Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Library / +HCU / 141-150.TXT < prev next >

Wrap

Text File | 2000-05-25 | 33KB | 945 lines

======================================================== +HCU Maillist Issue: 141 02/11/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: gthorne-posting #2 Subject: gthorne-posting ARTICLES: -----#1------------------------------------------------- Subject: gthorne-posting Name = +gthorne'98 E-Mail = ******************* Subject = hcuml links Message Body = i personally am not thrilled about the idea of making the hcuml repository a public link on pages it may be somewhat public already, but i think the ability for us to choose with discretion who we show it to (until of course it becomes well known and we dont have much of a choice) is quite nice at least that way it grows in a reasonable rate and remains the kind of list we want it to be, not a chatroom for just anything +gthorne -----#2------------------------------------------------- Subject: gthorne-posting Name = +gthorne'98 E-Mail = ******************* Subject = anonymizer thoughts Message Body = regarding the anonymizer discussion, both sides have valid points... 1) yes people need to learn to do these things on their own no good set of crackers/hackers can learn anything without hands on practice 2) anonymizer being relatively unique needs to be shared among us - much in the way softice has been traded some tools of the trade are too important to not give freely (but then i am biased since my way is to give freely everything i can) *) effectively what i mean by this is that some things should be shared in order to give ideas on how to do others (if you remember the way the tutorials are set out, a crack or three is done by the teacher to impart a few possibly new ideas, and the next few cracks are left for the students to complete - this is at least how hcu lessons go port switching is a basic, but has not been really shown to the newest people - so it should be an exmple for future cracks (our lessons are based on learning by example - which is then worked through like any good textbook) though no good textbook can expect to get anywhere if the basic methods are not outlined before the homework is assigned you of course can have your own opinions, but this is mine +gthorne =====End of Issue 141=================================== ======================================================== +HCU Maillist Issue: 142 02/12/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: none #2 Subject: Numega new driver? (fravia+) #3 Subject: Seen what happened to Sharp's server... #4 Subject: SmartKey ARTICLES: -----#1------------------------------------------------- Subject: none Hi, did someone here investigated how to reverse-engineer programs made from portable script-languages like TCL/TK? Is there any essay etc. available about this? The most programs for source-code browsing (like SourceNavigator/Imagix) are written in TCL/TK. -----#2------------------------------------------------- Subject: Numega new driver? (fravia+) Anyone knows anything about this? later fravia+ begin forwarded by fravia+ to +HCU maillist ---- I was having a problem getting SIW to work with a new video card and, in the course of discussions with Numega tech support, I found that they have a new driver which uses Direct Draw to draw the Softice screen. They claim it resolves most of the driver issues with the new cards. As usual, this will be an add-on costing $$$. I haven't started looking on the net for it but wondered if you had heard anything about it? I have a secondary system that I can setup to use SIW but I prefer my *comfortable* system, near the fireplace and the refrigerator where I can chill my martini's<g>. Vic Baron ---- end forwarded by fravia+ to +HCU maillist -----#3------------------------------------------------- Subject: Seen what happened to Sharp's server... the urgence and necessity of OUR OWN servers (outside the States, of course) is clear. Any solution/idea? Later fravia+ -----#4------------------------------------------------- Subject: SmartKey Hi ppl! I'm cracking a 16 bit proggie, that uses a dongle called 'SmartKey' you can find their homepage at: **************************************** This proggie i'm taking about is Slovenia proggie and it's protected with some kind of 'SmartKey' Searching for a string 'Smartkey' i found 4 files containing this text: Main executble Help file of that exe Keyp.sys 18720 bytes long NSKEYSRV.NLM 37770 bytes The target is looking for the presenca of this key on the printer port or on the novel server. If the key is not present the program notify us and exit.. Then i try to debug it with SoftIce.. i set a bpio on printer port and after some F12 it allways freezes my machine so i must do a hard reset... Does anybody knows ANYTHING about this key or could give me a hint or another approach to this target? ThX! Pero =====End of Issue 142=================================== ======================================================== +HCU Maillist Issue: 143 02/13/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: link to the repository #2 Subject: cracking.net down - gthorne #3 Subject: none #4 Subject: gthorne-posting ARTICLES: -----#1------------------------------------------------- Subject: link to the repository Hi +Fravia! I think the best place for a link to the repository would be beside the manhcu link of the list on your link pages. Bye Zer0+ -----#2------------------------------------------------- Subject: cracking.net down - gthorne its official - in case you havent heard - the ASP (association of shareware professionals) shut down **************** what with my gateway page and my primary email going down due to hacking a couple of weeks ago, and now cracking.net, this has been quite a month as always, with a ban - things will return to normal again though this one is one of the larger setbacks, especially since this means that the ASP seems to have found some power in the legal arenas now in this time of anticracker/hacker witch hunts i guess i have to make a new sig again... (orcpaks are untouched and are stull available to anyone who needs them - since that site is not in the usa) watch your backs - apparently there are more of these things cropping up - as well as some lawsuits creeping about, and i dont want to see you guys in bad situations +gthorne /**************************************************\ Greythorne The Technomancer WebSite: ***************************** OrcPaks: ****************************************** \**************************************************/ -----#3------------------------------------------------- Subject: none Hello fravia/Vic Baron, > I was having a problem getting SIW to work with a new video card > and, in the course of discussions with Numega tech support, I found > that they have a new driver which uses Direct Draw to draw the > Softice screen. They claim it resolves most of the driver issues > with the new cards. As usual, this will be an add-on costing $$$. AFAIAA, this is not an add-on, but a part of SoftICE 3.2 - but you *must* have the MS DirectX 5.0 drivers installed in order to use it. Instead of taking up a text mode window it just fills a resizable text window on the screen (you can still see the other windows but you can't interact with them). To use this mode set up SoftICE 3.2 and select the generic SVGA driver support (there is a little checkbox), but first make *certain* you have the DirectX 5.0 drivers installed. If you use another version of SoftICE, then I am not sure... Cya, +ReZiDeNt -----#4------------------------------------------------- Subject: gthorne-posting Name = +gthorne'98 E-Mail = ******************* Subject = life dont talk to me about life Message Body = well folks - i have finally gotten entirely frustrated at the way the systen is going and have done what i said i would never do... ....use email and web forwarding my new site is in norway (thanks to a friend there) and my net address is ***************************** my email forever will be ******************** (for now it forwards to ******************* but since the hacking a few weeks ago and the shutting down of cracking.net, i have lost 2 websites, over 2mb of email and my patience) i guess it was a long time coming. i am going to take a bit to redo my site so it may be pretty lame for a little while meanwhile, take care all +gthorne'98 =====End of Issue 143=================================== ======================================================== +HCU Maillist Issue: 144 02/14/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: gthorne-posting #2 Subject: none #3 Subject: gthorne - correction regarding SPA #4 Subject: hcuml page #5 Subject: Numega #6 Subject: ban #7 Subject: VB Cracking ARTICLES: -----#1------------------------------------------------- Subject: gthorne-posting Name = +gthorne'98 E-Mail = ******************* Subject = its official Message Body = i have set up the new location for the site in norway Virtual: ****************************** which forwards to: Actual: **************************************** i will try to bring it up to its former useful status as soon as possible take care all -----#2------------------------------------------------- Subject: none Hello fravia/Vic Baron/+ReZiDeNt, first I want to excuse me that there is no subject if I send a posting (this seems to be stripped of by the remailer) and second there is no tag from me (this seems to be stripped of too....) The last two postings (with no response yet :-( dealed with the FlexLM stuff and the TCL/TK problem. However, back to SoftICE: >AFAIAA, this is not an add-on, but a part of SoftICE 3.2 - but you >*must* have the MS DirectX 5.0 drivers installed in order to use it. [MUSO] It's a feature of SoftICE 3.2 but you don't have to have DirectX 5.0. It works if your graphic-card is supported (which applies to the most newer graphic-cards). I have the stuff running under NT 4 with SP3, no problems. >Instead of taking up a text mode window it just fills a resizable >text window on the screen (you can still see the other windows but >you can't interact with them). [MUSO] Yep, but I don't think you can resize is it completely, only the devision of the sub-windows used by SoftICE... -----#3------------------------------------------------- Subject: gthorne - correction regarding SPA Message Body = my source didnt inform me quite properly the other day it was SPA not ASP (heh) the software pirace assholes (or is it association?) you know the guys... with their silly 800 number and online postings... sorry about the error (heh) +gthorne'98 the fallable -----#4------------------------------------------------- Subject: hcuml page Hi +Fravia! Hi +All! :) > +Zer0, +Malattia, > d'you want me to link to the hcu maillist repository? Well, it would be nice IMO... :) > If so, d'you want me to do it in BEST/MIDDLE/NOT EVIDENT position? > This could boost cracker partecipation and/or boost lamers, I dunnow. UHmm... I think the best thing to do is to make it NOT so visible... I don't want to be too elitist, but I don't really like too many lAm3rZ visiting my page... just don't want to attract too much attention :) Also, the +hcu ml page is still unlinked from the main one, and I don't know if the guys at Fortunecity will be happy to know this... so, I know that this could be VERY useful for everyone, but you, +Fravia, have really A LOT of hits and I'd like to have only a "selected" part of your users in the ml page... Tell me if you agree... If +Zero agrees too, we can also move the ml email address (now in your page) to the ml page, so only the ones who solve your "riddle" can subscribe the ml (otherwise, everyone who subscribes can access the ml page only reading the header of the issues :)) A last thing for all the ml guys: I know that 400 accesses in 1 month and a half are not so much, but I'm very proud of my main page (to reach it just visit the ml page and cut away the .htm name :)), also because it's UN-LIN-KED!!! If you visited it... THANK YOU! And... hey, if you find it useful, TELL ME, I'm not having any feedback and I've got LOTS of new links to add/update but I don't know if anyone (apart from some "link suckers") is interested... I swear you, I'm not interested in stalking you, I don't really mind who you are :-P byez, .+MaLaTTiA. -----#5------------------------------------------------- Subject: Numega Has anyone gotten any of the trial stuff from Numega's site recently? They have you fill out that lovely form and then they'll get back to you. Sure does make getting their demos a little more uncomfortable. Does anyone else know where I can find BoundsChecker and SmartCheck? The Evaluation Copies of course. Joe Dark -----#6------------------------------------------------- Subject: ban Hello Everyone At my college they have ban IRC and Hotmail.com. What next! Also restricting the amount of Internet use. I would be interested in hearing from other students on this subject. Is it becoming a trend worldwide at other universities and colleges? cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** -----#7------------------------------------------------- Subject: VB Cracking So you've got all this code in front of you, telling you exactly what the program is going to do without you oven needing to think about it. How might you go about patching some of it? Is it possible to recompile the files with a VB compiler? Wouldn't it be very tricky to find the opcodes that matched what you were looking at in the source? Ok, enough questions already. Joe Dark =====End of Issue 144=================================== ======================================================== +HCU Maillist Issue: 145 02/15/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: NU once more and bannig practices. #2 Subject: gthorne testing new posting form #3 Subject: gthorne-posting ARTICLES: -----#1------------------------------------------------- Subject: NU once more and bannig practices. Hi all !!! Tough time have strucked us lately. Lots of damned exams so no time for cracking (maybe just a little ;). But lets get to the point. Hi +ReZiDeNt ! Sorry to bother You with the NU stuff. As I have read the essay on the snippets page I have realised that I have cracked the pop files earlier, but there were three things that have fooled me : no message about finishing the unpacking ;(, when i ran the program again it said that the file can not be found (i thought: damnn it has deleted the packed file when it "spotted" an attempt to crack), and the most imprtant thing : You have written in Your posting about some password dialog after getting past the keyfile check !! Got me thinking for long time ;) But the problem remains: the dos version of the package remains unpacked and the files seem to be encrypted in some way (Lee Encode Symantec Navboot.exe can be found iside the file) Have You cracked that too ??? Hi Fravia !! After the Black Friday I heve started to mirror Your fortress not tana as I did till then, and the url hasn't changed. Hi Rundus ! As I'm a first year student of informatics at politechnical university in Poland I HAVE NO ACCES to the net at school at all (can You inagine that ???) I think they'll grant it to us on the second year. But, back to banning: a friend of mine had acces to the net through the university library and he has been cut off from IRC too, but I think it is done only to save the bandwidth. Let's be serious IRC is mainly a way of wasting time, very seldom a way for gathering knowlage ;( All righty then 'nuf for today ! Cheers Ya all, and remember to use only ABM - Anything BUT Microsoft Kubak -----#2------------------------------------------------- Subject: gthorne testing new posting form Message Body = ignore this message, i am testing a form i wrote to make postings -----#3------------------------------------------------- Subject: gthorne-posting Name = +gthorne'98 E-Mail = ******************* Subject = irc and other bans Message Body = if hotmail is banned, try iname.com or go to the free site directory: ***************************** which has a link to free emailers as well, such as the free email directory: *********************************************************** there are freenets all over the place try ****************** or lonestar.sdf.org they can get you into irc via telnet once you set up your website when they did that at the university i went to... we used to have to make a copy of the irc program and do silly things like rename the irc executable to useful things like 'news' or 'edit' (anything but irc) this may sound lame, but it is enough at first glance for someone using a search on the students to fool the people scanning for you (news or anything that accesses an ip address is the most believable of course, but if that is banned as well, then you have to do something else) hopefully it will pass once they realize how useless it is to try to keep people off the internet from any institution take care and good luck =====End of Issue 145=================================== ======================================================== +HCU Maillist Issue: 146 02/17/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Interrupt-Vektor #2 Subject: Ban ARTICLES: -----#1------------------------------------------------- Subject: Interrupt-Vektor It seems to me as if Interrupt-Hooking was a veryommon practice in copyprotections for DOS... Can somebody point me to info on how to do it and how to counteract it ? In Windows, you have that nice jumptable to all Win32 functions, I guess hooking a vektor would be quite similar to overwriting one of these jmps with a jmp to your own code ? HalVar+ ______________________________________________________ Get Your Private, Free Email at ********************** -----#2------------------------------------------------- Subject: Ban Hello everyone Hello Kubak >> Let's be serious IRC is mainly a way of wasting time, very seldom a way for gathering knowlage ;( Yes I agree, but IRC can be entertaining at times. I have opened other Email accounts, Netaddress, etc. With regards to hotmail.com I can access it at my local public library (restricted to 1 hour of Internet use ). So I have not worried about changing HCU mail receiving address. cheers Rundus ______________________________________________________ Get Your Private, Free Email at ********************** =====End of Issue 146=================================== ======================================================== +HCU Maillist Issue: 147 02/18/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: interrupt vectors #2 Subject: HCUML repository ARTICLES: -----#1------------------------------------------------- Subject: interrupt vectors Message Body = Halvar, the only essay i have seen in a long time on interrupt vector hooking is in the orc tutorials themselves the vector space is just a table of jump locations (vectors being the name for that) which is called by an interrupt. each interrupt has its own jump in the table, and by doing a little math on the interrupt number itself you know the location of the corresponding vector the reach for the skies program is one of the ones that uses vectors to point at a protection (by setting a tsr before the program runs, you can point the vector at a new location past the protection) kinda funny that the protections can be defeated so easily - because the protections involved are often self checksumming or even rewritable code so you cant patch the program without serious reverse engineering - so basically you patch the vector instead on the fly (change memory as the program runs instead of altering the program if i was too cryptic in my answer above) since the orc tutorial on the subject discussed it, but showed no completely working model, i put together full assembly source for a tsr vector patcher for 'reach' in the orcpak on my site ....so you can see what is being done effectively this is no different from cracking a file and hex editing it, only that you crack the file and tell your little tsr to hex edit it instead i am sure there are plenty of uses for this type of crack patch still, but in my opinion - programmers are kind of lazy in the dos world of protectionism now, and the windows world requires different methods entirely i hope this helps, and if anyone knows of any other information on the subject for halvar to read, please post it would be interesting to see if anyone can make a windows on-the-fly patcher to solve some of the selfchecking windows apps that are sure to become more prevailent in the near future razzia and madjester could easily i am sure, but then they have been writing win32 apps in asm using the debugging api i am going to be playing with writing win32 apps in asm myself soon - though it is tedious, i am quite impressed with the idea and besides, program a fe and win cracking gets so much easier when you actually put your own code to work instead of simply following someone else's take care all +gthorne -----#2------------------------------------------------- Subject: HCUML repository I believe that the hcuml repository link should be made public. I think that few people other than crackers would be interested in this anyway so having this more accessible can only move cracking forward. I think that the mailing list degenerating into a "plz crack this" forum is a genuine concern, but the mailing list repository doesn't give the ability to post to this mailing list. I hope that Zer0 also has adequate ability to filter out unwanted spammers so this may not be so much of a problem. BTW, is there a problem with the repository? The last few ZIP packs don't seem to be linked properly. ~~ Ghiribizzo =====End of Issue 147=================================== ======================================================== +HCU Maillist Issue: 148 02/21/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: none ARTICLES: -----#1------------------------------------------------- Subject: none hi +BIGjim here. this isnt really a cracking article, but I have a pretty important announcement on a virus going around by email; DO NOT OPEN ANY EMAILS THAT SAY " JOIN THE CREW " BECAUSE IT WILL ERASE YOUR HARD DRIVE. DO NOT OPEN ANY EMAILS THAT SAY " RETURNED OR UNABLE TO DELIVER " BECAUSE IT WILL RENDER YOUR COMPUTER COMPONENTS USELESS. this info was supposedly released by Dan Korey/Markham/IBM on January 28/98. i wonder what happens if you get a letter like this in hotmail? maybe it screws the hotmail system? from a +HCU Trainee +BIGjim =====End of Issue 148=================================== ======================================================== +HCU Maillist Issue: 149 02/22/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: Files in the repository #2 Subject: Re: +HCU ML Issue 148 ARTICLES: -----#1------------------------------------------------- Subject: Files in the repository Hi +Ghiribizzo! Hi +All! :) > BTW, is there a problem with the repository? The last few ZIP packs don't > seem to be linked properly. Yes, I'm sorry but I didn't realize it immediately... The new file manager of Fortunecity strips away the "-" character, so the html and the zip files were not linked properly... of course, i didn't realize it until wlc (THANX!) mailed me... now I've renamed them and I think they should be ok! PLEASE, if you find ANY error MAIL MEEE!!! :)) I think my email address is written EVERYWHERE in my page, I'll write it here too: **************** (not so hard even to guess, I think :)), so tell me if there's anything wrong, I have a little free time now until the second week of march, so I can correct my errors immediately IF you tell me... :) Ah... thank you Ghiribizzo! byez, .+MaLaTTiA. -----#2------------------------------------------------- Subject: Re: +HCU ML Issue 148 On 21 Feb 98 at 7:28, +HCU ML wrote: > this isnt really a cracking article, but I have a pretty important > announcement on a virus going around by email; DO NOT OPEN ANY > EMAILS THAT SAY " JOIN THE CREW " BECAUSE IT WILL ERASE YOUR HARD > DRIVE. DO NOT OPEN ANY EMAILS THAT SAY " RETURNED OR UNABLE TO > DELIVER " BECAUSE IT WILL RENDER YOUR COMPUTER COMPONENTS USELESS. ha ha - someone STILL believes in this??? the real e-mail virus is called 'tetagrammaton' - if you open it, it screws your girlfriend, eats the food in your fridge and empties the tires in your car. F. =====End of Issue 149=================================== ======================================================== +HCU Maillist Issue: 150 02/23/1998 -------------------------------------------------------- Send Articles To:......................... ************* Info, Help, Unsubscription, etc:....... **************** Web Repository.........................hcuml.home.ml.org ======================================================== CONTENTS: #1 Subject: JOIN THE CREW ;) #2 Subject: the 'old' pdf project #3 Subject: Pseudo residency & API hooking ARTICLES: -----#1------------------------------------------------- Subject: JOIN THE CREW ;) >>>> DO NOT OPEN ANY EMAILS THAT SAY " JOIN THE CREW " BECAUSE IT WILL ERASE YOUR HARD DRIVE. DO NOT OPEN ANY EMAILS THAT SAY " RETURNED OR UNABLE TO DELIVER " BECAUSE IT WILL RENDER YOUR COMPUTER COMPONENTS USELESS. <<< It's been a while since I received one of these. I certainly didn't expect to EVER receive one via the HCU mailing list! Although I left the virus scene many years ago, the stuff I learned from it is invaluable. I've always recommended that crackers (indeed any computer enthusiast) study viruses if for no other reason than to prevent yourself from sending embarrassing emails :) QUIZ ==== 1. Can a virus be spread by email? 2. Can a virus sent by email do something nasty just by opening the email? 3. Is it safe to copy an infected file onto the root of your hard disk? 4. Can a virus physically damage parts of your computer? 5. Can a virus infect a disk in the floppy drive if you only do a DIR on it? 6. Can a virus infect a write protected file/disk? Will there be an error message? Answers on a postcard... ~~ Ghiribizzo P.S. Your computer is now infected :) -----#2------------------------------------------------- Subject: the 'old' pdf project Hallo everybody! I'm working on the PDF project, and was starting to write stuff putting my= =20 annotations together and so, when I had this idea: Ok, the project is almost done, there's not so much left to say, and I was= =20 summarizing its aims and showing what was achieved. Then I thought 'let's= see what you all think about it, let's discuss the last open points of the project.' After all this was one of its aims, trying to work together...so what I'll finally=20 send to Fravia to publish will surely be somehow better than doing it all alone. But don't worry, I won't give you heavy homework, I'll just give you those points which appeared from my analysis to be still open, or not achieved yet, and I'll ask your opinion and so... Here we go!=20 With regards to security settings (the 1st aim), Zer0+ and others found out= =20 how to defeat most of them. But the passwords, which are encrypted (...you already know this...) and can't be found, or not easily at least. This is rather=20 useless anyway, as we'll be able to open, read and do everything else with our=20 patched Acroreader and some optional tools. >>>>>first little question here. Is=20 this true for both owner- and user-password protected files? (actually I have no user-password protected files here...).=20 2nd one, I guess all this settings can be SET only from within Acrobat,= right? Well, this are both minor problems,...just wanted to be sure... I'll move on to the second main aim of the project next time and make you= one=20 last question now: Do you think PDF could/would be a valid alternative media to HTML for use on the net (this is the final aim after all, isn't it?)??? I'll answer to this question myself too, next time... thanks for your attention, rickx =AE -----#3------------------------------------------------- Subject: Pseudo residency & API hooking Usually I don't notify this mailing list when I release something new sourcecodes. Today I make the exception because the sourcecodes I release relate to discussion letters by Fravia, Gthorne, Quine, Rcg, Halvar and myself about patching in memory - pseudo residency and ring 3 meassures. The ASM sourcecodes is a loader that loads and hooks an API function and illustrates how you can this way append your own code to API calls without modifying the target- possibly letting this code patch the target at runtime. This could be used as a mean of dodging checksums, selfencrypting targets, dongles, advanced serial checks.... Basically this can do anything a normal resident program could under DOS. I'll leave you to explore it in full. However you should be aware that the sourcecodes are not beginner stuff. you can find them on: ******************************************** On my page you can find other sourcecodes related to memory patching in windows. ************************ I hope you enjoy it Stone / United Cracking Force '98 =====End of Issue 150===================================