|
-notepad maximized with wordwrap on
-tutorial no.1 written by tracer_v
-dificulty: easy/medium for newbies
-tools: SoftIce any version but i prefer v4.0 and also a BRAIN hehe
1. Hi there newbies this is my first tutorial on cracking:) and
i'd chosed
this little program because i've read the tutorial of <TeCh~LoRd>
who
cracked it with w32dasm so i think that are lots of people that
do not use
w32. i cracked this one with SoftICe. So let's get crackin' k?
2. Let's learn on how this little app works well:
-the dir has like about 217.760KB
-Swlipi32.exe 83.456KB
-we see some files not realy important i think:)
-use quick view to see the breakpoints but in our case they are
hidden :(
3. Start the porgram and a notice appears (it sucks) and our little
box with
enter password yeah!. Enter a random code e.g. 11223345 and don't
press
enter yet. Load sice and breakpoint on GetDlgItemtexta (e.g. bpx
getdlgitemtexta) we use "a" at the end because it's a
32bit app. If
something is wrong on the breakpoint introduction check the winice.dat
and
remove the quotes on:
EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\user32.dll
EXP=c:\windows\system\gdi32.dll
ok so we're on sice and press F11 and the dasm will say that we
are in
SWLIPI32 ok that's good it will show like this:
CALL USER32!GetDlgItemTextA --- our breakpoint
CALL 00401C84 --- trace this call with F8
TEST EAX,EAX --- a zero flag boolean that shows 0 (false)
JZ 00401E68 --- jump to the messageboxa Invalid password
annoucement
CALL 0401C84
.
.
PUSH 004119D8 --- not important(yeah right:)
LEA EAX,[EBP-50] --- i see something very interesting here our
data in eax remains constant after this so this
function loads our great serial number ehe test it "d eax"
and it
shows ZD6-kP8-B634
-enter our serial number and finish u've made it u realy cracked
this
application
-this is the most easy to cracked all that u need is to understand
the
protection scheme
-so what do u think was it dificult? i don't thinks so u all need
practice
and if u don't understand something pls email.
|