ͻ
                                                                            
                                    
    ۲      ۲۲         ۲            
 ۲    ۰           ۲     ۲   ۲        ۲  
    ۲  ۲      ۲ ۲         ۰   ۲           ۲  
    ۲                    ۲        ۰   ۲           ۲  
    ۲  ۲     ۲  ۲   ۲۰    ۲           ۲  
    ۲    ۰    ۲ ۲       ۰   ۲           ۲  
    ۲    ۰    ۲   ۲       ۰   ۲           ۲  
    ۲    ۰    ۲   ۲   ۲   ۲  ۲  
 ۲   ۲   ۲  ۲      ۲۲۲۲    
                      
                                                               -=DiABLO=- 
ͼ

			--- Cracking WinUGCS v3.0 ---

Info:
*****
Wow, here I'm again, with my second tut!!! Yahooooo! I will try to make
this tut as easy as I can get it. In this tut I'll show U how to use
SoftIce when cracking! It's a great tool!! I assume that U have
installed SoftIce and its ready to work! PS! When I write something
like this 'bpx getdlgitemtexta' I meen it without the 's!!
WinUGCS v3.0 should be in this zip file, but if it is NOT, get it here:
Www.Heat-On.Com

Tools Needed:
*************
Hacker's View 6.02 (Http://DiABLO.Freehosting.Net/Dl/Hview602.zip)
SoftIce v3.24      (Http://Www.Crosswinds.Net/Oslo/~DaDiABLO/Sice324.zip)

The Cracking Begins:
********************
First install WinUGCS, now lets examine it... when U start it, a dialog
box pops up, asking for a reg code, nothing more... K, lets start!!
Enter 656656 as the code and press Ctrl+D to enter SoftIce. Type in
'bpx getdlgitemtexta'. Now enter 'x' to return to WinUGCS.
Are U with me now? Good, press the OK button. SoftIce pops! Press F11.
Now U see this:
--------------- 
:00401C13 FF15C0634100            Call dword ptr [004163C0]
:00401C19 68F0144100              push 004114F0   <-- U ARE HERE NOW!!!
:00401C1E E80DC20000              call 0040DE30
:00401C23 83C404                  add esp, 00000004
:00401C26 803DF614410000          cmp byte ptr [004114F6], 00
:00401C2D 7405                    je 00401C34
:00401C2F BF01000000              mov edi, 00000001             
:00401C34 803DF114410053          cmp byte ptr [004114F1], 53
:00401C3B 740E                    je 00401C4B
:00401C3D 803DF114410035          cmp byte ptr [004114F1], 35
:00401C44 7405                    je 00401C4B
:00401C46 BF01000000              mov edi, 00000001
:00401C4B 803DF314410031          cmp byte ptr [004114F3], 31
:00401C52 7405                    je 00401C59
:00401C54 BF01000000              mov edi, 00000001
:00401C59 803DF014410043          cmp byte ptr [004114F0], 43
:00401C60 7405                    je 00401C67
:00401C62 BF01000000              mov edi, 00000001
:00401C67 803DF214410032          cmp byte ptr [004114F2], 32
:00401C6E 7405                    je 00401C75
:00401C70 BF01000000              mov edi, 00000001
:00401C75 803DF414410039          cmp byte ptr [004114F4], 39
:00401C7C 7405                    je 00401C83
:00401C7E BF01000000              mov edi, 00000001
:00401C83 6A00                    push 00000000
:00401C85 85FF                    test edi, edi
:00401C87 7419                    je 00401CA2
:00401C89 681CF34000              push 0040F31C
:00401C8E 6874F34000              push 0040F374
:00401C93 6A00                    push 00000000
:00401C95 FF15E8634100            Call dword ptr [004163E8]
:00401C9B 33C0                    xor eax, eax
:00401C9D 5F                      pop edi
:00401C9E 5E                      pop esi
:00401C9F C21000                  ret 0010
---------------
Alot of code there, take it easy.... don't panic... I'll take it
slowly! Now if U enter 'd 004114F0' U see the code we entered in the
data window. Why 004114F0? Because there we are now it says
'PUSH 004114F0'! Press F10 until U come to this line: (00401C2D)

:00401C26 803DF614410000          cmp byte ptr [004114F6], 00
:00401C2D 7405                    je 00401C34

This is the first jump. If the code U entered is longer than 6 letters,
then it DOESN'T JUMP, therefore it must be 6 or less. How did I found
out that? K, remember that your code was at 004114F0? And at the line

:00401C26 803DF614410000          cmp byte ptr [004114F6], 00

it checks if 004114F6 is 0. Get it? Your code starts at 004114F0.
so here I'll show U:
--------------------

004114F0 = 6
004114F1 = 5
004114F2 = 6
004114F3 = 6
004114F4 = 5
004114F5 = 6

--------------------
Now 004114F6 is 0. Now it will jump.If u had typed one letter more,
ex: 7,it would look like this:
------------------------------

004114F0 = 6
004114F1 = 5
004114F2 = 6
004114F3 = 6
004114F4 = 5
004114F5 = 6
004114F6 = 7

-------------------------------------------------------------
Then 004114F6 is 7!!! Now it will NOT jump. Now U get it don't U!
So just have 6 letters! K, lets continue! Press F10 until this
line: (00401C3B)
----------------

:00401C34 803DF114410053          cmp byte ptr [004114F1], 53
:00401C3B 740E                    je 00401C4B

It checks if 004114F1 is the hex value 53 and what that is, u can find
out by entering '? 53' in SoftIce. Its S. And as u can see some lines
ago, 004114F1 = 5. It checks if 5 is S!!! Now we're getting somewhere.
So, now press 'x' and type in: 6S6656 as code. Press Ctrl+D, press F10
until this line: (00401C52)
---------------------------

:00401C4B 803DF314410031          cmp byte ptr [004114F3], 31
:00401C52 7405                    je 00401C59

Almost the same here, checks if 004114F3 is hex value 31. 004114F3 is
now 6 and hex value 31 is 1! So, now press 'x' and type in: 6S6156 as
code. Press Ctrl+D, press F10 until this line: (00401C60)
---------------------------------------------------------
 
:00401C59 803DF014410043          cmp byte ptr [004114F0], 43
:00401C60 7405                    je 00401C67

Almost the same here, checks if 004114F0 is hex value 43. 004114F0 is
now 6 and hex value 43 is C! So, now press 'x' and type in: CS6156 as
code. Press Ctrl+D, press F10 until this line: (00401C6E)
---------------------------------------------------------

:00401C67 803DF214410032          cmp byte ptr [004114F2], 32
:00401C6E 7405                    je 00401C75

Almost the same here, checks if 004114F2 is hex value 32. 004114F2 is
now 6 and hex value 32 is 2! So, now press 'x' and type in: CS2156 as
code. Now we're almost done! Press Ctrl+D, press F10 until this
line: (00401C6E)
----------------

:00401C75 803DF414410039          cmp byte ptr [004114F4], 39
:00401C7C 7405                    je 00401C83

Almost the same here, checks if 004114F4 is hex value 39. 004114F4 is
now 5 and hex value 39 is 9! So, now press 'x' and type in: CS2196 as
code. It worked!!! Congratulations!!! U cracked WinUGCS v3.0!!!

But hey, it didn't check the last letter, 6? This letter can be
whatever U want! It can also be forgotten, just enter CS219 as code,
not enter the last 6.

Ending Info:
************
This was a fine easy protection! I hope U didn't get lost back there!
Just try, and try, till U get it right!
You can meet me on EFNet in #Cracking4Newbies as Da_DiABLO and if you
learned something from this tutorial, please tell me! And expect some
more tutorials soon...
Also visit my site: Http://DiABLO.Freehosting.Net/Index.htm
Cya!

Greeting:
*********
Go to everybody in ORiON & Cracking4Newbies!! And also every other
cracker that reads this tut!!!