ScanLine SwiftSearch 2.0						   Manson69
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Program:ScanLine SwiftSearch
Version:v2.0
URL:http://www.scanline.com
Size:58,573 bytes (zipped)
Type of Protection:Name/Serial
Difficulty:Beginner(No Keygen), Intermediate(Keygen)
Approach:getdlgitemtexta
Tools Required:Soft-Ice 3.0 or better, a C/C++ Compiler

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::Beginning Notes::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
This tutorial is being made to help people learn how to find the information needed to make a key generator and to make the key generator itself.  Normally people might do this in ASM language, but as I can not program in ASM I will have to do it in C.  This is my first version of this tutorial.  In the near future I might expand it to contain more source codes for key generators in different languages, such as ASM and Pascal.  Now enough with the notes lets get into the cracking part of this tutorial.  In this tutorial I will have a couple different approachs to cracking it.  One in which you just get a serial number and one in which we use a different approach to get what we need.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::Pre-Cracking::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Step1:Install Soft-Ice and get it configured properly.  Now that S-Ice 	is working properly we must make sure that when S-Ice loads on 	your computer it exports the right stuff.  I will provide a 	snippet of my file showing what I have exported.  To get a file 	to export you need to remove the ; before the line.  For example 	if you have the line:
	;EXP=c:\windows\system\kernel32.dll
	the file is NOT being EXPorted.  To get the file to export we 	must remove the ; from the line so that the line looks like 	this:
	EXP=c:\windows\system\kernel32.dll
	There are eight files that we need to export.  These are as 	follows:
	kernel32.dll
	user32.dll
	gdi32.dll
	comdlg32.dll
	shell32.dll
	advapi32.dll
	shell232.dll
	comctl32.dll
	Here is what the file looks like before these are exported:
	;EXP=c:\windows\system\kernel32.dll
	;EXP=c:\windows\system\user32.dll
	;EXP=c:\windows\system\gdi32.dll
	;EXP=c:\windows\system\comdlg32.dll
	;EXP=c:\windows\system\shell32.dll
	;EXP=c:\windows\system\advapi32.dll
	;EXP=c:\windows\system\shell232.dll
	;EXP=c:\windows\system\comctl32.dll
	Here is what it should look like after you modify it:
	EXP=c:\windows\system\kernel32.dll
	EXP=c:\windows\system\user32.dll
	EXP=c:\windows\system\gdi32.dll
	EXP=c:\windows\system\comdlg32.dll
	EXP=c:\windows\system\shell32.dll
	EXP=c:\windows\system\advapi32.dll
	EXP=c:\windows\system\shell232.dll
	EXP=c:\windows\system\comctl32.dll
Step2:If you plan on making a key generator you should have your C 	Compiler installed.  I used Turbo C++ v3.0.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::Cracking (No KeyGen):::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Step1:Load S-Ice and load ScanLine SwiftSearch.  Now goto the register 	screen under HELP|REGISTER.  Enter your registration 	information, but DO NOT HIT ENTER OR THE OK BUTTON YET!
Step2:Enter S-Ice and set a breakpoint on getdlgitemtexta.  Why this?  
	Well, for cracking windows programs getwindowtexta and 
	getdlgitemtexta are two common breakpoints.  I like to start out 
	using getdlgitemtexta, but that is my preferance.  Anyway 
	getdlgitemtexta is what we need.  To set a break point on on 
	getdlgitemtexta type this : bpx getdlgtemtexta
Step3:Exit S-Ice and hit the ok button.  You should now be back in
	S-Ice.  Now there were two different fields we had to enter 
	information in.  The Name and Serial Number.  Where did we enter 
	these though?  In a dialog box.  Does this get you thinking?  
	It should.  We broke on getdlgitemtexta, right?  Did you ever wonder what that stood for?  Well, it stands for get dialog item text a.  You enter you item in a box, that accepts characters, or in other dialog.  So if your light bulb hasn't clicked on yet go get a new one and stop smoking the pot!
	SIDE NOTE:How many guys does it take to screw in a light bulb?
		    One, guys will screw anything.
Step4:Ok so since it read the data that was in the FIRST dialog box, IE (not that Micro$hit) our name, we don't need to know what it does with our name, so in most cases we can skip past the first part if the code in which it calculates our correct code by just breaking on the part of the program where it reads our serial number.  Now we entered two parts of information when we attempted to register this program, our name and a serial number.  So if we exit S-Ice once, and let it break in on the program while it reads the second dialog box, what we entered for a serial number, that is right where we want to be.
Step5:Ok, we are where we want to be.  Now what?  Well, since it broke while the program was performing a function lets press F11 to get out of that function.  Now we will come up with a listing of code.  Now since there are bits and pieces scattered throughout a fairly long bit of code I will copy all the code and give comments to all the relivant code with possibilities of what it could mean in different situations.
	:00402F99 FF1544D34000   Call dword ptr [0040D344] 
	:00402F9F 8BD8           mov ebx, eax
	:00402FA1 85FF           test edi, edi 
	:00402FA3 751A           jne 00402FBF  
	:00402FA5 6A00           push 00000000
	:00402FA7 68CC7D4000     push 00407DCC
	:00402FAC 6898814000     push 00408198
	:00402FB1 FF7508         push [ebp+08]
	:00402FB4 FF1518D34000   Call dword ptr [0040D318]
	:00402FBA E903010000     jmp 004030C2
	:00402FBF 83FB0A         cmp ebx, 0000000A *
	:00402FC2 741A           je 00402FDE       *
	:00402FC4 6A00           push 00000000
	:00402FC6 68CC7D4000     push 00407DCC
	:00402FCB 6888814000     push 00408188
	:00402FD0 FF7508         push [ebp+08]
	:00402FD3 FF1518D34000   Call dword ptr [0040D318]
	:00402FD9 E9E4000000     jmp 004030C2
	:00402FDE 33F6           xor esi, esi
	:00402FE0 33C0           xor eax, eax
	:00402FE2 85FF           test edi, edi
	:00402FE4 7E0C           jle 00402FF2
	:00402FE6 0FBE4C05D4     movsx ecx, byte ptr [ebp+eax-2C] 
	:00402FEB 03F1           add esi, ecx
	:00402FED 40             inc eax
	:00402FEE 3BC7           cmp eax, edi
	:00402FF0 7CF4           jl 00402FE6
	:00402FF2 6A0A           push 0000000A
	:00402FF4 8D45E8         lea eax, dword ptr [ebp-18]
	:00402FF7 6A00           push 00000000
	:00402FF9 50             push eax
	:00402FFA E871080000     call 00403870
	:00402FFF 83C40C         add esp, 0000000C
	:00403002 3BC6           cmp eax, esi *
	:00403004 741A           je 00403020  *
Step6:There are only two parts of relivant code in this document that we need to be concerned with.  I have marked these areas with a astrik.  The first marked area compares the LENGTH of the serial number with the hex value of 0A.  Now what is the value of 0A in decimal?  Well, it is 10.  What does this mean it means that the correct code must ALWAYS be 10 characters long.  Now what if you didn't enter a serial number that was 10 digits long though?  No problem for us ingenious computer experts :) we'll just make the computer think our serial number is 10 digits long.  That is unless you want to start all over.  Good.  That's what I thought.  So you ask, How do we make the computer think our serial number is 10 characters long?  Easy, if you know how the computer tells.  That is what we need to know, so how does it?  This is how.  Here is the code we encounter:
	:00402FBF 83FB0A         cmp ebx, 0000000A 
	:00402FC2 741A           je 00402FDE       
	So, it compares the value contained in ebx, which is our serial number, to A, 10.  Now since we know or will learn right now je stands for jump if equal to, or in S-Ice je will appear as jz which stands for jump if equal to zero.  Now a computer uses the binary code system, so the flag (tells whether equal or not) Z or the flag zero can only have one of two possible values, 0 or 1, if it is 0 then it means that everything went smoothly without errors, in other words serial number length = 10.  If the Z flag is equal to 1 then it means there was an error or serial number length is NOT equal to 10.  Now which do you think we want?  No errors!  So, to fake our code being 10 characters long we must single step (F10) until we are on the conditional jump (je or jz) and then reverse the "Z" flag.  How do we do this?  Well, we type "r fl z" (without quotes), which stands for Reverse FLag Zero.  What if you don't remember if the code you entered was 10 characters long?  Well, we have two options, either one we highlight the conditional jump and then we can type a "rs" (without quotes) to look at what we entered or just look to the right of the highlighted line, if it says (JUMP <down arrow>) then your serial number was 10 digits long.  If it says (NO JUMP) then your serial number was not 10 digits long and you need to reverse the "Z" flag.
Step7:Got that?  Good, lets single step (F10) some more until we get to the code:
	:00403002 3BC6           cmp eax, esi 
	:00403004 741A           je 00403020  
	Now, what relivance could this code possibly have?  Well, that's for me to know and you to find out, but I'll be nice and show you how to do it.  Ok, we see that two values are being compared, the one contained in eax and the one contained in esi.  But what is in there?  Well, one has the correct code one has our code.  Well, lets look at the values of eax and esi by typing "? eax" and "? esi" one of them will be the code you entered and one will be the right code.  I'm not saying which is which you figure that out.
Step8:Enter the right code and you're registered.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::Cracking (With KeyGen)::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Step1:Load S-Ice and load ScanLine SwiftSearch.  Now goto the register 	screen under HELP|REGISTER.  Enter your registration 	information, but DO NOT HIT ENTER OR THE OK BUTTON YET!
Step2:Enter S-Ice and set a breakpoint on getdlgitemtexta.  Why this?  
	Well, for cracking windows programs getwindowtexta and 
	getdlgitemtexta are two common breakpoints.  I like to start out 
	using getdlgitemtexta, but that is my preferance.  Anyway 
	getdlgitemtexta is what we need.  To set a break point on on 
	getdlgitemtexta type this : bpx getdlgtemtexta
Step3:Exit S-Ice and hit the ok button.  You should now be back in
	S-Ice.  Now there were two different fields we had to enter 
	information in.  The Name and Serial Number.  Where did we enter 
	these though?  In a dialog box.  Does this get you thinking?  
	It should.  We broke on getdlgitemtexta, right?  Did you ever wonder what that stood for?  Well, it stands for get dialog item text a.  You enter you item in a box, that accepts characters, or in other dialog.  So if your light bulb hasn't clicked on yet go get a new one and stop smoking the pot!
	SIDE NOTE:How many guys does it take to screw in a light bulb?
		    One, guys will screw anything.
Step4:Ok so since it read the data that was in the FIRST dialog box, IE (not that Micro$hit) our name, we don't need to know what it does with our name, so in most cases we can skip past the first part if the code in which it calculates our correct code by just breaking on the part of the program where it reads our serial number.  Now we entered two parts of information when we attempted to register this program, our name and a serial number.  So if we exit S-Ice once, and let it break in on the program while it reads the second dialog box, what we entered for a serial number, that is right where we want to be.
Step5:You will end up in code like the code below.  The important lines of code have been marked with a astrix.  The coments next to the astrix will give a brief idea of why that line(s) is important.  In the next few steps I'll go into more detail, describing what needs to be remembered.
	:00402F99 FF1544D34000   Call dword ptr [0040D344] *Line we 								    broke on.
	:00402F9F 8BD8           mov ebx, eax
	:00402FA1 85FF           test edi, edi *Checks to see if we
	:00402FA3 751A           jne 00402FBF  *entered a serial #
	:00402FA5 6A00           push 00000000
	:00402FA7 68CC7D4000     push 00407DCC
	:00402FAC 6898814000     push 00408198
	:00402FB1 FF7508         push [ebp+08]
	:00402FB4 FF1518D34000   Call dword ptr [0040D318]
	:00402FBA E903010000     jmp 004030C2
	:00402FBF 83FB0A         cmp ebx, 0000000A *Checks to see if our 							  serial number is 10
								  characters long.
	:00402FC2 741A           je 00402FDE
	:00402FC4 6A00           push 00000000
	:00402FC6 68CC7D4000     push 00407DCC
	:00402FCB 6888814000     push 00408188
	:00402FD0 FF7508         push [ebp+08]
	:00402FD3 FF1518D34000   Call dword ptr [0040D318]
	:00402FD9 E9E4000000     jmp 004030C2
	:00402FDE 33F6           xor esi, esi
	:00402FE0 33C0           xor eax, eax
	:00402FE2 85FF           test edi, edi
	:00402FE4 7E0C           jle 00402FF2
	:00402FE6 0FBE4C05D4     movsx ecx, byte ptr [ebp+eax-2C] *Start 
										     of 									     loop
										     that
										     calcs.
										     right
										     serial
										     number
	:00402FEB 03F1           add esi, ecx *Adds name together
	:00402FED 40             inc eax *Moves to next character in 					    name
	:00402FEE 3BC7           cmp eax, edi *See's if you are at the 						   end of your name OR if it
							   has checked the first 19
							   characters of you name.
	:00402FF0 7CF4           jl 00402FE6  *Jumps if CMP is NO.
	:00402FF2 6A0A           push 0000000A
	:00402FF4 8D45E8         lea eax, dword ptr [ebp-18]
	:00402FF7 6A00           push 00000000
	:00402FF9 50             push eax
	:00402FFA E871080000     call 00403870
	:00402FFF 83C40C         add esp, 0000000C
	:00403002 3BC6           cmp eax, esi *Checks to see if your
	:00403004 741A           je 00403020  *serail number=right #
Step6:Ok, now we should break in on the line of code that reads this:
	:00402F99 FF1544D34000   Call dword ptr [0040D344]
	If we didn't break on this there is probably a problem, your best bet then is to start from Step1 and try again.  The offset (the fisrt 8 characters after the colon should be the same.)  Ok, now the first important bit of code we will find, if we single step (F10), a bit is this:
	:00402F99 FF1544D34000   Call dword ptr [0040D344] 
	:00402F9F 8BD8           mov ebx, eax
	:00402FA1 85FF           test edi, edi <
	:00402FA3 751A           jne 00402FBF  <
	Ok, now lets ask our selves, why would this be important?  Well, there is one way to find out, lets have a look at what is in edi.  Lets do this by typing "? edi".  Hmmm, it has a value of 1-19.  What could this number possibly mean?  Well, lets see if we can get that light bulb working.  Ok, well, lets see, we didn't enter 19 for a serial number, if you did it isn't the relationship that we need.  Well, lets see does it have anything to do with my name?  Well, actually it does!  Now, we I first tried to register this program I used the name "Manson69 [ME'97/C4N]".  That is a total of 20 characters, including the spaces.  Wait though, I said that the number would only go up to nineteen.  Well, lets just keep this tidbit of information in the back of our minds, and we'll see if it is really relivant.
Step7:If we continue to single step some more we'll see something like this: (relivant code marked by and astrik)
	:00402FA5 6A00           push 00000000
	:00402FA7 68CC7D4000     push 00407DCC
	:00402FAC 6898814000     push 00408198
	:00402FB1 FF7508         push [ebp+08]
	:00402FB4 FF1518D34000   Call dword ptr [0040D318]
	:00402FBA E903010000     jmp 004030C2
	:00402FBF 83FB0A         cmp ebx, 0000000A *Checks to see if our 							  serial number is 10
								  characters long.
	:00402FC2 741A           je 00402FDE
	Another check, this time a CMP.  It compares some value in ebx to the hex value 0A.  Why would the program do this, lets find out what is in ebx and see if that helps answer the question.  Type "? ebx" and see what it says.  Hmmm, another value.  Lets see where could this work.  We know that our name was already checked, so maybe this could have something to do with our serial number.  What do you think?	Well, if you said yes you're right.  If you look it has the value realting to how many characters long your serial number is.  This is very important!  It means that our code must be 10 digits long!  If your serial number that you entered is not 10 digits long then highlight the je (jz) conditional jump and reverse the z flag with "r fl z".
Step8:Let's continue to single step through this code.  The next bit of important code is this:
:00402FC4 6A00           push 00000000
	:00402FC6 68CC7D4000     push 00407DCC
	:00402FCB 6888814000     push 00408188
	:00402FD0 FF7508         push [ebp+08]
	:00402FD3 FF1518D34000   Call dword ptr [0040D318]
	:00402FD9 E9E4000000     jmp 004030C2
	:00402FDE 33F6           xor esi, esi
	:00402FE0 33C0           xor eax, eax
	:00402FE2 85FF           test edi, edi
	:00402FE4 7E0C           jle 00402FF2
	:00402FE6 0FBE4C05D4     movsx ecx, byte ptr [ebp+eax-2C] *Start 
										     of 									     loop
										     that
										     calcs.
										     right
										     serial
										     number
	:00402FEB 03F1           add esi, ecx *Adds name together
	:00402FED 40             inc eax *Moves to next character in 					    name
	:00402FEE 3BC7           cmp eax, edi *See's if you are at the 						   end of your name OR if it
							   has checked the first 19
							   characters of you name.
	:00402FF0 7CF4           jl 00402FE6  *Jumps if CMP is NO.
	What seems weird about this jl jump?  It jumps back in the code!  It's a loop.  What is usally done in a loop?  A code is calculated.  We've just found where the program calculates the code!  We must now figure out what is contained in each register at the beginning of the loop, before you run through it.  Also we must know exactly what each step of this loop does.  Let's see the first line of code is this:
	:00402FE6 0FBE4C05D4     movsx ecx, byte ptr [ebp+eax-2C]
	Hmmm, what is in ecx?  Let's do a "? ecx" to find out.  If we look in the ASCII column we see a letter or number.  THINK.  It's the first letter/digit of the name we entered!  Now what is in the memory location [ebp+eax-2c]?  Let's do a                "d [ebp+eax-2c]".  It  contains our name!  On a piece of paper, where you should have copied this whole loop down, next to this line put that ecx has the first letter of our name and that [ebp+eax-2C] has our whole name.  Ok, lets F10 once and goto the next line: 
	:00402FEB 03F1           add esi, ecx *Adds name together
	Ok what is in esi?  Lets see by doing a "? esi".  It is 0 right now.  If you remember ecx contains the first character of our name.  It adds it to esi.  That means after this is done esi will have the first character of our name.  Jot this information down and F10 once.  The next line of code is this:
	:00402FED 40             inc eax *Moves to next character in 					    name
	It increases eax by one.  Why would it do this?  Remember back in the first step?  Our name was kept at [ebp+eax-2C].  It increased eax.  THINK.  It advanced to the next letter of the name!  The next line of code is this:
	:00402FEE 3BC7           cmp eax, edi
	What is in eax?  Lets to a ? eax and find out.  It has a value of 1.  Hmmm, could this possibly be because it had just went through the loop one time?  Guess what, that's it!  Ok what is in edi?  A number, 1-19.  Hmmm, so when eax = edi it stops going through the loop.  Hmmm, remember back when edi was equal to the length of our name up to 19?  This has to be one of the most important pieces of code.  It means that you name can be as long as you want, but it will only take into account the first 19 characters of it.  That is about the whole code that we need to make a key gen, so lets get to it.
Step9:The key gen.  With this tutorial there is the source code for this key gen in ASM, C, and Pascal.  I can only give you comments to the C as that is all I can program in.  I'll copy the whole source code and give little comments about what each line does.
<--------------------------CUT HERE---------------------------------->
#include <stdio.h>   //This and the next two lines set variables                
#include <string.h>  //needed by certain functions of this keygen.
#include <mem.h>     

int main()   //This tells the computer that this is where the code        //starts
{            //Anything within this the computer performs
   char name[100];  //This intializes the variable name and can hold               //101 chars
   int offset = 0;  //This intializes the variable offset with a                     //value of 0
   int code = 0;    //This intializes the variable code with a value               //of 0
   memset(name, ' ', strlen(name));  //This empties anything that is                                //in "name"
   printf("ScanLine SwiftSearch 2.0 crack.\n");  //Prints that line
   printf("Cracked By: Manson69 [ME'97/C4N]\n"); //Prints that line
   printf("Please enter your name: ");  //Prints that line
   gets(name);  //Prompts the computer to ask the user for a name
   for (offset = 0; offset != 19; offset ++)  //tells the computer to                                         						    //loop until offset = 19	
   {  //Start of loop
	code = name[offset] + code;  //Adds first 19 letters of name 				     //together
   }  //End of loop
   printf("Your Serial Number is ::: %010d ", code);  //Displays the 							      //correct
						                  //serial number
   return 0;  //Tells the computer the program executed with no errors
}  //Singals end of program
<--------------------------CUT HERE---------------------------------->
;.dosseg                                                 
.model small                                            
.stack 100h
.386
.data           
hello   db 'Please enter your name here : $'            

uprint  db 0dh,0ah,0dh,0ah,'Your registration code is : $'
;the next 3 lines are for getting input and the params it has to meet

maxkey  db 40                           ;maximum characters-set to 20
charinp db ?                            ;not surehow many characters we are going to type
;serinum    db 40 
;serinp  db ?
buffer  db 40 dup(0)                    ;characters r stored-there are 20 max

;key     db 11 dup(0)      
bufferb db 20 dup(0)
;nametotal db 40
;namehow db ?
;bufferc db 20 dup(0)
;key2    db 11 dup(0)
       
.code                                   ;my code begins here
start:

main    proc                            ;sets up procedure/is also the starting point
        mov ax, @data                   ;cant modify ds directly
        mov ds, ax                      ;move it into another reg first 
              
        mov ah,7                        ;attrib to scroll window, 7 scroll down
        mov al,0                        ;do the entire window
        mov ch,0                        ;this points to the upper left row
        mov cl,0                        ;this points to the upper left column
        mov dh,24                       ;this points to the lower right row
        mov dl,79                       ;this points to the lower right column
        mov bh,7                        ;normal attrib for blank lines
        int 10h                         ;call bios
        xor ax,ax                       ;make sure that ax(ah+al) are clear
              
;this next section is to set the cursor upwards in the screen
                       
        mov ah,2                        ;ah=2/int10h set the cursor position
        mov bh,0                        ;select video page 0
        mov dx,0501h                    ;cursor 5 rows down in the first column
        int 10h                         ;call bios
              
        mov ah,9h                        ;ah=9/int21 dos function print to screen
        mov dx,offset hello             ;points to where data hello is stored
        int 21h                         ;dx points to it or it wont print
                             
        mov ah, 0ah                     ;ah=0ah/int21 dos procedure for asking
        mov dx, offset maxkey           ;dx has to point to the first of the
        int 21h                         ;paramaters-starts with max keys allowed
        ;int 3h                                      
                     
        call calc
                
        mov ax,4c00h                    ;termination string
        int 21h                         ;go bye bye
                
        main endp

    
calc    proc
        xor eax,eax
        xor ecx,ecx
        xor edx,edx
        
        mov si, offset buffer
        mov cl, byte ptr [si]
aa:     add edx,ecx
        inc si
        inc ax
        mov cl,byte ptr [si]
        cmp ax,13h
        je goon
        cmp cl, 0dh

        jne aa

goon:   mov eax,edx
        call convert

        ;at this point, edx now holds my serial !!!!!
        
        ret
calc endp

;this section now puts the final serial in to memory.. since it is in ebx
;we move it to eax, then do our calculations
;we also have to write it backwards in memory
;because this procedure starts with low bit and goes high

convert proc
        xor ebx,ebx
        mov si,offset bufferb
        add si,0bh
        mov byte ptr [si],'$'
        mov ecx,0ah
putnum: dec si
        xor edx,edx
        div ecx
        add dl,30h
        mov [si],dl
        inc bx
        or eax,eax
        jnz putnum
        mov ax,0ah
        sub ax,bx
        ;mov ax,bx
bbb:    dec si
        mov byte ptr [si],30h
        dec ax
        test eax,eax
        jnz bbb

        lea edx,[si]
        call write      
        ret
convert endp

;this section just prints a little stuff on the screen
;very basic

write proc


  push edx  
  mov dx,offset uprint
  mov ah,09h
  int 21h   
  pop edx
  mov ah,09h
  int 21h
  ret
write endp  
end main        
<--------------------------CUT HERE---------------------------------->
Program KeyGen;

var name:string;
var code,offset:integer;

begin
    name:='';
    writeln('ScanLine SwiftSearch 2.0 crack.');
    writeln('Cracked By: Manson69 [ME''97/C4N]');
    write('Please enter your name: ');
    readln(name);
    for offset:=0 to 18 do begin
        code:=ord(name[offset])+code;
    end;
    writeln('Your Serial Number is ::: ', code);
end.

	for offset:=1 to 10-length(name) do begin
		write('0');
    end;
    writeln(code);
end.
<--------------------------CUT HERE---------------------------------->
Final Notes:I have to thank blorght, the only female that can do this stuff, and fant0m and josephco for all the help they gave me writing this tutorial.  If you have any questions get ahold of me.  I am usally on Efnet IRC on the channel #cracking4newbies.  If I'm not there leave a message with an OP and I'll get it or e-mail me at revmanson69@geocities.com .
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
revmanson69@geocities.com						  Manson69