home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
cracks
/
cracks1.zip
/
DISKFA~2.ZIP
/
DFAC210.TXT
Wrap
Text File
|
1997-04-26
|
6KB
|
198 lines
ROMEO'S LOG FOR DISK FACTORY 32-BIT V2.10
=========================================
..ooOO00OOoo....ooOO00OOoo....ooOO00OOoo....ooOO00OOoo....ooOO00OOoo..
Greetz to JUANDA++ 1997 & Porcupine
----------------------------------------------------------------------
SERIALZ CRACKING INFO SHAREWARE INFO
----------------------------------------------------------------------
Bpx : GetDlgItemInt Name : Disk Factory 32-bit
D : - Version : 2.10
? : EAX @ 014F:0040E06A Price : $39.95
S : - Author : Mark J. McGinty
Add Info: The first comparison Company : Accurate Technologies
checks if you have Homepage : N/A
version 1.x S-Loc : HKEY_LOCAL_MACHINE
SOFTWARE
The second comparison Accurate Technologies
checks if you have DiskFactory32
a valid upgrade serialz 2.0
Registered User
The third comparison
checks if you have
a valid current version
serialz
----------------------------------------------------------------------
..ooOO00OOoo....ooOO00OOoo....ooOO00OOoo....ooOO00OOoo....ooOO00OOoo..
*******************************************************
Step-by-Step Tutorial
using Soft-Ice v3.0
(s/n : 2110-00617F-77)
*******************************************************
1. Set breakpoint
Ctrl-D (to enter soft-ice screen)
bpx getdlgitemint
2. Key in name and dummy serialz
Ctrl-D (to exit soft-ice screen)
romeo '97
987654321
3. Click OK
4. (you should be in soft-ice screen)
Disable breakpoint and press F11
bd 0
(press F11)
This is what you should see (for Disk Factory 32-bit v2.10 only!):
p/s : the exact memory location may differ!!!
(press F10 to step down each line)
-----------------------------------------------------------------------
Comments
-----------------------------------------------------------------------
014F : 0040DFBD [USER32!GetDlgItemInt] convert 987654321
into 3ADE68B1 (hex
value)
0040DFC3 MOV [0042AC70],EAX save EAX (3ADE68B1)
in [0042AC70]
0040DFC8 MOV EAX,[00427350]
0040DFCD PUSH EAX
0040DFCE PUSH 0042AC38
0040DFD3 CALL 0040E653 call the function
to calculate the
serialz for version
1.x
0040DFD8 ADD ESP,08
0040DFDB MOVZX EAX,AX
0040DFDE CMP EAX,[0042AC70] First comparison,
compare EAX with
987654321
? EAX
and you get 4997
0040DFE4 JNZ 0040E00B Jump to 0040E00B if
the numbers do not
match
-----------------------------------------------------------------------
0040E00B PUSH 0042AC38
0040E010 Call [KERNEL32!lstrlen] count string length,
which is 09 (987654321)
0040E016 PUSH EAX
0040E017 PUSH 0042AC38
0040E01C CALL 0040E9F7 call the function
to calculate the
serialz for upgrade
0040E021 ADD ESP,08
0040E024 CMP EAX,[0042AC70] Second comparison,
compare EAX with
987654321
? EAX
and you get 1229694791
0040E02A JNZ 0040E051 Jump to 0040E051 if
the numbers do not
match
-----------------------------------------------------------------------
0040E051 PUSH 0042AC38
0040E056 Call [KERNEL32!lstrlen] count string length,
which is 09 (987654321)
0040E05C PUSH EAX
0040E05D PUSH 0042AC38
0040E062 CALL 0040E516 call the function
to calculate the
serialz for current
version
0040E067 ADD ESP,08
0040E06A CMP EAX,[0042AC70] Third comparison,
compare EAX with
987654321
? EAX
and you get 1507558471
0040E070 JNZ 0040E092 Jump to 0040E051 if
the numbers do not
match
-----------------------------------------------------------------------
RESULTS:
Name : romeo '97
s/n : 1507558471
Shorthand to remember how to find the number next time :
Bpx GetDlgItemInt
? EAX @ 014F:0040E06A
-----------------------------------------------------------------------
5. Clear breakpoint and exit soft-ice
bc 0
Ctrl-D (to exit soft-ice screen)
-----------------------------------------------------------------------
Notes for absolute beginners :
============================
ADD = Add
CMP = Compare
MOV = Move
JNZ = Jump if not zero
JZ = Jump if zero
? = Converts hexadecimal
value to decimal
value (plus a couple of other stuff)
S = search (for ASCII or hexadecimal values)
D = display (data/ASCII or hexadecimal values)
BL = list all breakpoints
BC = clear breakpoints
BE = enable breakpoints
BD = disable breakpoints
BPX = breakpoint on execution
BPR = breakpoint on memory range
F8 = step into a function
F10 = step down each line
Ctrl-D = enter/exit soft-ice screen
Useful breakpoints
==================
Typical breakpoints that work :
GetDlgItemText
GetDlgItemTexta
GetDlgItemInt
GetWindowText
GetWindowTexta
lstrlen
lstrcmp
When the typical breakpoints above do not work, use :
SendMessagea (when you get a message if the serialz is wrong)
SendMessage (when you get a message if the serialz is wrong)
GetDlgItem (a bit tedious)
GetPrivateProfileStringa (reading from file e.g. *.key, *.reg, *.lic)
GetStartupInfo (reading from file e.g. *.ini)
MessageBeep (when you hear a beep if the serialz is wrong)
When all the above does not work, then you should use BPR (breakpoint
on memory range) rather than BPX (breakpoint on execution). (works
all the time! .. so far)
-----------------------------------------------------------------------
Regards,
-romeo '97-
*****************************
To learn and to teach ...
Many thanx to Ed!son
and JUANDA++ who have
taught me.
*****************************
..ooOO00OOoo....ooOO00OOoo....ooOO00OOoo....ooOO00OOoo....ooOO00OOoo..