Name      : DU Meter

Version   : 2.21

Editor    : Hagel

Target    : Duhelper.exe.Exe

s/n saved : HKEY_LOCAL_MACHINE\Software\Hagel\DU Meter

Tools     : W32Dasm
	    Hiew
	    Brain
	    
Cracker   : LW2000

Tutorial  : No.22

http://www.hageltech.com/dumeter


---
DISCLAIMER
For educational purposes only!
I hold no responsibility of the mis-used of this material!
---


1.	Ok, go to the registrationscreen and enter LW2000 as username
        and 1234560 as code.
	*BOOM* 'Invalid serial number specified...'
	Mhhm, seems that we have found a bug ;)
	Let's fix it...

	Load W32Dasm with duhelper.exe, click on the SDR and go
        to our string.


* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00067E6D(C)   <--- here we go
|
:00067F1A 6A00 push 00000000
:00067F1C 668B0D607F0600 mov cx, word ptr [00067F60]
:00067F23 B201 mov dl, 01

* Possible StringData Ref from Code Obj
-> "Invalid serial number specified."
->"Please retry."
|
:00067F25 B818800600 mov eax, 00068018
:00067F2A E80DB5FFFF call 0006343C

2.	Take a look at the references and go to 00067E6D.

:00067E65 E8660CFFFF call 00058AD0  <-- fake and correct s/n compared
:00067E6A 6685C0 test ax, ax        <-- result saved in ax
:00067E6D 0F84A7000000 je 00067F1A  <-- check


        Let's think a bit. It is not very clever to change the je to jne,
        because many proggies check more than once the serial. So lets
        go to 00058AD0.

* Referenced by a CALL at Addresses:
|:00067E65 , :00078175   <-- 2 places
|
:00058AD0 55 push ebp  <--- here should be ax=1
:00058AD1 8BEC mov ebp, esp <-- ret? *g*

3.	Let's go the lazy way and make ax=1, this saves time *g*.

	place the bar on 00058AD0. Note the offset. Close W32Dasm and
        open duhelper.exe with hiew. Goto Decodemode and then goto
        the noted offset with F5. F3 for Editmode.
	F2 to enter asm code.
	Then enter 'mov ax, 0001'. Enter.
	Enter 'ret'. Enter.
        Esc. F9 to update and then F10 to quit.

4.	Start duhelper.exe and enter
	User Name: LW2000
	Code     : 1234560


Congratulation! You are a registered user.


FINISH! Easy, or?

cu LW2000
Any comments? Mail me LW2000@gmx.net !!!
----
tKC, thx for your tutors!
I started with tutor 1 and i still read them... they are the best!