Tutorial Number 29 Written by Etenal Bliss Email: Eternal_Bliss@hotmail.com Website: http://crackmes.cjb.net http://surf.to/crackmes Date written: 21st Jul 1999 Program Details: Name: Execution Crackme v0.1 by The Ghost[Execution 1999] Tools Used: SoftIce Cracking Method: Serial Sniffing Viewing Method: Use Notepad with Word Wrap switched on Screen Area set to 800 X 600 pixels (Optional) __________________________________________________________________________ About this protection system This program requires a Code which is based on your name that is converted to Upper Case. _________________________________________________________________________ About this tutorial This is a very short tutorial to show what serial fishing is like and how easy it can be in VB5. The aim of this tutorial is to show you that sometimes you need not trace into all the calls you see. _________________________________________________________________________ SoftIce Run the CrackMe. Enter any Name/Code you want. Name: Eternal Bliss Code: 123456789 Go into SoftIce and set the breakpoint __vbastrcomp This particular bp is very common in VB. __vbaStrComp means String Compare thus, it does what it is named after... Comparing String. Click on Register. You will break and will see something like below... It is quite a typical tracing. So, it is beneficial if you know this piece of code well... MSVBVM50!__vbaStrComp :797C3564 8BEC MOV EBP,ESP :797C3566 53 PUSH EBX :797C3567 56 PUSH ESI :797C3568 57 PUSH EDI :797C3569 837D1000 CMP DWORD PTR [EBP+10],00 :797C356D BE00000000 MOV ESI,00000000 :797C3572 7406 JZ 797C357A (NO JUMP) :797C3574 8B4510 MOV EAX,[EBP+10] After the mov eax, type "d eax" to see the contents of eax. You will see in the data window, :00421938 31 00 32 00 33 00 34 00-35 00 36 00 37 00 38 00 1.2.3.4.5.6.7.8. :00421948 39 00 00 00 49 00 53 00-53 00 00 00 B1 E6 0F A0 9...I.S.S....... The code I typed...hmmm Continue tracing, :797C3577 8B70FC MOV ESI,[EAX-04] :797C357A 837D0C00 CMP DWORD PTR [EBP+0C],00 :797C357E BF00000000 MOV EDI,00000000 :797C3583 7406 JZ 797C358B (NO JUMP) :797C3585 8B4D0C MOV ECX,[EBP+0C] After the mov ecx, type "d ecx" to see the contents of ecx. You will see in the data window, :00520FE4 33 00 30 00 31 00 36 00-30 00 00 00 00 00 00 00 3.0.1.6.0....... :00520FF4 00 00 00 00 DC 0F 52 00-00 00 00 A0 ?? ?? ?? ?? ......R......... hmmm 30160... Looks like serial? You must know now that VB strings are always converted to w.i.d.e. .c.h.a.r.a.c.t.e.r format. Now, replace 123456789 with 30160 Name: Eternal Bliss Code: 123456789 CrackMe Cracked! __________________________________________________________________________ Additional Points Try making a KeyGen for this. __________________________________________________________________________ Final Notes This tutorial is dedicated to all the newbies like me. My thanks and gratitude goes to:- All the writers of Cracks tutorials and CrackMes and also to all the crackers that have been supporting my site and project forum.