Well since this is my first time writing this tutorial, then I'll try not to make you disappointed,
and I assume that you've already installed SOFTICE in your Beautiful PC. And before using SOFTICE check the WINICE.DAT, make sure that you have delete the semi colons before the EXP instructions, where the USER32, GDI32, KERNEL32 are mentioned.
OK let's crAck this SHIT UP !
First a very GREATFULL THANKS goes to PHROZEN (tKC/PC) and oBLeK.
Start Teleport pro and find out the register in the HELP Menu.
Now this Proggie is asking you for a NAME, COMPANY and a CODE Enter 'OCHE SATRIANI' as NAME, 'EROTOMANIA' as COMPANY and finally '5150' as the code.Click the OK button .....................................................
It doesn't work ( GOBLOK MATAMU PICEK YO ! )
Sorry I'm just kidding. Make sure that the NAME, COMPANY & CODE is not empty, just fill it like we just did before.
Press [Control D] to start making a BREAKPOINT in SOFTICE
Type ' BPX GETWINDOWTEXTA ' ENTER it and continued with pressing F5
Now we're back in TELEPORT PRO, Click the OK button ( this time I'm not kidding ! )
bOOm the CrAckinG just BEGIN .......................................................................................................
You will see something like this in SOFTICE
Break due to BPX USER32! GetWindowTextA
Press F2 to see all of the REGISTER (
Notice the EAX REGISTER each time you press F5! )Type d eax and don forget to ENTER (You'll see our NAME)
Press F5
Type d eax again (our COMPANY)
Press F5 once more
Type d eax again (our STUPID CODE)
Now Press F11 to get the CALLER
Look at EAX = 00000004 this is the length of our CODE remember.
and look at the assembled Code in my case it will look like this :0177 : 0044BB60 CALL [USER32!GetWindowTextA]
0177 : 0044BB66 MOV ECX, [BP + 10]
0177 : 0044BB69 PUSH FF
0177 : 0044BB6B CALL 00444EA7
0177 : 0044BB70 JMP 0044BB7D
Trace along with pressing F10 until you see something like this :
0177 : 00425651 MOV ESI, 0047E7F8
0177 : 00425656 JZ 00425767
0177 : 0042565C PUSH DWORD PTR [EDI + 000000D5]
0177 : 00425662 CALL 00425FFB .................after executing this CALL, STOP pressing F10 !
Then you'll see something like this (in my case) EAX = 6ACFD791 & ECX = 00D3388C
Very suspicious ...............................?
d ECX ( what do you see ? )
d EAX ( what is this SHIT ? )
At Last Type ? EAX
6ACFD791
1792006033 --------------->>>>>>>>>>>>>>>>> This is what we are looking at
Now that you've got the REAL SN# don't forget to clear the BREAKPOINT type BC * and press F5 to return to TELEPORT PRO.
Start the Registration with same NAME & COMPANY then what happen ?
tips :
Practice a lot with this stuff and if you would like to unregister it, delete all of this key in REGEDIT
HKEY_CURRENT_USER\Software\Tennyson Maxwell
You can Downlod this Proggie at
http://www.tenmax.com
ITS OE '97 4397100xxx
Surabaja 1998 corp.
oche_satriani@start.com.au
