SubmitWolf PRO v3.06 Author: Rene' Warmuz (Ren) Copyright Ó 1997 MSW For licensing and other information, Contact MSW at: WWW: http://www.msw.com.au/sbwolf Mail: MSW Pty. Ltd. 71 Cromer Road Beaumaris, Victoria 3193, Australia Fax: +613-9583-2562 Email: msw@msw.com.au When you register the time limit is removed & free upgrades are automatically allowed. No more nags! So into SICE! Load target. Goto reg key input screen. Input a name & dummy key (I suggest you use a 10 digit dummy key as this is the true length of the final key). A note on this: A dead listing with W32DASM will show roughly where the code is first checked. In SICE, the input string is 1st checked as follows: 1. 1st digit must be a P if not - jump to hell. 2. 2nd digit must be a W if not - jump to hell. 3. 3rd digit must be a 8 if not - jump to hell. 4. 4th digit must be a - if not - jump to hell. 5. Then ANY 6 numbers. See Below: ***********NOTE - This is NOT the actual deadlist It is from WEBWOLF but is included for illustration purposes.****** ***********SubmitWolf, however, also uses this same routine***************** * Referenced by a CALL at Addresses: ****This routine is where the 1st part of the reg code is**** |:00408218 , :0040BB38 ****checked**** | :004082F0 8B442408 mov eax, dword ptr [esp+08] **** Load up 1st chunk of reg code **** :004082F4 83EC30 sub esp, 00000030 :004082F7 85C0 test eax, eax **** Anything there? **** :004082F9 53 push ebx :004082FA 56 push esi :004082FB 57 push edi :004082FC 0F8460010000 je 00408462 **** No = go away **** :00408302 8B7C2440 mov edi, dword ptr [esp+40] :00408306 85FF test edi, edi :00408308 0F8454010000 je 00408462 :0040830E 803857 cmp byte ptr [eax], 57 ****Is it a W ? **** :00408311 0F854B010000 jne 00408462 **** N0 = go away to hell! **** :00408317 80780157 cmp byte ptr [eax+01], 57 **** Is it another W ? **** :0040831B 0F8541010000 jne 00408462 **** N0 = go away to hell again! **** :00408321 6A13 push 00000013 **** shift counter **** :00408323 50 push eax **** save it **** :00408324 8D44241C lea eax, dword ptr [esp+1C] **** Load next bit of code **** :00408328 50 push eax :00408329 E87291FFFF call 004014A0 **** In here is the "8" & "-" checks **** :0040832E 83C40C add esp, 0000000C :00408331 8D4C2414 lea ecx, dword ptr [esp+14] :00408335 6A2D push 0000002D **** Kindly puts in the "-" if we forgot! **** :00408337 51 push ecx :00408338 E803890000 call 00410C40 :0040833D 8BD8 mov ebx, eax :0040833F 83C408 add esp, 00000008 :00408342 85DB test ebx, ebx **** Last check of 1st chunk of reg code **** :00408344 0F8418010000 je 00408462 **** N0 = go away to hell again! **** :0040834A C60300 mov byte ptr [ebx], 00 ** or move on to next part of check **** : The above system is present in ALL the wolf programs so far. I have included it here for a fuller explanation. BPX hmemcpy . Run target - it will immediately break in SICE. F5 x 1 to read in 2nd data line. F11 to get back to calling address. Disable all breakpoints & prog-step (F12) or, if you have the time, step (F10) -I don't recommend this unless you have a few weeks spare! Anyway, step until you get to the target (in SICE the code window will show the program name albeit in abbreviated form) Search "key-input-string" ie: :s 0 l ffffffff '1212121212' BPM on address. ie: :BPM ????:0058F670 RW Name & Code BPM on address. ie: :BPM ????:0058F6A8 RW It gets copied to: 0058F728 BPM on it too. F5 x 5-10 times At in EDX @ C3A0E0D1 you will see (eventually) the 6 digit number to suffix on to the 1st 4 digits ie: PW8-xxxxxx (where xxxxxx = your numbers found). NB. You may have to F5 a few times & G a time or so to get the code to pop up in the code window - I suggest you keep a watch on data area D 58F670 CRACK DONE! Kudos, The_Gimp! If you're REALLY lazy (like me!) use this serial instead . . . Name Reg The_Gimp! PW8-301311 - PRO The_Gimp! SW8-168485 - STANDARD Then you need to crack part two. This involves obtaining the latest script by doing a seperate download of the latest version of "sb-script.exe" This is a "Package for the Web" passworded file. Just use Peppers' crack on it. And install the upgrade! Included with this release!