Start Menu Cleaner v1.2 - (14k).
Welcome to a small tutorial for newer reversers on the subject of HEX editing with Hiew and generating a patch with GPatch, you'll find both of these programs available for download on my tools page. You should also download the very small program I'm going to use for all of my new reversers guides from the URL above.
I'll assume that you have read the tutorial on how to reverse this piece of software and that you are aware that the instruction shown below is the controlling good_guy/bad_guy check, you should understand that we don't want the program to ever 'jump' at this instruction.
:004011EB JNZ 00401271 <-- Jump_bad_code.
So lets begin. Firstly make a spare directory on your HD and copy the original unedited file (startcln.exe) and GPatch.com to it, now rename the original file to startcln.bak. You will also need to create a small file named GPatch.txt which is used by GPatch as a banner file, so just create a simple text file with Start Menu Cleaner v1.0 crack by ..... in it (if your any good at ASCII art then you can obviously use it as part of your patch).
The next thing to do is find the values of the bytes we need to patch, for this you can use SoftICE live but I prefer W32Dasm. After disassembling the program with W32Dasm, place the highlight bar directly over the JNZ 00401271 instruction, and press the button Code/Hex, you should then make a note of the top line of numbers (bytes), in this case.
0F 85 80 00 00 00 8D 44 <-- This is the HEX for the instruction JNZ 00401271, 8D and 44 form part of the next instruction.
Lets now close the disassembler and use Hiew. Place the original startcln.exe file in the hiew directory on your HD (not the copy you renamed I hasten to add), (I'm afraid if you can't copy, rename or understand files in DOS then reversing is not going to be your forte). Now type >hiew startcln.exe obviously from a DOS prompt.
The file will now be opened in Hiew, so lets change the viewing mode by pressing F4 and select HEX with the arrow keys. Now lets search for the bytes we noted by pressing F7 and typing the numbers, press Enter when complete. Hiew will now locate those bytes, so lets change the mode once again to Decode with F4. Now we want to change this instruction so that it never jumps, so lets use the NOP (no operation) which is 1 byte long and 90h. Note our instruction is 6 bytes long so we will need 6 NOP's for an equal swap.
So in Hiew lets change the mode to edit mode with the F3 key. Now write over the 0F 85 80 00 00 00 with 90 90 90 90 90 90, when complete press F9 to save the changes to disk and F10 to exit, note how each NOP goes on a separate line as each is a valid instruction. Be very careful when HEX editing, changing the wrong bytes is a very common error amongst newer reversers.
Now launch your newly edited version of Start Menu Cleaner and check that it does indeed except any registration code, then copy the file to the directory where you placed GPatch and startcln.bak earlier. Now from the DOS prompt you should type >gpatch startcln.exe, this will then generate the file patch.com which you can now distribute to those around the web less intelligent than yourself.