|
|
|
|
|
|
|
|
|
|
||
|
||
|
|
There is a crack, a crack in everything. That's how the light gets in. |
|
One of the main reasons I choose this program to *crack* was because I recently downloaded it with a tutorial on how to crack this program already attached to it so I knew I could check my results with it once I had finished cracking it ( instant feedback! ).
I can assure you I didn't peek at this tutorial UNTIL I was satisfied that I had cracked this program..:)
On Successful registration Start Clean creates the following entries in your System Registry file:-
HKEY_CURRENT_USER\Software\Start Clean\Configuration
Name=
Code=
|
Press the 'REGISTER' button and a small registration window will pop-up asking you to enter your name and the registration code associated with your name.
For the name I typed: The Sandman
For the registration code I type: 7777777
If you press the OK button you will be told that is code was incorrect.
Right, once you have entered a name and fake registration code press Ctl-D to start up Softice. We have a choice of possible breakpoints we can use, ranging from BPX hmemcpy to BPX lstrcmpA but I choose instead to use:-
BPX getdlgitemtexta because I wanted to see where in the program the 'Incorrect Code' pop-up box appeared so that I could then back-trace a little to see if there was a un-conditional jump of some sort close by.
OK, you've typed BPX getdlgitemtextA into Softice so now all you do is type: x to leave softice and continue running Start Clean. Now press the OK button and wham, were back into Softice where it has encountered our breakpoint at the beginning of the USER32.DLL getdlgitemtexta function.
Press F11 to have Softice finish executing this function and return us to where in Start Clean where this function was originally called from.
Take a look at the following snippet of
code, it's a goldmine for a number of patches,cracks we can do to this
program.
:004011A7 6805040000
:004011AC 57 :004011AD 8B35D8924000 :004011B3 FFD6 :004011B5 8D442410 :004011B9 6800010000 :004011BE 50 :004011BF 6806040000 :004011C4 57 :004011C5 FFD6 :004011C7 6830604000 :004011CC 6830614000 :004011D1 E8AA000000 :004011D6 8D442418 :004011DA 83C408 :004011DD 50 :004011DE 6830604000 :004011E3 FF1520924000 :004011E9 85C0 :004011EB 0F8580000000 |
push 00000405
push edi mov esi, dword ptr [004092D8] call esi ; We land here! lea eax, dword ptr [esp+10] push 00000100 push eax push 00000406 push ed call esi push 00406030;Stores the real RegKey push 00406130 ;Stores your name call 00401280 lea eax, dword ptr [esp+18] add esp, 00000008 push eax push 00406030 Call dword ptr [00409220] test eax, eax jne 00401271 |
When we return from our BPX getdlgitemtexta function we land on this line:
:004011B5 8D442410 lea eax, dword ptr [esp+10]
If we now press F4 we can see that we have stopped before the 'Incorrect code' window box has been shown but at this point we can't be sure if the actual registration of our fake code has been processed yet, so press F4 once more to return to Softice and lets process a few more lines to see what happens next.
Now press F10 nine times so that we land on this line:-
:004011D6 lea eax, dword ptr [esp+18]
lets type: d 406030 or D eax
Bingo!, here's what our fake registration
should look like, in our example it shows: 2160-20646-2421-469
(Please don't register this program using this registration code, use one
of your own).
If we now type: d 40630 this should show the name we typed into the registration screen in Start Clean, which was 'The Sandman'.
We can now type in Softice: bc * which will clear our Breakpoints then type: x to exit Softice and re-run the Registration Screen with our correct registration code.
Remember earlier I mentioned that the above
code snippet was a goldmine for patches and cracks and that this program
came with a cracking tutorial made by someone else?, well, if you go here
you will see the approach taken by this author ( Qapla ) where he cracks
this program using the lstrcmpA function
and which, is also shown in the above code snippet.
|
|
|
If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.
Next | Return to Essay Index | Previous |