			Tutorial Number 26

Written by Etenal Bliss
Email: Eternal_Bliss@hotmail.com
Website: http://crackmes.cjb.net
         http://surf.to/crackmes
Date written: 18th Jul 1999

Program Details:
Name: CrackMe 1 by tazdevil[4110]

Tools Used:
SoftIce

Cracking Method:
Serial Sniffing

Viewing Method:
Use Notepad with Word Wrap switched on
Screen Area set to 800 X 600 pixels (Optional)

__________________________________________________________________________


                        About this protection system

This program requires a Name/Serial to register. 

_________________________________________________________________________


                        About this tutorial

Since this is my 26th tutorial, I will presume that you have read the 
previous ones. So, my description on how to use the tools will be reduced
unless there are new methods.

This is a very short tutorial to show what serial fishing is like and
how easy it can be.

_________________________________________________________________________


				Softice

First, run the CrackMe. Type in any Name and Serial you want.

Set the hmemcpy breakpoint in Softice by typing "bpx hmemcpy". 
Exit Softice by pressing F5.

Click on the OK button to register. 

hmmm. Softice didn't pop??
What this means is that the CrackMe must have validated the serial while you
are entering the serial. This is quite common. So, since the bpx has been set,
just type in one more char for the serial.

Softice will pop.

Now, keep pressing F12 until you get to the program's code and not windows'.

After some time, you will see below.

00401766  E809B00100          CALL      0041C774	<- hmemcpy is called inside
0040176B  8D4DFC              LEA       ECX,[EBP-04] 	<- thus you land here
0040176E  51                  PUSH      ECX
0040176F  8D45F8              LEA       EAX,[EBP-08]
00401772  BA78563412          MOV       EDX,12345678
00401777  E8B8990300          CALL      0043B134
0040177C  FF45F0              INC       DWORD PTR [EBP-10]

once you see this place, if you were to type "d eax", "d ebx" or 
other registers, every time it changes, after the call at 00401777, 
you will see ecx and edx changing colour which means that the value they 
contain have changed.

type "d edx" and you will see your correct serial in the data window.

CrackMe Cracked!

__________________________________________________________________________


                             Final Notes

This tutorial is dedicated to all the newbies like me.

My thanks and gratitude goes to:-

All the writers of Cracks tutorials and CrackMes
and also to all the crackers that have been supporting my site and project forum.