<pre>
		Cracking for Newbies  - by Dahood
                

Target: Advanced Image Viewer and Converter Version 1.6

Tools used: W32dasm
	    Hview
	    ProcDump32 
	    Softice

Protection: serial (keygen)


NOTE: This tutorial is not totally for newbies so i excpect that u know
1.how to use w32dasm
2.how to use hview (change,search,etc...)
3.Assembly
4.Softice

try to register and write lol or remmember the message that comes up

Disassemble the program

Right its packed and im not going to go into details i hate packed programs
when u tried to disassemble u saw
UPX0 UPX1 open it in hview and at the top it says upx 1.20
k so we know what is it packed with
for most of the packed programs i use ProcDump
open procdump and click on unpack , pick a file , pick upx ....
anyways unpack it and save the unpacked to a different name like Build.exe

check the properties of both files and see is they differe
try to disassemble the unpacked file k good...

now let search for incase u forgot "Invalid registration code!"

u cant find it or find any good strings... ok 

use softice ,the same method u use when fishing for the serial , but we dont want 
the serial we want to make it a keygen (takes any serial we want).

open the unpacked file and help -->Register
Use any name u like and any number DONT HIT OK yet

ctrl-d to get in softice
bpx hmemcpy ----> breakpoint on api (works 99.9% of the time)
ctrl-d to get out of softice

now in the register box click ok u should break and be in softice
d cx  ------> name we entered
F5
d cx  ------> number we used

ok this is what we want when it compares and jumps
F11--> to get out of the call
F10 or F12 till u see 32bit 

u should be here

:005239BA            mov  edx,dword ptr [ebp-08] d edx--number we put
F10 till 

:005239D5            call  dword ptr [edx] ---> checks and generates
:005239D7	     test  al,al
:005239d9	     je    00523a16
keep going till
00523a29             call   00452cc4 ---->calls the messagebox "wrong code"

bd 0	->disable the breakpoint 
now open the unpacked fine in ur fav hex editor and 
go to offset 122fd9 and if u dont know how to get the offset 
go to line 005239d9 in w32dasm and check the bottom
so we know that at after 
:005239D5            call  dword ptr [edx]
it cmp and it jmps to wrong 
so i think u figured it out 
Note we are not fishin for the serial

change :005239d9	     je     00523a16
to     :005239d9	     jne    00523a16
f9 and f10
now open ur unpacked file and try to register

now u can patch it...
go to line 		 

Sorry, i know this tutorial has a lot of talking but there is a lot
of thinking :)
When u cant crack it dont give up there has to be another way ALWAYS


This is tutorial # i cant remmember. i hope i didnt confuse u and if u have any question, comments
my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com

i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there 
tutorials
also a big thanks to krobar's site: http://zor.org/krobar
 
				Cracking for Newbies  - by Dahood

---------------------------------------------------
These informations are for educative purpose only!|
---------------------------------------------------
</pre>