-----cut here------------------------------------------------------------------- Find a serial in WinXFiles 4.0 and 4.7 (with packed executable) 100% Working Tutorial!!! Target: WinXFiles 4.0 & 4.7 (other versions too) WWW: http://www.pepsoft.com Cracker: --..__J_o_h_n_n_y__A_U_M__..-- (TNT) Protections to be removed: unregistered state Tools: Softice, W32dasm 8.93 & Windows Commander 4.03 --------Motto for my actions:------- I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Real happiness, free and freedom for all! -------- Probably you asked yourself why another tutorial about WinXFiles. Here's why. Find a serial in a recent WinXFiles is in 2 tuts: 35/part 4 & 61/part 3. But, although I followed exactly the methods described there and in case 35/4 I found the place (& instructions) described but no serial at all and in LW2000 tutor 61/3, I found the first lines in code but never the ones with serial, and believe me, I know to look, maybe my PC and/or Softice can't perform something. Or the crackers forgot to mention something (I'm sorry if is proving that I'm wrong). So, for me the tutors mentioned was useless, but not the third tutor, the one of tKC, who really worked, even if it was old version 2.8 (tut nr. 8/part 3). The reason of this tut is that is 100% working, simple and you can extend the method on older-future versions or the present one which you can download now, WinXFiles 4.7. Note: I'll explain on WinXfiles 4.0 first (because in not packed - the executable). Fast! 1. Register with Johnny AUM & 12345 as dates, CTRL-D. Put bpx showwindow, Enter. CTRL-D, press OK to register. We land in Sice. Press F11. We see that our call starting at 4252D3. Remember 4252D3. Exit with bc * and CTRL-D. 2. We are now in W32dasm -> in Wxfiles.exe. Shift-F12 with adress above: 4252D3. There is ShowWindow (the one with bmp: Sorry... Invalid Registration Password). We go up in the code at 4252B8. 4252b8 is jumped from 4251FF, as you can clearly see. Go to 4251FF. 3. The jne from 4251FF is the one responsible with jumping to bad code window. So, we remember 4251EB, the first line from this routine, you got it? 4. Register again with Johnny AUM, 12345 and press CTRL-D. Write bpx showwindow again, Enter. CTRL-D, Ok to register the program. We pops in Sice & now we will make it to stop at our memorized adress - 4251EB, we write G 4251EB, Enter. Good job! 5. Good because we are back in registration window. Put 12345 again & press OK. We are in Softice now with cursor on 14F:4251EB. Write d eax-20, Enter. Bingo!!! What a easy catched serial, and a nice one, long too: HKHUAQZFYHUPUGF. So, for WinXFiles 4.0, date 16 may 2000, name Johnny AUM, that's it. Change time to date above for working with this serial! Anyway, this serial works with actual and old versions of WinXFiles! Now, the method for WinXFiles 4.7 (Wxfiles.exe which is packed with Aspack) -------------------------------------------------------------------------- The steps are identically, but we have to find the new G adress,where to stop. We cannot dissasemble the Wxfiles.exe with w32dasm because is packed. Ok, no big problem. We can see the real adresses from Softice memory. From first method (4.0 version) we have 2 adresses: 4252D3 and 4251EB. Because we are smart guys, we think: what if we make 4252D3-4251EB=E8 in hexa, with calc.exe. Now, make big eyes: E8 (hexa) means 232 (decimal) instructions from G 4251EB to 4252D3 (bad code window adress). So, if we find the adress from where is called ShowWindow (new version 4.7) we can decrease 232 instructions from new ShowWindow 425XXX and obtain our needed G 425???. Easy, ha? (For unregistering, search with regedit.exe in Registry -> CTRL-F -> "userkey" from PEPSOFT/REG stuff & delete subdirectory "REG") 1. Like in (4.0 version) operation 1 above: Johnny AUM & 12345, CTRL-D, bpx showwindow, Enter. Ok to register. We are in Softice. Press F11 to see caller of ShowWindow: it's 42555B, you see it? How I just said, now we decrease with calc.exe 42555B-E8(232 zecimal)=425473, so prepare for G 425473. 2. Write bc *, Enter. CTRL-D for registering again with known dates. Again CTRL-D, bpx showwindow, CTRL-D, press OK to register. 3. We pops in Softice, write G 425473 (for 4.7 version). Everything is like in operations above. For serial, write d eax-20 and you have it: QQTGUZHZADPMKLW. The same date: 16 may 2000 and name: Johnny AUM. This serial looks different but is as good as the other. Job done! If something seems to be wrong, reset first the program and/or PC and try again! Put the above date with serials mentioned! PS. Aah, a gift to you: Date 16 may 2000, Name: REGISTERED and serial: VLMDGZFEXPDBKMF. It's a gift in case that you cannot or you don't wish to find your own serial! And restore time at normal after all! ---------------- Greets: tKC, CIA, TNT (nice guys!), to all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. I love you all but be a good soul! Romanian Greets: Toate cele bune oamenilor inimosi din Romania! O sa vina si zile mai bune! Incercati sa evoluati spiritual daca vreti sa fiti fericiti! At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time!!! God is pure love! Try this: www.geocities.com/john_aum Incredible infos for YOUR EYES ONLY!!! Critics, comments, anything at: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ -----cut here------------------------------------------------------------------- let's see what's inside the esi register by writing the command 'd esi'