		Cracking for Newbies  - by Dahood
                

Target: WorldMap 3D v 1.1c

Tools used: W32dasm
	    Hview
	    ProcDump32 

Protection:
1.Serial


NOTE: This tutorial is not totally for newbies so i excpect that u know
1.how to use w32dasm
2.how to use hview (change,search,etc...)
3.Assembly

now u have 2 files.
1.worldmap  open and it says unregistered
2.worldmapc open it and there u can register... try to and copy the error message that u got

Disassemble the program

strange no strings

Right its packed and im not going to go into details i hate packed programs
when u tried to disassemble u saw
UPX0 UPX1 open it in hview and at the top it says upx 1.20
k so we know what is it packed with
for most of the packed programs i use ProcDump
open procdump and click on unpack , pick a file , pick upx ....
anyways unpack it and save the unpacked to a different name like Unpacked.exe

now disassemble the unpacked file...better yes:)
k search for the error message  and ull land here

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00447C0B(C)
|
:00447CB2 6A00                    push 00000000

* Possible StringData Ref from Data Obj ->"Code Refused"
                                  |
:00447CB4 B9907D4400              mov ecx, 00447D90

* Possible StringData Ref from Data Obj ->"Invalid serial code!!!"
                                  |
:00447CB9 BAA07D4400              mov edx, 00447DA0
:00447CBE A1C0DD4400              mov eax, dword ptr [0044DDC0]
:00447CC3 8B00                    mov eax, dword ptr [eax]
:00447CC5 E81A20FEFF              call 00429CE4

u see the conditional jmp :00447C0B(C) go to it
shift f12 and enter 447C0B and ull land here

:00447C0B 0F85A1000000            jne 00447CB2 ----->u land here
:00447C11 B201                    mov dl, 01
:00447C13 A12C934300              mov eax, dword ptr [0043932C]

it look pretty easy doesnt it .. 
u know the drill change the jne to je so
:00447C0B 0F85A1000000            jne 00447CB2
will be 
:00447C0B 0F84A1000000            je 00447CB2

and now open  the unpacked file and register....
open wordmap and do u see the unregistered ???
good

i hope i didnt confuse u and if u have any question, comments
my icq# is 69518421 or u can e mail me at webcrawler28@hotmail.com

i would like to say thanks to all the crackers 2 many 2 list , for helpin me also for there 
tutorials
also a big thanks to krobar's site http://zor.org/krobar
 
			Cracking for Newbies  - by Dahood           mov eax, dword ptr [eax]