3="^format;" AF1="^wr;" AF2="^wd;" AF3="^wc;" AF4="^ww;" AF5="CLS;" AF11="^dd dataaddr->0;" AF12="^dd dataaddr->4;" CF1="altscr off; lines 80; wc 35; wd 15; width 80;" CF2="^wr;^wd;^wc;" ; WINICE.DAT ; (SystemRoot\System32\Drivers\WINICE.DAT) ; for use with SoftICE for Windows NT (versions 3.0 and greater) ; ; ***** Examples of export symbols that can be included ***** ; Change the path to the appropriate drive and directory EXP=\SystemRoot\System32\hal.dll ; EXP=\SystemRoot\System32\ntoskrnl.exe ; EXP=\SystemRoot\System32\ntdll.dll ; EXP=\SystemRoot\System32\kernel32.dll ; EXP=\SystemRoot\System32\user32.dll ; EXP=\SystemRoot\System32\csrsrv.dll ; EXP=\SystemRoot\System32\basesrv.dll ; EXP=\SystemRoot\System32\winsrv.dll EXP=\SystemRoot\System32\krnl386.exe -------------------------------------eof-------------------------------------- I really hope you've enjoyed this tutorial as much as I did! Don't miss Tutor #91 soon! ;) Credits goto: FuzzyCat for Splash Logo. ASTAGA for providing 2 tut in this version. Johnny Aum for providing 2 tuts in this version. To ALL the crackers: You are welcome to send me your tutors to publish them .. see below for my email address! *** 95 chars per line in textfile please! *** And all the tutors can be found at: http://www.crackersinaction.org (or on IRC, ask CiA ops for urls!) Greetz goto all my friends! You can find me on IRC or email me at tkc@reaper.org Coded by The Keyboard Caper - tKC The Founder of PhRoZeN CReW/Crackers in Action 2000 Compiled with Delphi 5 on 26 June 2000 Cracking Tutorial #90 is dedicated to Sonia...