Disclaimer:
All the information provided herein is thought for educational
purposes only! YOU are responsible for your actions not me!

2nd Tutorial by ThaMinder

		       Tutorial About Cracking Serialz
                      ----------------------------------

Where to get the shit software:

http://www.crackstore.com  <-- Get WDasm and Hiew there
http://members.xoom.com/ThaMinderX/picshow.zip  <-- our example prog.

Explanations to the progs u need:
----------------------------------------
Wdasm   --> is a Disassembler. Be sure you'll download version 8.9 or higher!
Hiew    --> Hackers View is a HexEditor. You can also use another one but
            I'll explain everything with Hiew.
picshow --> Our example prog.


The ASM-Knowledge you need
----------------------------------------
ASM-Code is the code you'll see if you have disassembled a file with
WDasm. Here are the expressions and their Hex-Code you'll need:


jne  - jump if not equal			    --> 75 or 85
je   - jump if equal				    --> 74 or 84	
jmp  - jump                                         --> Not Important
nop  - no operation                                 --> 90
call - a Conditional or Unconditional fucntion Call --> No special H-Code

Let's start
----------------
First of all you have to make a copy of the PICShow.exe called 
Picshow.w32. Why?? This is the file we will load with Wdasm, the .exe
file will be cracked and if we do something wrong w have a copy of
the .exe and can try again. OK, now start the Picshow.exe and
load some images and click onto "play picshow". Shit, after every
picture such a shit infromation tells u that u are using an unregistered
copy of the prog, annoying.
OK, go back to the start mask and click onto help and then onto Registration.
A window comes up and u have to enter Name and Registration. Enter whatever
you want and click on "Register Now". Oops. A window comes up and tells us
"Invalid Registration Information" Damn! OK write it down and we can start.
Start Wdasm and open the Picshow.w32 we created before. Wait 'till the prog
has finished the disassembling process. If u now see a screen full of
any symbols don't worry. Just click on Disassembler-font and then on 
select font. I would change it to Arial. Then click on Disassembler--font
and save default font. Now it's saved. OK now it's much better.

Do u remember, you wrote down the message given to us as we entered the
Invalid Reg-Number. OK, we'll look out for the message now. Click onto
Strn-Ref, the symbol next to the printer-symbol. Scroll through the
messages and look out for "Ivalid Registration Information". Got it??
OK doubleclick on it and you will be warped directly to the place.
Scroll a little up and you'll see the text. Just scroll a little bit more
till u see a call, here it is: 
004726C6 E8EB44F9FF              Call 00406BB8
This is the call that calls the function which shows u the message.
OK remember that we don't wanna have this window. The one we wan't is
that we've successfully registered our copy. We'll No-Operate this call
with the nop-command.
Scroll as long till the bar is over the call, it will turn into green.
Now look down and you'll see something like:
Line:252961 Pg 3012 of 3656 Code Data  @:004726C8h @Offset 00071AC8h...
OK, write down the number after Offset, 00071AC8 without the h.
Well, now we will look out for the place which called the call. Scroll
a little more up 'till you see something like:
* Referenced by a (U)Conditional...
|:004724FC(C)
Got it?? OK, the number is what we need. Click onto Goto and then 
Goto Code Location. Enter the number, 004724FC and click on OK.
You'll be warped to the location we need. Do u see the j n e command??
The bar must be directly over this line, it have to be green.
jne-->Jump if not equal!! The prog checks, if the number u have
entered is right and if not it jumps to the call, we saw before.
Ok, write down the offset number, here: 000718FC w/o the h.

Well, now we have written down 2 shit numbers and we have not done
anything 'till now. Nevermind, we have to find one more Number too.
OK, think! What is our goal?? We wan't to get a message from the prog
that we have registered successful. Mmmh, we don't know the message we
will get..but...it have to something like:
registered successful
regiatration successful
Thanks for registration
Registration complete, Thanks.
Or anything like that. Ok, we'll search such a message!
Click onto Strn-Ref and search for something like that.
Here it is: "Picshow Registration Successful" doubleclick on it.
Do the same as in the first step. Search the call, set the bar ober it and
write down the offset number. Here 00071AAA

Shit, this was a lot of work. Now we can make the canges to the prog!
Close Picshow and open Hiew. Open the Picshow.exe. !!Picshow has to be
closed!! OK, but what's that?? Shit!! Nevermind!! Press F4 and then
Decode!! Ahh, much better. 
Well, we wrote down three numbers before. Two of them we will nop and
the other one we will change from jne to je, sounds easy.
Ok let's start with the calls we wrote down. The first calls the
Reg-Failed Window the other one calls the Reg-Succesful window. We will
no-operate 'em. Just press F5 and enter the Number we wrote down first,
without the h and press enter. Here it is 0071AC8.
Ok we get warped to the place now you see something like this:
E8EB44F9FF
I have to explain what it means. It's the call and every two numbers
are standing for one byte. There are 10 Numbers that means there are
5 bytes. One is E8 the next is EB then 44 and so on. Will have to
make a nop with 5bytes too! OK we know that the H-Code for nop is 90.
We have to nop with 5 bytes: 9090909090  Understood??? The Call
is 5bytes long the nop has to be as long as the call!!
OK press F3 to edit the line. Now enter 9090909090. Don't worry if it
jumps down a lign after every 90 just carry on till you have 5bytes.
Now press F9 to save the changes!

OK, we'll do the same with the other call.
Press F5 and Enter the Offset number of the other call, it was: 0071AAA
Press Enter. Here we have a 5bytes call to so just do the same as before.
Shit, it is so easy to understand and I'm sitting here writing all this
shit. Nevermind... Did it? (Press F3 enter 9090909090 and Press F9 to
save the changes)

That was nearly all!! Just one more thing! We wrote down another number,
u remember?? It was the O-Number of the jne advice. We will change
it to je so that if u enter the right Number u will be showed the
error message and if u use the wrong it will jump to the other
message that shows us the we entered the right one!! Jeaahhh.
Press F5 and Enter the Number. Here: 00718FC

OK here we are. Do u remember what I said at the beginning?? The
H-Code for jne is 75 or 85. Here it is 85, saw it.
Bring the bar over the 85 and press F3. Change it to 84 and press
F9 to save it. You remember? 84 stands for je.
If u have an 85 u change it into 84, if u have a 75 u change it
into 74.
Ok, got it?? If u have done all this changes press F10 to
close Hiew. we now have cracked the prog!! If u have done it
right!

Damn, let's see if it has worked. Start Picshow.exe 
Enter a name and a Reg-Number into the box and press Register Now!
Yeaahh, we got it, we get the message we wanted and if u now start
another Picshow the Reg-Information between the Pics is away! Great.
What a feeling!!

If it has not worked you have done anything wrong and u have to delete
the Picshow.exe and rename the Picshow.w32 to PICShow.exe and try it
again. If u do everything like I told u it has to work, I'm the best!

OK, most of the pros have protections like that, they're easy to crack.

Do the same with as many progs u can, u have to know the steps by heart.
Sometimes it won't work but don't worry try it with another prog 'cause
somes have better protections and you will have to use the MasterTool
SoftIce which I'll explain in a later Tutorial, but it ain't something
for NewBies like u!

I hope I didn't forget anything but
this tutorial took me about 3 hours and my head is a mess now.

Watch out for more tutorials by ThaMinder (that's me).
U can get them all from my homepage: http://jump.to/ThaMinder

Feel free to give this tutorial to everyone ya want.
Questions?? Write E-Mail to ThaMinder@yahoo.de

Sorry for my bad english I hope it has not been too hard to understand.

Greetings to "ByteBurn"

--------------------------------
Next tutorials will be about:

Time-limited Software
SoftIce
and whatever comes to my mind!

Always remeber: !The Knowledge Never Stops!

C ya next time
    ThaXplTMinder

Germany, 1999


















