WHY PATCHING WHILE SERIAL NUMBER IS FISHY Ergonomic Timer v3.2 A Cracking Tutorial by ASTAGA [D4C/C4A] DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. ABOUT THE PROGRAM The Ergonomic Timer(tm) provides relief from repetitive stress problems by monitoring the mouse, the keyboard and the time spent at the workstation. When the programmable number of mouse clicks, mouse moves, keystrokes or minutes occur, a break screen pops up with a countdown timer. The operation can also be password protected to enforce medical compliance. WHERE TO DOWNLOAD Author : Silvio Kuczynski / Tropical Software Homepage : http://www.tropsoft.com/ergtimer/main.htm URL : http://www.tropsoft.com/ergt32d.exe Size : KB HOW TO GET VALID SERIAL NUMBER by using SoftIce 1. Run ERGTIMER.EXE, in the main program click HELP/REGISTER button. In the registration dialog box type these below informations : Name : Pirates Order Code : 73881050 Do not click OK button yet 2. Fire up SoftIce by pressing Ctrl + D , create a new breakpoint i.e GetWindowTextA by typing : bpx GetWindowTextA [enter] Press F5 to return to the main program. 3. Click OK button now, you'll return back into SoftIce. Press F11, F5, and F11 once again to get into the main program codes as follow : 0041D543: FF1584CC4400 call GetWindowTextA <=== you 0041D549: 8B4C2408 mov ecx,[esp][00008] 0041D54D: 6AFF push 0FF 0041D54F: E8A22F0000 call 0004204F6 0041D554: EB0C jmps 00041D562 0041D556: 8B01 mov eax,[ecx] 0041D558: FF742408 push d,[esp][00008] 0041D55C: FF9090000000 call d,[eax][00000009 ...... ...... Keep continue pressing F10 around 22 times until you reach this below snippet codes : ______________________________________________________________ 00407831: E8FA090000 call 000408230 <== you land HERE 00407836: 83C408 add esp,008 ; <== d edx HERE 00407839: 85C0 test eax,eax ______________________________________________________________ Press F10 once ( stop at 015F:00407836 ), dump/display EDX register by typing : D EDX [enter] Did you see 373E5C5396 ( located at the memory address ) in the Data Window ?? Scroll up one line or dump/display ECX register, you'll see your fake S/N together with the real one. Now, disable current existing breakpoint ( BD * [enter ), press F5 to return to the main program. 4. Soon you're return back to the program, the 'beggar-off' msg appear on the screen, just click OK to confirm and quit the application ( nice try .... Kuczynski !!!! ). 5. Re-run the program, repeat registration procedure and keyed-in 373E5C5396 as your valid serial number. Successful registration will appear on the screen, you're illegaly registered now. 6. Let's recap your job with the following questions : - can I have a shortway to reach the desired CALL instruction without pressing F10 22 times ?? - where the hell is my registration code is stored ?? 7. Take these following answers : - Make sure that previous breakpoint ( GetWindowTextA ) is not active/disable. Make sure that GERGRE23.DRU file is deleted. Run the program, keyed-in new User name and fake S/N. Create a new breakpoint at the address 015F:00407831 bpx 015F:00407831 [enter] Press F5 to return to the registration window Click OK You'll break in SoftIce at the address 015F:00407831 Press F10 once , keep on eye in the Data Window ... new S/N copied to the memory address ....... or type D EDX or D ECX [enter] Repeat Step 4 and 5 in the above section. - The correct registration code is encrypted and stored in the file called GERGRE23.DRU which located in your Windows directory ( usually C:\WINDOWS ). END NOTES This program is sold as shareware, so you can try before you buy. This is convenient for you, saves expenses by dispensing with all that packaging, and cuts out the middle person. So it is cheap, but it is not free. If you like the program, and you will, be sure to register and pay. To keep shareware prices low, users must do the right thing: Register, pay up, and smile/grin at yourself in the mirror. Do not distribute your crack release based on this tutorial, because you become a LAMER(s)!!!!!!!! ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of personal computer, using Hex Editor, ripping off other group(s) crack release, repacking (distro) them under his name. Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) More about LAMER(s): lamer /n./ [prob. originated in skateboarder slang] Synonym for luser, not used much by hackers but common among warez d00dz, crackers, and phreakers. Oppose elite. Has the same connota tions of self-conscious elitism that use of luser does among hackers. < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html > _ Never attribute to malice that which is adequately explained by stupidity _ ASTAGA [D4C/C4A] tute-ergtimer32.zip [EOF] Sep 30,2000 01:00:08AM ck OK button ..... there you're registered.