-----------------------------------------------------+
These informations are for educational purposes only!|
-----------------------------------------------------+

WHY PATCHING WHILE SERIAL NUMBER IS FISHY


MoreInfo v1.3.2
A Cracking Tutorial
by ASTAGA [D4C/C4A]


ABOUT THE PROGRAM 


You've just installed a new program on your computer. You'd like 
to jot down some notes you have about the installation or record 
some new features or a caution that the manufacturer told you 
about.  With MoreInfo, just right-click on the program within 
Windows Explorer and choose the MoreInfo option.
Instantly the MoreInfo Viewer pops up allowing you to enter in 
the information associated with the program while it is still 
fresh in your mind.

With MoreInfo installed on your computer, adding your personal 
comments and attaching them to ANY file in your system is just a 
simple right-click away.

Can't remember what you recorded concerning a file? No problem 
-- right-click on the file name and MoreInfo pops up with the 
information.

As an added bonus, MoreInfo also comes with a file monitoring 
program called MIM. With MIM running and monitoring your download 
directory, every time you download a new file from the Internet, 
MoreInfo will pop up automatically to allow you to enter informa
tion about the download.
Rather than having to remember what, for example, "API502E.EXE" 
was, you can attach your comments to the MoreInfo entry for that 
file and record it as "The ActivePerl version 5.02 distribution."  
Any time you want to know what "API502E.EXE" is, just right-click 
on the file and select MoreInfo.



BACKGROUND INFORMATION


Program Name: MoreInfo
(MOREINFO.EXE, MIM.EXE, ACTIVATE.EXE, DEACTIVATE.EXE, MINFO32A.DLL)
Platforms: Windows 95/98/NT
Free trial period: 30 days
Registration cost: US$10.
Current version: 1.0.0
Version date: 17-Apr-2000 
Web site: www.donth.com
Author : Joseph L. Donth



HOW TO FISH SERIAL NUMBER by USING SOFTICE


1.  Run the program, click REGISTER button and keyed-in fake
    reg code = 73881050

    Do not click OK button yet.


2.  Load SoftIce and create a new breakpoint : 

	bpx hmemcpy
	Press F5

3.  Click OK button now, and you'll break in SoftIce again.
    Press F11 once and press F12 several times until you see
    this below snippet codes. 


	__________________________________________________________________
	
	015F:00449CBA  E875F7FDFF          CALL   00429434 <== break here  
	015F:00449CBF  8B55D8              MOV    EDX,[EBP-28] 
	015F:00449CC2  8B45F8              MOV    EAX,[EBP-08] <== D EDX  
	015F:00449CC5  E82A9DFBFF          CALL   004039F4  
	........
	........ 
	________________________MOREINFO!CODE+00048CBA_____________________

 

	Break due to BPX KERNEL!HMEMCPY
	Break due to G 
 	: bd  *   [enter] 
	: BPX 015F:00449CBA  [enter] 
	: Press F10 2 times and display EDX register,  your fake reg code 
        appear in the Data Window at virtual address 0167:00BCA6B8 .
	: BPM 0167:00BCA6B8  [enter] 
	: Press X or F5


    You'll break again in SoftIce and see these below snippet codes :

	_________________________________________________________________

	015F:00403D55  8B0E                MOV       ECX,[ESI]  
	015F:00403D57  8B1F                MOV       EBX,[EDI]  <== here   
	015F:00403D59  39D9                CMP       ECX,EBX  <== D EDI 
	015F:00403D5B  7558                JNZ       00403DB5  
	.....
	..... 
	__________________________ MOREINFO!CODE+2D55  ___________________

	Break due to BPMB #0167:00BCA6B8 RW DR3 
	: Press F10  once
	: ? ecx  [enter]
	: 38383337  0943207223  "8837"  ==> part of your fake code
	: ? ebx  [enter]
	: 32373130 0842477872 "2710"  ==> part of the real code 
      : d esi  [enter]  ===> your fake code at 
      : d edi  [enter]  ===> did you see   0172-5328-0833-2286 at
 			         0167:00BC83B8 . Write down this potential 
                             reg code.  Scroll up one line above you 
                             will see your own product ID ( in my case 
                             is 5566-6193-0442-9236 ) . 
	: bd *
	: F5  to return to registration dialog box


4.  Repeat registration procedures, and keyed-in  0172-5328-0833-2286 
    as your registration code. 
    You're registered. 


5.  Where the hell is my registration info is stored ??

	-  The correct registration code is stored in the HKCR and HKLM
	   registry as follows ( before it's registered ) :

REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}]

[HKEY_CLASSES_ROOT\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\Mask]
@="58E9C6CD"

[HKEY_CLASSES_ROOT\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\ProgID]
@="008FFC"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}]

[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\Mask]
@="58E9C6CD"

[HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B84BF3A0-062C-11D4-AA01-444553540011}\ProgID]
@="008FFC"



6.  How can I practise with another registration key ?

	-  I strongly recommended you not to do this !


END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 

    More about LAMER(s):
	lamer /n./ [prob. originated in skateboarder slang]
	Synonym for luser, not used much by hackers but common among warez 
	d00dz, crackers, and phreakers. Oppose elite. Has the same connota
	tions of self-conscious elitism that use of luser does among 
	hackers.
    < SOURCE: http://sagan.earthspace.net/jargon/jargon_27.html >


 _ Never attribute to malice that which is adequately explained by stupidity _


ASTAGA [D4C/C4A] tute-moreinfo132.zip
[EOF] 10/31/00 6:32:06 PM