This tutorial is coming from...

ReFleXZ '99 Url: Http://ReFleXZ99.cjb.net Email: ReFleXZ@fcmail.com

About the essay...

Written by: MiZ Date: 6th January 1999 Program name: ACDSee v2.3 Program type: Win32 Program location: Here Program filename: N/A Program size: N/A Tools required: Softice 3.2 - Debugger W32Dasm V8.9 - Disassembler Difficult level: Easy ( X )  Medium (   )  Hard (    )  Pro (    )

Introduction...

ACDSee is a great file image viewer.Best on of the best!

About the protection...

Type of protection: Name/Serial At startup you'll get a NAG,and you'll have an option to register.

The Essay...

Let's start: Ok,install the Acdsee on your computer.Got it...Ok,now fire up it. Go to the Help menu and click on About.About box appears,now click on Register Now button or what ever it is.Enter your REAL name and some fake serial like 123456789. Set bpx on GetDlgItemTextA in Softice,press OK button,press Ctrl+D once,press F11,and you should be here: :00407AAE 6882000000              push 00000082 :00407AB3 56                              push esi :00407AB4 FFD7                         call edi :00407AB6 8D44247C                 lea eax, dword ptr [esp+7C] :00407ABA 8D4C243C                lea ecx, dword ptr [esp+3C] :00407ABE 50                              push eax                            <---Your serial :00407ABF 51                              push ecx                                <--- Your name :00407AC0 E82BF8FFFF            call 004072F0                     <--- Calls the function to check serial. :00407AC5 83C408                      add esp, 00000008              <--- Correct the stack :00407AC8 85C0                          test eax, eax                           <--- Tests if EAX is less or equal :00407ACA 7E6B                          jle 00407B37                        <--- if so,then jumps to BAD code :00407ACC 8D54247C                 lea edx, dword ptr [esp+7C]  <--- else go on... :00407AD0 8D44243C                  lea eax, dword ptr [esp+3C] Now when you're at line :00407AC0 ,press t to trace the call that checks for the serial,and you'll find yourself here: :004072F0 56                                         push esi :004072F1 8B742408                             mov esi, dword ptr [esp+08] :004072F5 56                                         push esi :004072F6 C70540E04B0000000000        mov dword ptr [004BE040], 00000000 .......... :00407314 6850E44B00              push 004BE450 :00407319 E8F2BB0300              call 00442F10 :0040731E 83C40C                     add esp, 0000000C :00407321 F7D8                         neg eax Now trace the call at :00407314 and you'll be here: :00442F10 8B4C2408                   mov ecx, dword ptr [esp+08] :00442F14 81EC84000000            sub esp, 00000084 :00442F1A 8D442400                   lea eax, dword ptr [esp] .......... :00442FC7 1BC0                    sbb eax, eax :00442FC9 5F                         pop edi :00442FCA 83D8FF                 sbb eax, FFFFFFFF :00442FCD 33C9                     xor ecx, ecx :00442FCF 85C0                     test eax, eax :00442FD1 0F94C1                 sete cl        <--------We need to patch this line :00442FD4 5E                        pop esi :00442FD5 8BC1                    mov eax, ecx .......... As you can see we need to patch SETE CL into the SETNZ CL and it will be always registered.So in your favourite Hexeditor search for bytes: 33C985C00F94C15E and change to: 33C985C00F95C15E Save it.Run ACDSee and what it says: REGISTERED! Job done.

Final notes...

Greetz and thanx: McCodEMaN,DnNuke,Bjanes,The Sandman,CrackZ,+ORC,Jeff,Eternal Bliss.....and all otherz....

Disclaimer...

This tutorial is written for EDUCATIONAL purposes only. So if you want to use the program after its trial period ends please BUY IT! Support shareware(and its authors), this is our learning tool!   ReFleXZ is not responsibile for any damage caused with this essay or any of its parts. So everything what you're doing and 'experimenting' is on your own responsibile!   Also, in this tutorial you'll not find any serial numbers, so try to search elsewhere under Cracks and Warez.