Autor: DarkWolf 	icq :12047136
Mail:darkwolfhp@hotmail.com

Best Viewed on a paper, or Notepad Maximized with WordWrap

Intro
~~~~~

Hey! Welcome! This is my first tutorial. Sorry for my bad english!
In this tutorial i'll teach u how to start cracking, with my small crackme( Mailme if u want the source in C++Builder1).

Tools
~~~~~
To crack, u need some tools. Look in w3.to/protools if u need to get them.
Disassembler (Prefer Windasm 8.9, easier to use)
PS: Read in the end of this tutorial how to prepare windasm.
Hex Editor (Hiew, small and good)
DWcrkme1.exe (My little program, that u gonna crack!)

Cracking!!!
~~~~~~~~~~~
I use windasm, if u use another disassembler, u cannot see the same things that i wrote.
First of all, we need to study the target.. Open. This is a text box, a little text and a button. Write anything and hit okay. One message appears. Write it down for later use. Close it and open the DWCrkme1.exe on Windasm. I need to tell in what menu do u need to clik?
I gonna tell ONE time and i don't tell again. Clik on Disassembler, Open file to disassemble. Wait....................................... Okay. Now clik on Refs (References), String Data References. Look for that message that u wrote down (Invalid Serial). 

-------------------------------------------------------------------------------------------------

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401451(C)  *----> VERY IMPORTANT! This address contain a call that jump to here 
|
:0040149E 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"OPS"
                                  |
:004014A0 685B144300              push 0043145B

* Possible StringData Ref from Data Obj ->"Invalid Serial" -> The "ops" message
                                  |
:004014A5 684C144300              push 0043144C *->You stop here
:004014AA 6A00                    push 00000000

* Reference To: USER32.MessageBoxA, Ord:0000h

-------------------------------------------------------------------------------------------------

Look at this:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401451(C)  
|

Now, 2 cliks on the address. This action goes to the address.

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004013C3(C)
|
:00401439 8945D0                  mov dword ptr [ebp-30], eax_______
:0040143C B83C134300              mov eax, 0043133C                 \
:00401441 E826860200              call 00429A6C                     | - Do a lot of things :-)
:00401446 C745C801000000          mov [ebp-38], 00000001           /
:0040144D 837DC800                cmp dword ptr [ebp-38], 00000000/
:00401451 754B                    jne 0040149E ******Interesting*******
:00401453 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"Congratulations" ---> I need to say?
                                  |
:00401455 683B144300              push 0043143B

* Possible StringData Ref from Data Obj ->"You cracked the program!!!"
                                  |
:0040145A 6820144300              push 00431420
:0040145F 6A00                    push 00000000

Now i gonna tell what u need to do....see that jne? (i marked with *********s) The jne means Jump if not Equal HexValue: 75 or 0F85. Do you understand what happening there? The program *"Calculate" the serial. After this, it compare the correct serial with your serial. If not equal, show to the "ops" message. If equal, show the Congratulations message. We only need to cut off that jne and dont place anything there. But, if we dont place anything, the program will dont work, so we need to replace with another function. So dont worry :). Exist a function called NOP (No operations HexValue: 90). This function do nothing! Okey! We need to replace jne with nop! How to do this? You are asking now. We need to get the offset. Place your little blue bar over the jne. Your bar is green now. If dont, u are in the wrong place. Look at the Status Bar:

Line:907 Pg 18....blablabal......... @OFFSET 00000A51h in File: DWCrkme1.exe

The offset is A51. Write down.(forget the zeros and the h. The h only means Hexadecimal.) Close windasm and open the hiew, search for the file and hit enter. Do you see a lot of shit. Press F4 to see the mode. Select Decode and hit enter. Now, press F5 (Goto offset) and enter the offset . Wow! Look at the jne! Now press F3 to edit and place 9090 ( You need to do this because you need to supply all bytes. If you don't do this, the program will not execute.) Now Press F9 to save and F10 to exit. Execute the program and enter any serial. WOW! You did it!!!! Congratulations!!! You cracked!! Now you know the basics of cracking. With these techniques, you can crack a lot of shareware programs of the net! Good luck and wait for my second translation!

*********************************HOW TO PREPARE WINDASM FOR USE**********************************

If this is your first time running windasm, you need to setup somethings. 

1: Run Windasm
2: Click on Disassembler, Font, Select font and select your favorite font.
3: Click on Disassembler, Font, Save Default Font.
4: Go up on the text to start cracking!!!!

*************************************************************************************************

Enjoy

DarkWolf