. , SRIN.EXE ߰
κп ̴:
00011447: 9A04006E12 call 0126E:00004 ; 츮 ãƿ ̴.
0001144C: 83C406 add sp,006
0001144F: 16 push ss
00011450: 8D46EE lea ax,[bp][-0012]; Է ͵ Ax
00011453: 50 push ax
00011454: 9A7F360000 call 00000:0367F
00011459: 83C404 add sp,004
0001145C: 16 push ss
0001145D: 8D46EE lea ax,[bp][-0012]
00011460: 50 push ax
00011461: 90 nop
00011462: 0E push cs
00011463: E8A100 call 000011507
00011466: 83C404 add sp,004
00011469: 8BF8 mov di,ax
0001146B: 0BFF or di,di ; н尡 ǰ?
0001146D: 7429 je 000011498 ; , ٽ_Ȯ κ б
0001146F: 9AA415F31A call 01AF3:015A4 ; ƴ϶..
00011474: 1E push ds ; _̱.
00011475: 68981F push 01F98 ; "߸ ȣ ϴ.."
00011478: 6A0E push 00E
0001147A: 6AFF push 0FF
0001147C: 6A11 push 011
...
...
0001148A: 6A0E push 00E
0001148C: 6AFF push 0FF
0001148E: 6A12 push 012
00011490: 9AB502F31A call 01AF3:002B5
00011495: 83C40A add sp,00A
00011498: 0BFF or di,di ; н尡
ٽ_Ȯ!!
0001149A: 7403 je 00001149F ; _
0001149C: E96CFF jmp 00001140B ; _
κ ũϱ ؼ ù° "or di, di" "xor di, di"
ٲ ֱ⸸ ϸ ġ ̴.
ҵ, α ư ð 鿩 ణ
ϰ, DOS ͷƮ ؼ ˰ ִٸ ʹ ̴.
BPINT DOS α̶ ũ ִ.ֳϸ
*.COM̳ *.EXE ϵ Ƿ ͷƮ ݵ ʿϱ ̴.
Frog's Print October 1997 -
(c) Frog's Print, 1997. All rights reversed.
-------------------------------------------------------------------------------
Frog's Print 츮 ű ٽ
帳ϴ.
Page 5
ʺ ũĿ
ʺ ũĿ
_ ũ Ϸ ʺ ũĿ е б
÷ ڽϴ.
ʺ̴ ϱ, ̷ ýϴ. Ȩ ִ а
ٸ е Ȱ ũ ϴ Դϴٿ.
, DZ ٶ鼭 .
, ũ ߴٸ '' ʿ ?
ũ ִ α ʰ ũ
̿.
, 켱, Ȩ ۿ ũ
ִ α ణ ýϴ.
ôµ, ߿ ٿ .
_
hear the echo PicaView ũ ̾߱ ߴ
ε. sice ̿ؼ ũϴ , κп Ϲȣ
Ǿ ֽϴ. ܼ κ sice d ɵ
̿ؼ , Ϲȣ ˾Ƴ Դϴ. , ũ
ִ α̶ ٸ ε ũ ִ ٽ ʿ䰡
.
, 98 ũ ߽̿ϴ.
WinZip 7.0 Winzip hear the echo ũѴٸ, ũϴ ߿
ϳ '̸' ؼ 3 ٸ Ϲȣ ã ſ.
Brick Layer 2.5a α в ˷ ֽ αε,
״ ױ̿. ̰͵ hear the echo ̿ϸ
ϰ ũ ֽϴ.
Virtual CDROM 1.0 α Logicraft Information Systems
αε, α Ƹ ٵ ƽ ſ. α
PC ڷǿ µ, ȿ patch(keygen) ִ.
츮 ũĿݾƿ. hear the echo ũ ֽϴ.
Ž ö K.Ƿϰ TurboGo ũϴ ؼ
ۿ Դϴ. ̿ؼ Ϲȣ ó ãư
Դϴ. κ α ũϴ ֽϴ.
, ̷ ũϸ ϰ, ƹ ȿ ϴ 쵵
ֽϴ. ٷ Opera ũ ε, α ٸ
ũϴ ϴ.
츮 ͳ 2.0 α ġ 60ΰ ۿ
ϴ. Ⱓ ѱ ¥ θ Ѵٸ ' '
ɴϴ. ٷ ۻڸ ̿ؼ '߿' κ ã Ž ö
ϴ. , dialogboxԼ ߴ ؼ Ž ö⸦
ϼ.
Taku Chan α Ϻ б б簡 ٴ ٵ
αԴϴ. ǻͿ 뱹 ִ ٵ αε,
ǻ (?) ܰ ۿ ȵǰ, 50 Ǵ 100(ǻ
ؿ ) ̻ մϴ. Ž ö Ǵµ,
sice ̿ϴ disassemble ҽ ̿ ξ մϴ.
б ٲٱ ⺻(?) ̴
Դϴ. ̷ ̿. Ϲȣ Էϸ κп Ϲȣ
´ Ȯմϴ. Ϲȣ ´ٸ eaxͿ 1 ְ,
eaxͿ 0 ݴϴ. , 'Ȯ' ȣ
test eax Ȯ Ǻб θ մϴ. ϱ,
call Ϲȣ_Ȯ_
test eax, eax
jnz /_ȵ
̷ ġ ſ. ̴ ε,
ߵ, ũϱ ϴ. ܼ jnz/jz Ǻб⸸
ٲ ִ ε ũ ֽϴ.
߿
NoteWorthy Composer 1.55b (32bit) α Ǻ
αε, Ǻ ̵ Ϸ ְ, ִ
αԴϴ. , Ǻ μ , Ͽ(Register Form)
ϰ, Ǻ 10 ۿ մϴ. Ϲȣ ִ
Protection Schemeε, 'Ǻб' ã
ſ. |
LviewPro 2.1 α
α̿. 21 ֽϴ. α
ũϴ ִ Ž ö ,
GetLocalTime Լ ߴ , '߿' κ ãƼ
б⸦ ٲ ִ ϰ ֽϴ. GetLocalTime(Ǵ
GetSystemTime)Լ ߴ ϴ ƽ ſ.
_*to beginners*_
Ȩ
Page 1
Page 1
_1. Intro_
_ũ ʿ Ұ_
_2. About A Girl_
_W32Dasm7.exe ũϱ_
-w32dasm̿
- Ƚ ֱ
-ҽ ְ ϱ
-(Ʋ κ ƽϴ -99.3.16)
_3. The Man Who Sold The World_
_PicaView.dll ũϱ(1)_
-SoftIce̿
-PicaView Ϲȣ
-Ϲȣ α(KeyGen) ϴ.
__4. The Unforgiven_
_WinRAR95 (ver 2.0) ũϱ_
_-SoftIce̿
-WinRAR95 ũϴ 캾ϴ.
-Little-John ű Դϴ.
_5. Lithum_
_PicaView.dll ũϱ(2)_
-SoftIce̿
-PicaView Ϲȣ
-Ϲȣ α(KeyGen) ϴ.
_6. Until It Sleeps_
_Add Web 1.23 ũϱ_
-W32Dasm̿
-Add Web 1.23 ũϴ Űϴ.
- û protection (1997)
-Tristan ű Դϴ.
_7. Yellow Submarine_
_HexWorkshop (ver 2.53) ũϱ_
-W32Dasm̿
-HexWorkshop ũϴ Űϴ.
-߱ڿ(ʺڴ ٸ а оּ)
-Heres ű Դϴ.
_1_
-------------------------------------------------------------------------------
Ȩ ڷ(tools/links) mail to +kurt Page 2 Page 3 Page 4 Page
5
*pluskurt@hanimail.com*
Page 2
Page 2
_8. Come As You Are_
_PicaView.dll ũϱ(3)_
-SoftIce̿
-PicaView Ϲȣ
-Ϲȣ α(KeyGen) ϴ.
-Ϲȣ ù° κ 캸ҽϴ.
_9. Eight Days A Week_
_Filo v1.7, WhoSock v1.91, ExIcon v1.9a, Horas v2.1 ũϱ_
-SoftIce̿
- (+8) α ũϱ
- Դϴ.
-Plushmm[PC'97] Űϴ.
_10. Year Of The Boomerang_
_AddLinkũϱ_
-SoftIce̿
- (NAG Screen) keygen ٲ
- ڼ Դϴ.
-Jon Űϴ.
_11. Dumb_
_PicaView.dll ũϱ_
-SoftIce̿
-PicaView Ϲȣ
-Ϲȣ α(KeyGen) ϴ.
-Ϲȣ ι° κ 캸ҽϴ.
-PicaView ̾߱⸦ ƽϴ.
_12. Revolver_
_Arjshell32 ũϱ_
-W32Dasm, SoftIce̿
-Arjshell (save) ְ ϱ.
-Flag ̿ϴ ũ Դϴ.
-Rundus Űϴ.
_13. Something In The Way_
_ 98 ũϱ_
-SoftIce̿
- û protection scheme(1998) ĺ : )
_14. Imagine_
_Visual Basic ũ_
-Hex Editor̿
-Visual Basic α ũϴ ߽ϴ.
-+Sync Űϴ.
-ʺ
_2_
-------------------------------------------------------------------------------
Ȩ ڷ(tools/links) mail to +kurt Page 1 Page 3 Page 4 Page
5
*pluskurt@hanimail.com*
Page 3
Page 3
_15. Heart-Shaped Box_
_HexWorkshop (ver 2.54) ũϱ_
-SoftIce̿
- ũ߽ϴ.
-ũ, 3п OK
_16. Nothing Else Matters_
_(Notepad) ũϱ_
-W32Dasm̿
- ۰ '' Դϴ.
-(Notepad) ۲ ٲٴ ũ Դϴ.
-Mammon_ Űϴ.
-ʺ ũĿ Դϴ.
_17. Battery_
_ȭ麸ȣ йȣ ũ_
-SoftIce̿
-йȣ ɸ ȭ ȣ ũ
-Mammon_ Ϻθ Űϴ.
_18. Walk!_
_ȣȭ(encryption) _
-Jon Űϴ.
-(How to reverse engineer encrypted files)
-(ȣȭ ũϱ)
_19. In Dreams_
_ڹٽũƮ ۻ(JavaScript MessageBox) ֱ_
-SoftIce̿
-ڹٽũƮ ۻڰ ʵ Netscape ũմϴ
-+YOSHi Űϴ.
_20. In My Life_
_PolyView 3.00 beta 9 ũ_
-W32Dasm̿
-ʺ Դϴٿ
-ũ , ٽ ΰ?
-The_RudeBoy_[PC] Űϴ.
_21. Por Una Cabeza_
_Rhino32 ũϱ_
-W32Dasm/SoftIce̿
-¥ ũ(Time Trial Crack)
-Sojourner Űϴ.
_3_
-------------------------------------------------------------------------------
Ȩ ڷ(tools/links) mail to +kurt Page 1 Page 2 Page 4 Page
5
*pluskurt@hanimail.com*
Page 4
Page 4
_22. Love Buzz_
_ Ÿ98 IMF ũϱ_
-SoftIce̿
-¥ ũϱ
-ʺڿ
_23. Roll Right_
_Window$98 Ϲȣ ũϱ_
-M$ ٺ : )
-IH8U Űϴ.
_24. Beautiful People_
_Netscape ũϱ_
-Borland Resource Workshop ̿
-ݽ ߸ ְ ٲٱ
-Mammon_ Űϴ.
_25. Stairway To Heaven_
_Disassembly _
-cRACKER's nOTES ߿ Űϴ
-Disassemble ҽ Ͽ Լ/μ/ ˾Ƴ
-Rhayader Űϴ.
_26. All Apologies_
_K.Ƿ() ũϱ_
-W32DASM̿
-Ÿ Է ũ
_27. FAGET_
_SoftICE ũϱ_
-SoftICE ̿
-SofTICE ġ ϱ
-+OCHE SATRIANI +OBLLEK Űϴ.
_28. I Hate Myself And Want To Die_
_SoftICE ũϱ_
-SoftICE ̿
-SoftICE KeyGen
_4_
-------------------------------------------------------------------------------
Ȩ ڷ(tools/links) mail to +kurt Page 1 Page 2 Page 3 Page
5
*pluskurt@hanimail.com*
Page 5
Page 5
_29. Serve the Sevants_
_TurboGo for window$95 v4.01 ũϱ_
-SoftIce̿
-'flag' ̿ α ũϱ
-ʺڿ
_30. Mondschein Sonate _
_InstallSHEILD ũϱ_
- ̿
-InstallSHEILD ũ
-NaTzGUL Űϴ.
_31. _
_Sourcer 7.0 ũϱ_
-SoftICE ̿
-DOS ͷƮ(interrupt) Ἥ DOS α ũϱ
-Frog's Print Űϴ.
_5
-------------------------------------------------------------------------------
Ȩ ڷ(tools/links) mail to +kurt Page 1 Page 2 Page 3 Page
4
*pluskurt@hanimail.com*
+kurt page
_
_+kurt page_
_
_
Ӹ
_
ũ ̾߱⸦ ߽ϴ.
ó Ÿ Ÿ ƴϿ. Ÿ Ż ƴ Դ,
װ ƹ ͵ ƴ ó ǵ ó Ÿ
ϸ鼭 ư ʾҳ.
Ÿ ó , (?) ϸ鼭 .
ڿ ƺ ָ鼭 ݾƿ. ƺ Ƽ
ε, Ͽư .
ü Ѿ ʰ ִ ذ
ƾ.
ũ̶ Ϳ ó ˾ƺ
ϴ. 켱, ũ ã ͺͰ ̾ϴ. ,
۵ κ Ҵٰ ϴ ͵鵵 Դ ʹ .
Ƶ Ӹ ſ ־, ''ʺ
ʾҴ ͵ ϴ. , ũ̶
ŷ ̾ϴ.
ͳ ƴٴϸ鼭 оϴ. ߿ ܿ
+ORC (_HOW TO CRACK, by +ORC, A TUTORIAL_) ū Ǿµ.
п ְ,
α ʰ ȥڼ ũ ְ Ǿ.
ó ũ ϸ鼭 Ȩ ϴ.
۰, ٸ ũĿ 츮 ű
ֽϴ. ۿ, а ִ е ũ ؼ
ִٰ ϰ ϴ. ù° α(PicaView32)
Ϲȣ ڼϰ 鼭, ũ
ʿ SoftIce Ÿ
⸦ ַ ߽ϴ.
, ٸ ũĿ ű ̳ Ʈ ִ ״θ
ű ߽ϴ. , 翬 ϴ. ܱ
ũĿ , Űϴ. ʺ
߱ ٸ 'Ǹ' ũĿ ű ͵
ʿ ϰԴϴ.
۰ ٸ ũĿ ű ۿ ε
ſ.
*1999 3 11
+kurt
pluskurt@hanimail.com*
*_preface_*
__
Page 1 W32Dasm ver 7 (demo) Picaview32 ver 1.3 WinRAR95 ver 2.0 AddWeb
ver 1.23 HexWorkshop ver 2.53
ũ ù° ̾߱. ũ ʿ 鿡 .
PicaView ũ ̾߱
Page 2 Filo ver 1.7, WhoSock ver 1.91, ExIcon ver 1.9a, Horas ver 2.1
AddLink Picaview32 ver1.3 ArjSell32 98 ver 2.32, Visual Basic Crack
α ũϱ
(NAG Screen) key-gen
PicaView ũ (11. Dumb)
Flag ̿ ũ(ArjShell)
û protection scheme ĺ(1999 :) 98 v2.32
Visual Basic α ũϱ
Page 3 Hex Workshop v2.54, (Notepad),ȭ ȣ(Screen saver),
ȣȭ(encryption)ڹ ũƮ ۻ ֱ(Netscape), PolyView 3.00 beta 9,
Rhino32
Hex Workshop v2.54 3и ũ
(Notepad) ۲ ٲٱ(By Mammon_)
ȭ ȣ йȣ ũ(By Mammon_)
ȣȭ (By Jon)
ڹ ũƮ ۻ(JavaScript MessageBox) ֱ
ũĿó ϱ(ʺ)
¥ ũ(GetLocalTime)
Page 4 Ÿ98 IMF , Window$98 Ϲȣ Ȯ, Netscape
Navigator, Disassembly , K.Ƿ, NuMega SoftICE
¥ ũ
Window$98 Ϲȣ Ȯ ũ
ݽ ٲٱ
Disassembly ҽ Ͽ Լ/μ/ ˾Ƴ(By Rhayader, *excerpt from
cRACKER's nOTES*)
Ÿ Է ũϱ
SoftICE ġ ϱ
SoftICE KeyGen
Page 5 TurboGo for Window$95 v4.01
InstallSHIELD ũ(By NaTzGUL)
Sourcer 7.0 ũ
flag ̿ ũ
InstallSHIELD Script Cracking
DOS Interrupt ũ(BPINT)
_*index*_
ڷ(tools/links)
mail to +kurt
ħ
ʺ ũĿ
FAQ
== ˸ ==
'ũ'ϴ ϴ , ̹ ġ,
Ϲȣ ̸ ¦ δ ƴϿ. ͵ ã
̴ٸ, ٸ ã ſ.
(This site contains no crackz/warez/serialz at all. So, if you'd been
searching for them, try other pages.)
, .. ̷ ϸ ʹ â , ִ
'' ؼ ּ(߱ ڸ ϴ ''̶
ǥ ).
ϰ Ʈ '' '' ũϴ ƹ
ٰ մϴ. ũ ް Ǵٸ װ
protectionist ٸ .
Ǿ Ѵٰ , â ͱ
ڰ, __ α ִٸ װ
ִ Ǵٰ մϴ.
Ϻδ Micro$oft Internet Explorer ѱ
ֽϴ( Ǵ _ǵ_ ̱).
M$-IE е鿡Դ ˼մϴ. ۿ ؼ ̷ '__'
Ƽ ̿. '_ȸ_' Ⱦϴ ݾƿ
Ȥó M$-IE ƴ ٸ ѱ ̴ 찡
˷ ֽø ھ.
(*CORPORATE MAGAZINES STILL SUCK - _Kurt Cobain_*).
(*CORPORATE PROGRAMMERS STILL SUCK - _+kurt_*).
_*notice*_
ڷ(tools/links)
mail to +kurt
ħ
ʺ ũĿ
FAQ
*pluskurt@hanimail.com*
FAQ
FAQ
_ в е麸 ˰ ִ Ŷ ߸ ϰ(?),
̴ּµ. δ
帰ٰ ߴµ, ϴ.
ýϴ. ʺ ũĿ в
Ǿ ڽϴ.
, FAQ ߿ Ʋ ˷ ּ.
1. crack ?
2. ڰ
3. α sice ؾ ϳ?
4. siceȭ ̻ؿ
5. sice
6. Ȩ ũų ֳ?
7. ڵ, , disassembler, hex editor.. ü ̰ ϴ ſ?
8. w32dasm ִ ſ? ãھ
9. symbol not defined Ϳ
10. Ƽ ϴ Ƽ?
11. Ȩ Ѳ ٿ ֳ?
12. , ũ
13. Ŀ Ƿ ؾ ϳ?/Ȩ ŷ ϳ?
-------------------------------------------------------------------------------
_Q_ũ ?
ũ ?
_A_ ũ(__crack__) __Reverse Engineer__ Խϴ.
ũ ǹ̷ Ƽ, __Reverse Engineer__ Ѵٰ ڴ
ſ. ũ ã ϱ,
__crack__ _8_ to discover the secret of (a CODE1 (1)) ...[Longman
Contemporary Dictionary, p. 238]
־ϴ. ȣ, ֳ.
__Reverse Engineer__ ״, Ųٷ ϴ ϾԴϴ. ϱ ̹
ִ α ڽ ϴ Ųٷ ٲ ִ
ϴ. ó Fravia+ Ȩ __Reverse
Engineer__ ؼ ̷ ϰ ֽϴ.
__Reverse Engineering__ , i.e individuating and gathering "hidden" or "lost"
data in a "backwards" approach: from finished phenomena back to its hidden
"code".
-------------------------------------------------------------------------------
_Q_ڰ
Ȩ ּż մϴ.
.. IE 5.0 ϴµ. ϸ
ȭ ̴ .. Ƹ ĥ ִٰ
մϴ... 뵵 ڱ.. ÷
ֽô° .. ˰ ִ Ŀ ϴ ̶ ˰
ֽϴ. 鿡 Ȩ ̽ϴ. ؿ..
_A_ Ȩ Ϻδ ͽ÷η ѱ
ֽϴ. Ȩ ù ȴµ ߿
뿡 ؼ , Ǵ , (?) Ͻô ҽϴ.
ó ؼ ȴµ, ļ
ϰڽϴ.
ֽô е鲲 Ŀ Ͻ θմϴ.
Ƹ Ȩ Ϻ ˻ 'Ŀ ' з Ǿ ־
θô ڴµ, з ǵ ƴϾ,
Ŀ ʽϴ. ǻ Ͻô Ŀ е鲲 Ŵٸ
ſ.
-------------------------------------------------------------------------------
_Q_α sice ؾ ϳ?
ȳϼ. ҽϴ. pluskurt ʹ
ٴ å 缭 ֽϴ. ο
ֽ pluskurtԲ 帳ϴ. ϴ. κ ۵
о sice ؾ ϴ sice ϴ
ڽϴ. ϱ picaview siceȭ鿡 ؾ
ϴ ̴ϱ? κ sice ̰ſ ؼ ʴ. װ
⺻ΰ. ⺻ ڽϴ. β Ƽ ұ
̴ٰ ֺ ̷ ƴ ؼ մϴ.
ð ƴ ŵ ֽø ϰڽϴ.
_A_ũ ̶ ˰ ̶ ̷ 鸮 ſ.
ó о ũ '' ̷
ʾϱ. ũ̶ ó ̰Ͱ Ȱ
߽ϴ. ˰ھ?
sice ۵ϴ ؼ ƴ ٰ ϴ. ϱ
sice ڼ 帮 ϱ. ۿ 'sice
ȭ ' ǥ µ, ´ ڽϴ.
ƹư sice () Ǿ ־ մϴ. ϱ
autoexec.batϿ sice Ѿ ϴ ſ. ؼ
, α ϴ ¿ sice
Ű(Ctrl+D) , ڸ α siceȭ ҷ
ִ ſ. ȭ鿡 α ܰ辿 ְ,
Ͽư ִ ſ. ƴ ٸ Ŵ , ٸ
ſʹ 繵 ٸ ̶ մϴ.
-------------------------------------------------------------------------------
_Q_siceȭ ̻ؿ
ũ ó ϰ ư մϴ. ڷḦ Ʈؼ
鼭 ۾ ϴµ ߾. 1.softice:ġ ȭ ȣ ũ
ϴ ctrl+D ƴ ĥ 帰 ȭ ִµ
F12 ȭ ״ 2~3 ϴ ȣ ȣâ ȭ
ɴϴ. ذ Ź մϴ. * win98 ֽϴ.
2.w32dasm7: α ü ũϴ κε ⼭ ٿ hexworkshop
ver2.54 ϴ κп ex)ff0028101 ̷ ڵ ׳
001234̷ ڵ常 ֽϴ. ذ Ź մϴ. θ
µ ⺻ ̷ ɸϴ. ̷ α
ϴ. α ۾ ֽǶ Ž⼳
ϴ κ file.save.ok ̷ Ź 帳ϴ. 2 ذ
hex edit α ڵ带 ȭ Ű ȴٴµ ͵
״ ʺν ū ˴ϴ. c ؼ м 밭 ذ
µ ڵ带 ȭ Űų ̷ ũ ۾ α
κ ֽϴ. ſ ; ǵ ̷ κ
ϴ. ֽʽÿ. λ 帮ڽϴ.
_A_ 1 sice ġ ̹ ߸ ؼ
ϴ. sice ڽſ ˸ ī(Display Adapter
Setup) ϴ ֽϴ. Ʈ ϸ鼭 ־
մϴ. ̹ ġ Display Adapter Setup ̿ؼ ٽ
ϱ, ڽ ī尡 ˰ ָ ˴ϴ.
˱ SoftICE Ϻ ī带 ʴ´ٰ
ϴ. ٲ Ǵ е ̷
. Display Adapter Setup ؼ Display Adapter Selectionȭ
, Manufacturer Standard VGA , Ʒ ִ üũ ư
߿, Universal Video Driver[SoftICE appears in a "window"]-We recommend
that you set the video adapter type to Standard VGA üũմϴ. ̷ ϸ
ſ. δ sice
â(window) Ÿٰ մϴ.
в 2 ڽϴ.
Ͻ .
ũ ڵ带 ٲ ϴ , ڵ ,
װͰ 谡 ִ , Ƹ ù° (1.
Intro) , ۿ ҽϴ.
-------------------------------------------------------------------------------
_Q_sice
ȳϼ? +kurt ϰ ִ Դϴ. +kurt Ʈ
̽ غҴµ, â ʴ±.. Ӷ wc
alt+r ġ ֽϴ. ٸ ٹٲ.. ߸Ѱ..
亯Źմϴ. ! Ȩ +kurt Ȩ ũ Ű
ϴµ ٸ ּ..
_A_ °(3. The Man Who Sold The World) sice winice.datϿ
INIT= ؼ ⸦ ߽ϴ.
INIT="lines 60;color f a 4f 1f e;wd 22;wc 22;wr;code on;X;"
INIT ε, ϸ,(Mammon_ Page
ϴ)
+ _lines_ : ȭ鿡 Ÿ մϴ.
+ _color_ : ȭ մϴ. 4Ʈ 16 ǥõ˴ϴ(0 :
, 1 : Ķ, 2 : , 3 : , 4 : , 5 : £ , 6 : ,
7 : ȸ, 8 : ȸ, 9 : Ķ, A : , B : , C :
, D : ȫ, E : , F : Ͼ).
̷, ڻ Ÿϴ. 0f(Ǵ f)
Ͼ ڻ մϴ. ִ ͵, (normal),
(bold, highlighted text), (reverse-display), (help),
(line, â â ִ ) ֽϴ. _color f a 4f
1f e_, ڴ Ͼ ڷ, ڴ
ڷ, ڴ Ͼ ڷ, Ķ
Ͼ ڷ, â â ִ ϶ Դϴ.
+ _faults on|off_ : General Protection Faults , sice ̸
ó(?) մϴ.
+ _wc _ : ڵ â(code window) Ȱȭ(toggle)ϰ, â ũ⸦
μ մϴ.
+ _wd _ : â(data window) Ȱȭ(toggle)ϰ, â ũ⸦
μ մϴ.
+ _wl _ : â(local variable window) Ȱȭ(toggle)ϰ,
â ũ⸦ μ մϴ.
+ _wr _ : â(register window) Ȱȭ(toggle)ϰ, â
ũ⸦ μ մϴ.
+ _ww _ : â(watch window) Ȱȭ(toggle)ϰ, â ũ⸦
μ մϴ.
+ _hst=_ : ɾ 뷮 մϴ.
+ _X_ : siceȭ ͼ ̴ α Ű
Դϴ. INIT ־ մϴ.
Ȩ ũ ֽðڴٴ, Ȳ Դϴ. βԵ, ݵ
Ȩ ũ ֽ е 輼. в ũֽ ũ
Ȩ , Ȩ ũ Ǿ ִ
ִϴ.
-------------------------------------------------------------------------------
_Q_ ڵ, , disassembler, hex editor... ü ̰ ϴ ſ?
ٵ ũŷϷ ַ ˾ƾ Ѵ ̴ϴ.
Ҿ ϰ w32ds ̿Ѵٰ ߴµ..
α ھ.. .. ҽ ٵ
ڱ ͷ ġ,. ذ Ȱ. 亯ּ..
_A_ ũ Ϸ ϳ ó ߽ϴ. ۿ ̷
Ծµ, ' , ũ Ҽ ִ'.
ϱ ߽ϴ. ũ ϱ ؼ
簡 ʿ ϴ. Ȯ
ϴ ũ ϴ ˴ϴ.
ó ũ '' ǹ 'ü ̰
Ҹ ϰ ִ ǰ?'ϴ. '' ɾ, ''ϴϱ,
⼭ r fl z ~~, r fl z İ? .
ͷ װ , ãƼ 90909090 ٲ ...... ü
װ ϴ Ű, '' ؾ ϴ ߽ϴ.
, ù° Ϳ ؼ ⸦ ߴµ,
̷ Ͻô ϴ. ⼭ ٽ 帱.
ڽϴ. ̷ α ִٰ . ϱ, Ű忡
Ư ڿ Էµ ƹ ϵ ʰ, Է ٸ α
ֽϴ. ϱ ؼ α Ű忡 Ư ڿ,
passwd սô, ԷµǸ α ˴ϴ. ̷
α ־. ǻͰ
α Ű ֽϴ. α ̸
PASSWD.COM̶ սô. α ҽ Ʒ ϴ.
:α__κ(100)
mov ah, 7
int 21h
cmp al, 70
jne α__κ
int 21h
cmp al, 61
jne α__κ
int 21h
cmp al, 73
jne α__κ
int 21h
cmp al, 73
jne α__κ
int 21h
cmp al, 77
jne α__κ
int 21h
cmp al, 64
jne α__κ
:α__κ(126)
int 20h
츮 sice ڵ â ִ
ҽԴϴ. α ϵǸ
ٲ ϴ. ٽ 帮, α
Ű忡 passwd ڿ Էµ ٸ, ԷµǾ߸ α
˴ϴ.
츮 α Ӱ Ѵٸ, ϱ, ƹ ڿ̳
Էص α ǵ Ѵٸ ؾ . 켱
sice ŷ α ̷ ֳ Ȯ մϴ.
ϱ siceȭ ڵâ α ҽ Ȯմϴ.
ؼ α ۵ϴ ˾ƺ, ľ 츮
ϴ ۵ ϴ.
ҽ , int 21h 7 Լ ϰ ֽϴ. ̰
Ű忡 Էµ ڸ о ̸, ^C Ƶ ʽϴ.
ؼ о ڴ, cmp al, 71 ϴ ڿ ˴ϴ.
ڰ Ǿٸ ϰ ʴٸ
α__κ ǵưϴ.
ϴ cmp al, 71Դϴ(⼭ 71 'p' ascii ڵ
Դϴ, 'passwd' ù° ڸԴϴٿ).
б(, α__κ б , )
ϴ jne α__κ Դϴ. jne Jump
If Equal(̰ JNZ, Jump If Zero ϴ) ϸ, (,
zero flag Ǿ ), Jne ּҷ б϶ Դϴ.
츮 Ƿ jne α__κ ٸ ٲ ٸ
츮 ϴ ϴ. ϱ, jne
α__κ ƹ ǹ ٲ
ֽϴ. 'ƹ ǹ ' nopԴϴ. ϱ,
ҽ jne α__κ Nop ٲ ſ.
α debug(DEBUG.COM/DEBUG.EXE) ̿ؼ ǵ,
α__κ ּҴ 100Դϴ. jne α__κ
jne 100 Ÿϴ. 츮 jne 100 nop ٲ ϴ ſ.
ؾ ٲ ? 츮 jne 100 , ǻͰ jne
100 0111 0101 1111 1000 Ÿϴ. 0111 0101 1111 1000 ٷ
ڵԴϴ. 2 Ÿϴ. ̷ 2 ڸ Ÿ
ϴ ſ. ݾƿ. 16 ϴ.
2 16 Ÿ, 4ڸ(4bit) ڸ 16 Ÿ
ֽϴ. , 0111 0101 1111 1000 75F8 Ÿ ִ ſ. 0111 0101
1111 1000ٴ 75F8 ʳ? _hex_ editor ̷ ڵ带
츮 16(_hex_adecimal) Ÿ ִ մϴ.
75 F8 75 JNE ڵ̰ F8 б ּҸ Ÿ
ݴϴ. ̷ ϴ ڵ尡 ֽϴ. JNE 75
ϰ, JE(Jump Equal) 74 ϴ ڵ带 ϴ. NOP
ڵ 90Դϴ. , 90̶ ڵ ƹ ǹ̰ ſ.
Ʊ 츮 Ϸ ߴ , jne 100( ڵ 75F8)
nop ( ڵ 90) ٲپ ִ hex editor PASSWD.COM
, 75F8̶ ڵ带 ã, κ 9090̶ ٲָ Ǵ
ſ. 90 ƴϰ 9090 ʾƵ ƽ ſ. ڸ jne
75F8̶ 츮 nop/nop ٲ ſ. ̷ ҽ
jne α__κ ãƼ nop ٲָ(̷
NOPing̶ մϴ), PASSWD.COM 츮 ڸ Էϴ,
ڿ ̰ 6ڰ Ѵ´ٸ α ų ſ.
̷ ؼ ҽ ڵ, hex editor ,
Ű ʿ ؼ ߽ϴ.
, W32DASM disassembler ʿϳ ϸ, disassemble̶
о 鿩 װ ҽ մϴ.
ϱ, ҽ ؽƮ
ʿ ſ.
ڸ, Ʊ PASSWD.COM ũ 츮 jne
α__κ noping ִ ߴµ, ٴ
ó ִ jne α__κ jmp α__κ
ٲ ִ ξ ſ. jmp(Jump, б)
ڵ ַ EBԴϴ.
-------------------------------------------------------------------------------
_Q_w32dasm ִ ſ? ãھ
ĿƮ, Ϸ ͳ ƴٳϴ. ȵǴ. Ϸ
. ũ ¸ Ե ϸ鼭 θ Ϸ ߴµ
̰ ϱ? w32dasm 7 ƴϸ ٸ µ Ʈ
ٿ ȵǿ. ó PC ͼ ̷ ݾƿ.
ȵſ. ٳ 8.6ΰ 8.9ΰ Ͽư ȹ
ٰؼ ʴ. ּ. Ϸ
Ⱦ ~~~~~~~! 7 Ϸ ּ.(ϴٸ ٸ ͵).
Ʈ ̽ ֱ. ʹ õȿ ־. w32dasm
õȿ 1.0ۿ . ٰ ؼ ٸ 7.0 ִ ͵ ƴϱ.
Ͽư Ϸ ͳ ƴٳµ ãҾ. ּ!!!!
_A_ڷǿ W32DASM7 ũ ÷ Ҵµ, ȵǾ .
ũ . ϴ ã ߿
. ̸̶ մϴ. w32dasm7 ̸
w32dasm7.zip ǰ. ƴϸ w32dasm7.exḛų ̿. ƴϸ ϱ
ϰ FTP Search ̿ϸ w32dasm7 ã ֽϴ.
FTP Search Lycos FTP SearchԴϴ. FTP Search ٸ ͵
ֽϴ. Web ã ƴٴϴ ڼ +ORC ¿
Խϴ. .
-------------------------------------------------------------------------------
_Q_symbol not defined Ϳ
ȳϽʴϱ? Ȩ Ͽ Դϴ. ũ
Ȩ ٴϴٰ ʺ Ȩ ŷ
θ ϰ ֽϴ. sice ƮϿ ġϿ θ ϰ
̴µ Pica View32(Ver 1.3) ߿ ô bpx getdlgitemtexta
ɾ ϱ Symbol not Defined (GetdlgItemteatA)
ŵϴ. Դϱ? ɾ Źմϴ.
ö 帱 ϰ ɰ
Źմϴ. ε Źմϴ. ֿ....
_A_ Ͻô Ͻñ. Symbol not Defined κ
winice.datϿ ־ ϴ ʾұ Ͼ
ϴ. ̿ ù° (1. Intro) и ߴµ,
е鲲 ̷ Ͻô ھ.
-------------------------------------------------------------------------------
_Q_Ƽ ϴ Ƽ?
kurt а ر(^-^;) ҳ... ٸ ƴϰ...Ƽ
ϴ¹ ˷ֽø ϱ( ˷ּžؿ!)
_A_Ƽ Ϸ .. .
ϰ 帱. 켱 config.sys ľ մϴ. ,
Ʈ ̽ , , Ʈ ̽ ̷ Ƽ
ʹٰ ϰ 鲲.
[menu]
menuitem=norm, windoze
menuitem=sice, sice95
menuitem=dos, dos
menuitem=sicedos, sicedos
menudefault=norm, 3
̷ [menu] ùٿ , menuitem = , ̸
ϴ ݴϴ. Ÿ ó ù° ̸
windozḛ ̰ normԴϴ. menuitem=dos, dos ó
̸ Ƶ ϴ. menudefault=norm, 3
ڰ ⺻ norm ϵ ϰ, ڰ
ϴ ٸ ð 3ʷ Ѵ ǹԴϴ.
[norm]
device=C:\WINDOWS\biling.sys
dos=high,umb
[sice]
rem nothing to do
[dos]
device=c:\windows\himem.sys /NUMHANDLES=100
device=c:\windows\emm386.exe H=100
dos=high,umb,noauto
shell=c:\4dos\4dos.com c:\4dos\ /p
[sicedos]
dos=high,noauto
device=c:\si\s-ice.exe /EMM 2048
device=c:\4dos\himem.sys
device=c:\si\umb.sys
shell=c:\4dos\4dos.com c:\4dos /p
̷ Ƽ ̿ؼ
쿡 ˴ϴ. ׳
ذ ǽð? autoexec.bat ڽϴ.
goto %config%
:norm
loadhigh C:\WINDOWS\nlsfunc.exe C:\WINDOWS\country.sys
set path=%path%;c:\util\a;c:\tc;c:\util\pkzip;c:\perl\bin
set .pl=c:\perl\bin\perl.exe
alias ~ = cd home
goto end
:sice
loadhigh c:\windows\nlsfunc.exe c:\windows\country.sys
set path=%path%;c:\util\a;c:\tc;c:\tghp;c:\util\pkzip;c:\perl\bin
c:\progra~1\numega\softic~1\winice.exe
goto end
:dos
set path=c:\;c:\bat;c:\util\a;c:\tc;%path%;C:\PROGRA~1\ULTRAEDT
SET CTCM=C:\CTCM
SET BLASTER=A220 I5 D1 H5 P330 E620
goto end
:sicedos
SET PATH=C:\HNC;C:\;C:\BAT;%PATH%;C:\PROGRA~1\ULTRAEDT
goto end
:end
ó ִ goto %config% ʿմϴ. %config% config.sys
õǾ Ÿ ֽϴ. autoexec.bat о
goto %config% ؼ õ κ ̵ϰ Ǵ ſ.
config.sysϿ [] autoexec.batϿ ٸ
ġ ϰ ݷ : մϴ.
goto end ־߸ ٸ ʰ end
ϴ. end մϴ.
Ƽ ÿ ִ ٸ ͵, ϱ õ
ɷ ̴ϱ 帮 մϴ( 뵵
̰).
-------------------------------------------------------------------------------
_Q_ Ʈ¸ Ѳ ٿε ?
_A_ϴ.
۵ ġ ִٰ ʾƼ,
Ѳ ٿ ִ ʾҽϴ.
е WebZipΰ ϴ α ° ٿ ưô ,
غôµ, . Ǹ ƴ϶.
-------------------------------------------------------------------------------
_Q_ , ũ
_A_ǿܷ ̷ Ź( ɿ ) Ͻô е
ôµ, е Ź , е
Ź ʾҽϴ. , α ũ
ִ, Ĵ ƴϾϴ. ̷ ̽ϴ. ȸ翡
Ͽ ȣ ɾ Ƽ , IMF ô뿡 ©
ִ, ϸ ڴ°.. ̷ п Ź ϰھ.
ƹư ' ' ϴ.
ε ǵ̸ ̷ Ź մϴ.
ǵ ű.
ũϼ. е ũĿݾƿ.
-------------------------------------------------------------------------------
_Q_ 13. Ŀ Ƿ ؾ ϳ?/Ȩ ŷ ϳ?
_A_ϴ. USENET ̷ . 'ΰ '̶
ְ ſ.
ٽ 帮, Ŀ ƴմϴ. Ȩ
̶ о ̶ ̷ ʾ Ŷ մϴ.
е ϰ, ڼϰ, Ἥ
ϴ. 'Ŀ Ƿ ؾ ϳ'
Դϴ. е鲲 ݱ ּ ؼ ƴ ڼ
ڷᰡ , ϴ ؼ , Ƹ
ʾ ſ. Ŀ ƴϴϱ.
, ּ.
_
_*faq*_
Ȩ
ħ
Ʋ κ ģ
ģ ֽ
22. Love Buzz
ҵŸ98 IMF xor eax, eax ٲ mov al, 00 ƴ϶ mov
al, 01 Դϴ.(5 21)
--------
ݱ в а Ʋ ּ̽ϴ.
е鿡Դ ٴ ۿ 帱 ϴ.
߸ ֽ ߴµ, ϸ ̹
ٸ е ߸Ǿٴ Ƽ
ϴ.
ε ּ. δ ߸ ġ Ǹ ̰
߸Ǿ , ƴ ڽϴ.
ĭ ִ ڸ Ʋ κ ãư ֽϴ.
+kurt ø
_*acknowledgement
Ȩ
Author : NaTzGUL [REVOLT 7]
Email : natzgul@hotmail.com
InstallSHIELD Script Cracking (best viewed under 800x600 with WordPad)
CONTENTS: A) INTRODUCTION (It only an Intro)
B) TOOLS YOU WILL NEED (Well i think most of ya got these
Tools)
C) WHAT WE ARE DEALING WITH (I recommend that you read this before
D)
D) FIRST APPROACH (The Alternate way)
E) SECOND APPROACH (Script Cracking !!!)
F) ADDON (Common InstallSHIELD Installation)
G) WIN32.HLP (Descriptions that will help you)
H) LAST WORDS (Maybe ya dont need to read this)
I) GREETINGS (Don miss this Part, hehe !!!!!)
_____________________________________________________________________
A) INTRODUCTION
I welcome you to my first Cracking Tutorial and I will try
to write more Tutorials in the Future.
I could have made more in the past, but i was afraid if
anybody could read my BAD English ;) so please excuse me
and just try to follow me.
LEVEL : Well, I will try to give you all Informations and document
all my Steps and Listings, so maybe also
a Beginner will understand this Tutorial (maybe ;).
As I told you the only Problem you will maybe have is my
bad bad English ,hehe.
TARGET : Our Target is Cakewalk HomeStudio from Twelve Tone Systems ,
I have got it from Kirk_Hamm in #Cracking(EFNET) THANX !!! =)
- a Person I dont really know ,he was just req the Crack.
The File contains not the whole App by the way, just all the
neccessary Files to get the Installation
running.
The compressed File size is only 536 KB, so if you want it
just msg me on Efnet or Email me and i will send ya the
File if iam not busy =).
PROTECTION : This App has 3 Protections.
1.CD-CHECK
2.CD-KEY
3.SERIAL
__________________________________________________________________________
B) TOOLS YOU NEED
You will need the following Tools:
- SoftICE 3.x from Numega (The best Debugger, point.
Big Thanx to Numega)
- W32Dasm 8.9 from URSoft (I love References)
- Hex-Workshop or any other Hex-Editor (Yeah, gimme the Bytes
location)
- Icompx the InstallSHIELD de/compressor (Thanx to Lord Caligo that he
has put it on his Page)
- A Martini/wodka if ur a +Cracker and/or a cigarette ;)
You can get all these Tools from Lord Carligo Web-Page.
One of the best Cracking Resource i ever have seen before
by the way !!!
http://cracking.home.ml.org/
________________________________________________________________
C) WHAT WE ARE DEALING WITH
After unziping the File into C:/TEMP there are the following
files:
_SETUP.LIB 151 KB
SETUP.EXE 659 KB
_SETUP.DLL 5,98 KB
SETUP.INS 89,5 KB
SETUP.PKG Not important
(There are a lot more files in the complete App)
Let me first explain what we got here.
These are the typical Files from a InstallSHIELD Installation.
_SETUP.LIB is a compressed Data-Base from InstallSHIELD.
It can contain exe and dll supporting the Installation.
Sometimes these Support Files are in the same dir like SETUP.EXE
(unlikely), but in our case they are compressed into _SETUP.LIB
(You will see later).
What that person from #Cracking didn send me was the compressed
Data-Base Files (xxx.1-x,xxx.z) containing the App Files and so
they can be very big ;).
Don mind it, because we dont need them anyway for cracking.
A compressed Data-Base File allways begins with "13 5D 65 8C 3A 01 02 00",
so if you cant find any xxx.z or xxx.1-x then just look for these bytes.
At the End of every compressed Data-Base File you can see all the
File Names by the way.
SETUP.PKG contains all the File-Names in the App Data-Base which we
dont need and so we dont need SETUP.PKG either.
InstallSHIELD uses SETUP.PKG to refer the Files in the App Data-Base
in the copying process i believe.
Anyway, we dont need it, so lets go on.
_SETUP.DLL is a InstallSHIELD Resource DLL and its not important for us,
because its only a Support File which is supplied with any
InstallSHIELD Installation.
SETUP.INS is the compiled Installation Script and its the most
important Part in a InstallSHILED Installation Process !!!.
In Win95 it has got a globe connected to a phone as icon.
This File Controls any Action and has got most of the messages of the
Installation and it will play a major Role in our SECOND APPROACH.
SETUP.EXE is the head of all, its the Installation Engine and
executes the Script and does all calls to DLL and
Disk-Access (32 Bit !!!).
So far so good, now we know much more about InstallSHIELD =)
Lets start with the....
______________________________________________________________________
D) FIRST APPROACH
(CD-CHECK)
ASSUMPTION : I assume the following things under SoftICE :
F5="^x;"
F7="^here;"
F8="^t;"
F9="^bpx;"
F10="^p;"
F11="^G @SS:ESP;"
F12="^p ret;"
Also the winice.dat File in your SoftICE dir should contain :
EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\user32.dll
HINT : "*" in Front of the Text coming up means, that the text
into brackets must be typed under SoftICE!
START : Ok, now lets get to business and start our cracking session.
First we just start the Istallation (SETUP.EXE) and see whats
happening.
Well, a MessageBox tells us, that "Setup must be run from
the original CD".
Our next logical step now should be setting a Breakpoint on
GetDriveTypeA ("A" coz SETUP.EXE is a 32 Bit App).
Have a look at part G) WIN32.HLP of this tutorial to get
more info about GetDriveType !!!
* We press Crtl+D and SoftICE pops up and then we type in
"BPX GetDriveTypeA"
* Pressing "Crtl+D" ("F5") gets us back to Windows, where
we start Setup.exe again.
Ok, we are in SoftICE before the MessageBox appears.
We are in the Kernel32 at GetDriveTypeA, so lets get out
of here
* by pressing "F11" one time. And now we are in INSHELP,
damn !!! whats that ? it wasnt in our dir !!
* Well i typed in "MOD INSHELP" to get more info about this
file and SoftICE shows me, that its located in :
C:\TEMP\_ISTMP0.DIR\INSHELP.DLL
Now we see that it a DLL and that IstallSHIELD has created a
Temporary directory called _ISTMP0.DIR and then it puts the file
INSHELP.DLL in there. But where this File comes from ?
Ok, maybe you dont have forgotten what i told you in C) about
compressed Data-Bases ? Yes ? Then you should read it again now !!!!
So this DLL must be in _SETUP.LIB, but how should we patch it ?
Well we got ICOMPX the InstallSHIELD de/compressor ;)
Let decompress _SETUP.LIB ("ICOMP _SETUP.LIB *.* -d -i")
These Files we will get :
INSHELP.DLL
UNINST.EXE
_ISRES.DLL
The last two files are only support Files and not important for us.
What we know now is that INSHELP.DLL makes the CD-CHECK and that it is
in _SETUP.LIB which we can decompress and then compress again.
By the way you may just type in "ICOMP" to get the full usage.
Now that we got all infos about this File and how to patch it lets
go on with SoftICEng ;).
We are still in INSHELP.DLL, so let me give you the listing first:
Your adresses may differ in the first four diggits! (relocation)
And SoftICE pops up at 100011A0 (0), so go there now!!!
DWORD TABLE:
:10001308 BA120010 DWORD 100012BA These are the DWORDS for the
indirect jmps
:1000130C C7120010 DWORD 100012C7 I have place them here coz it
will be
:10001310 D4120010 DWORD 100012D4 easier for you to follow me ;)
:10001314 E1120010 DWORD 100012E1
:10001318 EE120010 DWORD 100012EE
:1000131C B0110010 DWORD 00011B0
:10001320 FB120010 DWORD 100012FB
Start of this routine:
:10001160 81ECE8020000 sub esp, 000002E8 Create a tempprary
Stack-Frame
:10001166 B9FFFFFFFF mov ecx, FFFFFFFF ecx=FFFFFFFF (counter)
:1000116B 2BC0 sub eax, eax eax=0
:1000116D 56 push esi Save esi
:1000116E 57 push edi Save edi
:1000116F 8BBC24F4020000 mov edi, [esp + 000002F4] edi points to
"C:\TEMP\"
:10001176 F2 repnz
:10001177 AE scasb Scan String for 0 (end)
:10001178 F7D1 not ecx ecx=lenght+1=9
:1000117A 2BF9 sub edi, ecx Adjust edi back
:1000117C 8BC1 mov eax, ecx Save lenght in eax
:1000117E C1E902 shr ecx, 02 Divide lenght by 4 =2
:10001181 8BF7 mov esi, edi esi=edi=ptr to
"C:\TEMP\"
:10001183 8D7C2448 lea edi, [esp + 48] "CWHS_601"
|
:100011ED B938600010 mov ecx, 10006038
* Referenced by a Jump at Address:1000120C(C)
|
:100011F2 8A10 mov dl, [eax] Here it compares my Volume
Name "HD_C"
:100011F4 3A11 cmp dl, [ecx] with "CWHS_601"
:100011F6 751A jne 10001212 (5) Bad jmp !
:100011F8 0AD2 or dl, dl
:100011FA 7412 je 1000120E
:100011FC 8A5001 mov dl, [eax+01]
:100011FF 3A5101 cmp dl, [ecx+01]
:10001202 750E jne 10001212 (5) Bad jmp !
:10001204 83C002 add eax, 00000002
:10001207 83C102 add ecx, 00000002
:1000120A 0AD2 or dl, dl
:1000120C 75E4 jne 100011F2
* Referenced by a Jump at Address:100011FA(C)
|
:1000120E 33C0 xor eax, eax All OK !
:10001210 EB05 jmp 10001217
To continue our tracing session you have to nop out the Bad jmps !
* Trace to the jmps "F10" and then "a" with two "nop".
(4) This jmp will only occure if Setup is running from the
original CD-Rom.
It then just bypasses the Volume and Filetype Check.
I also suggest that you read part F) of this Tutorial to get
more and detailed infos about GetVolumeInformation
(FileSytemFlags) !!
Ok, now comes the part the (5) Bad jmps will jump to....
* Referenced by a Jump at Addresses:100011F6(C), :10001202(C)
|
:10001212 1BC0 sbb eax, eax eax=0
:10001214 83D8FF sbb eax, FFFFFFFF eax=1
* Referenced by a Jump at Address:10001210(U)
|
:10001217 85C0 test eax, eax if eax=0 then
:10001219 740D je 10001228 goto 10001228 GOOD BOY !
:1000121B 33C0 xor eax, eax otherwise return
:1000121D 5F pop edi with eax=0 BAD BOY !
:1000121E 5E pop esi
:1000121F 81C4E8020000 add esp, 000002E8
:10001225 C20400 ret 0004
* Referenced by a Jump at Address:10001219(C)
|
:10001228 8D4C2414 lea ecx, [esp + 14] ecx points to my File System
Name "FAT"
* Possible StringData Ref from Data Obj ->"CDFS"
|
:1000122C B848600010 mov eax, 10006048
* Referenced by a Jump at Address:
|:1000124B(C)
|
:10001231 8A11 mov dl, [ecx] here my File System Name "FAT"
:10001233 3A10 cmp dl, [eax] will be compared with "CDFS" !
:10001235 751A jne 10001251 (6) Bad jmp !
:10001237 0AD2 or dl, dl
:10001239 7412 je 1000124D
:1000123B 8A5101 mov dl, [ecx+01]
:1000123E 3A5001 cmp dl, [eax+01]
:10001241 750E jne 10001251 (6) Bad jmp !
:10001243 83C102 add ecx, 00000002
:10001246 83C002 add eax, 00000002
:10001249 0AD2 or dl, dl
:1000124B 75E4 jne 10001231
* Referenced by a Jump at Address:10001239(C)
|
:1000124D 33C0 xor eax, eax All OK !
:1000124F EB05 jmp 10001256
Again we have to nop out the (6) Bad jmps to continue !!
Otherwise we will land here...(10001251) BAD BOY
* Referenced by a Jump at Addresses:10001235(C), :10001241(C)
|
:10001251 1BC0 sbb eax, eax Old soup, look back (10001212)!
:10001253 83D8FF sbb eax, FFFFFFFF
* Referenced by a Jump at Address:1000124F(U)
|
:10001256 85C0 test eax, eax
:10001258 740D je 10001267 GOOD BOYS jmps to 10001267
:1000125A 33C0 xor eax, eax
:1000125C 5F pop edi
:1000125D 5E pop esi
:1000125E 81C4E8020000 add esp, 000002E8
:10001264 C20400 ret 0004
* Referenced by a Jump at Addresses:100011E0(C), :10001258(C)
|
:10001267 8A442448 mov al, [esp + 48] ;al=Drive Letter "C" 43h
:1000126B 8D8C24D8010000 lea ecx, [esp + 000001D8]
:10001272 51 push ecx
:10001273 A250600010 mov [10006050], al
^-------------"X:\Cakewalk\_setup.lib"
* Possible StringData Ref from Data Obj ->"C:\Cakewalk\_setup.lib"
|
:10001278 6850600010 push 10006050
:1000127D E8EE010000 call 10001470 Button SoftICE pops up, this
is easy hehe ;)
* We are in GetWindowTextA so lets get back to the App
and press "F11".
I looked at EAX, because it always contains the Text
lenght GetWindowTextA returns,
but hell !!!! this isnt the lengh of my Text and so this
cant be my Text =(, brb.
Dont worry, this is just a little trick to prevent Beginners to crack it.
There are lotta other App out there using this trick btw !
Setup uses GetWindowTextA to retrieves our input, but it dont wait
for the user pressing NEXT->, it just gets the text anytime we
type in a single letter,
* so lets first disable our Breakpoint : "BD 0",
and then we type in "12345678901234" and then we enable our
Breakpoint :
* "BE 0".(dont forget to leave SoftICE)
So, now comes the truth. I just deleted the last number with
back-space and BOOM !!! yeah we are in GetWindowTextA again
so lets leave here
* again by pressing "F11".
Well, this looks much better, because EAX=0D=13, yeah our
Key-lenght ;)
We are in Setup by the way. Right after the Call GetWindowTextA
there is a "LEA EAX,[EBP+FFFFFBF4]" which will let EAX points
to our Text,
* so trace over it with "F8" or "F10".
* Do a "D EAX" and you will see our text "1234567890123" !!
* ok lets delete our Breakpoint, because we got what we
wanted: "BC *".
And now we set a Breakpoint on Memory Access on our text location:
* "BPM EAX". Ok, exit SoftICE and it will fast pop up again.
SoftICE will break into different locations, but the one that
is important for us is the lstrcpyA.
You will land in there at the following instructions :
... ............
REPNZ SCASB and you will break into lstrcpyA
several times again, but now dont delete the old Breakpoints,
just set the new ones on EDI after the 2 MOVS like before,
until you are in INSHELP !!!! yeah its the same dll ;).
Let me give you the listing first and consider again that the first
four digits of the adresses may differ from yours under
SoftICE (relocation).
SoftICE will break in at 10001377 !!!
Start of this routine:
:10001350 83EC34 sub esp, 00000034 Create a temporary Stack-Frame
:10001353 53 push ebx Save ebx
:10001354 56 push esi Save esi
:10001355 57 push edi Save edi
:10001356 E8D5FCFFFF call 10001030 Was this routine initialysed ?
:1000135B 85C0 test eax, eax Check ok ? (It will be)
:1000135D 750B jne 1000136A then goto 1000136A, else
:1000135F 33C0 xor eax, eax Set eax=0 BAD BOY !!!
:10001361 5F pop edi Restore edi
:10001362 5E pop esi Restore esi
:10001363 5B pop ebx Restore ebx
:10001364 83C434 add esp, 00000034 Delete temporary Stack-Frame
:10001367 C20400 ret 0004 Return
Well it seems that EAX=0 stands for BAD BOY again like in the CD-Check !!
Cracking this CD-KEY could end here just by patching the instructions
at the Start of this routine (10001350)...
Dont patch it yet, if you wanna learn how to reverse ingineer this
KEY-Protection !!!!
Original:
:10001350 83EC34 sub esp, 00000034 Create a temporary Stack-Frame
:10001353 53 push ebx Save ebx
:10001354 56 push esi Save esi
:10001355 57 push edi Save edi
:10001356 E8D5FCFFFF call 10001030 Was this routine initialysed ?
Change to:
:10001350 33C0 xor eax,eax eax=0
:10001352 40 inc eax eax=eax+1=1 GOOD BOY
:10001353 C20400 ret 0004 Return
Search for "83EC34535657" in INSHELP.DLL with your Hex-Editor.
You will only find one location (Offset 750). Replace the bytes
with "33C040C20400" and save it.
Ok, and now compress it back into _SETUP.LIB.
Just type in "icomp inshelp.dll _setup.lib" and dont delete INSHELP.DLL,
because we will need it again later ;)
And now any KEY you type in will be valid, cool heh =)
Do you wanna learn how to reverse this CD-KEY Protection ?
If not just go over to the (SERIAL) Section below !!!
Ok, lets go on with this routine...
* Referenced by a Jump at Address:1000135D(C)
|
:1000136A 8B5C2444 mov ebx, [esp + 44] ebx will point to our
KEY !
:1000136E 8D4C240C lea ecx, [esp + 0C] ecx will be the new
location
:10001372 8BC3 mov eax, ebx eax=ebx=pointer to our
KEY
:10001374 803B00 cmp byte ptr [ebx], 00 (9) KEY=NULL ?
:10001377 741B je 10001394 12D6E1
Thus we can set a seed KEY "3xx6x1yyyyyyy", where x can be any
number and y will be the corrections.First go back to Setup
and choose a seed KEY !!!
I used for example "3006010000000".
To get a valid KEY let us Brute-Force-Crack this babe =)
Its not the best way, but this code generating part is short,
thus it will be executed fast.
Trace to the location at line 100013C1 (15) where the code
will be compared with E7B37.
Trace over it to the next line 100013C6 and then we have to
code a little procedure.
* EBX is unused, so we will use it as counter. Type in "r ebx=0".
* Now type in "a" and let us add a little procedure, which will
find a valid KEY for us.
Please adjust the adresses yourself, since this will be typed
directly into memory !!!
* "JNZ GO_ON" Not a valid KEY, goto GO_ON
* FOUND: "NOP" This will be our Stop Point
* GO_ON: "CMP EBX,1312CFF" Check only numbers from
0-19999999 !!!
* "JZ FAIL" Yes, goto FAIL
* "MOV ESI,[ESP+C]" ESI points to our KEY
* "MOV EAX,EBX" EAX=EBX
* "MOV ECX,A" ECX=A=10d
* CONVERT_DEC: "XOR EDX,EDX" EDX=0
* "DIV ECX" EAX=EAX/ECX, EDX=MOD (EAX/ECX)
* "ADD DL,30" EDX=EDX+"0"
* "MOV [ESI+C],DL" STORE NUMBER INTO KEY
* "DEC ESI" ESI will point to the previous
number
* "CMP EAX,0" Conversion completed ?
* "JNZ CONVERT_DEC" If not goto CONVERT_DEC
* "JMP 100013B7" Check this KEY !
The comparision at GO_ON makes sure that the App-ID will not be
manipulated !!
* Ok, you typed in all this mess ;) Now you must clear all Break-Points
"BC *"
* and then set a Break-Point on execution on line
FOUND !!!! "BPX ".
Now leave SoftICE and wait.....
SoftICE will pop up at FOUND, so first check EAX, it should
be E7B37 !!!
* If yes, you can get your KEY with "D [ESP+C]".
I have found "3006010147046" for my seed KEY ,btw =)
* To get out of this Loop set your EIP to 1000142D "r eip=1000142D"
and clear all Break-Points !!!
Then leave SoftICE, and you will be back in Setup. Cancel it
and then start it again and use your valid KEY !!!
Summarize:
- KEY must contain 13 numbers.
- KEY has got 4 fixed numbers "3xx601yyyyyyy". Its the App-ID
(3601), which may differ in other App from Twelve Tone Systems.
Setup handles this App-ID to INSHELP before he calls it.
- yyyyyyy can be found with Brute-Force-Cracking.
This Protection is defeated, lets go over to the...
(SERIAL) Well, the KEY was a little bit tricky, heh ? Anyway you are
here now to face the Serial !!!
Setup asks for a User-Name, Company and Serial, so lets type
in sum crap.
I typed in "NaTzGUL" as User-Name, "REVOLT" as Company and
"1234567890" as Serial.
Please procced with the Serial like in the KEY Section !!!!
You will land into Setup !!!, damn the Script is doing the
Check, brbrb.
I gave up !!! There are just too many push,pop and calls,
believe me... else try it out !!!
To defeat this Protection we need a new method !!!
__________________________________________________________________________
E) SECOND APPROACH
ASSUMPTION: I assume that you have partialy read the first Approach
and that the App (INSHELP) is unpatched in any way !!!!
(Original state !!! you may uncompress the whole App again !).
INTRO: Zen !!! yeah, thats what we need =)
As i told you in our first approach SETUP.INS is the main
part of a InstallSHIELD Installation !!!
SETUP.INS is a compiled Script, this means before compilation
it may have the following basic instructions :
- "IF,THEN,(ELSE)"
- "GOTO"
- "CALL"
- "RETURN()"
- "LOAD","OPEN","CLOSE"
- "MESSAGEBOX"
- etc.
To decrypt the whole mnemonic back to its instructions is not
necessary to crack this app, so i though that the most important
instruction should be the "IF,THEN" one. It should occure
very often in the Script and it may have the following syntax:
IF cmp THEN....
cmp = (arg1) compare_type (arg2)
arg1 is a variable, arg2 can be a variable or a constant
(two constants makes no sense ,of coz !).
the compare_type can only be one of these six types :
Type: Corresponding jmp:
LOWER-EQUAL JLE
GREATER-EQUAL JGE
LOWER JL
GREATER JG
NOT-EQUAL JNE
EQUAL JE
A compiled COMPARE instruction could look like this :
Compare_mnemonic,result,Byte_A, arg1, Byte_B, compare_type, Byte_C, arg2
Byte_A is refering arg1, Byte_B gets the compare_type and
Byte_C is refering arg2 and also says if arg2 is a variable
or constant.
You maybe have realised, that there are some mnemonic are
missing.
As i mentioned this instruction should occure very often in
SETUP.INS, so i examined the file for this byte structure and
I found out :
>>>>> COMPARE mnemonic (actualy 128) !!!
| | |
28,01,32,result_var,Byte_A, arg1, Byte_B, compare_type, Byte_C, arg2
Byte_A="B"=0x42 means variable_index(word) is following
Byte_B="A"=0x41 means constant (dword) is following
Byte_C="A"=0x41 if comparing with a constant
Byte_C="B"=0x42 if comparing two viriables
result_var = type of word (variable_index)
arg1 = type of word (variable_index)
compare_type = type of dword (1-6)
arg2 = type of word (variable_index) or dword
(constant)
Example : lets say we have found the following bytes .
28,01,32, 03,00, 42, 01,00, 41, compare_type, 42, 02,00
This will compare a variable with index 0x0001 and a
varaible with index 0x002 with the specific compare_type
and then stores the result (0/1) of this comparision
into the variable with index 0x003.
Now what we need are the type of comparisions, hmm how
should we obtain them ?
Setup is executing this Script, so there is the place we
have to search for them !!!
I W32dasm Setup.exe and searched for the place where
compare_type gets compared with 1-6 and i found them at
line 0043C89B.
* Referenced by a Jump at Address:0043C89F(C)
|
:0043C7B2 8B45F4 mov eax, [ebp-0C] eax=arg1
:0043C7B5 3945F8 cmp [ebp-08], eax compare arg2 with arg1
:0043C7B8 0F8E0C000000 jle 0043C7CA lower-equal? compare_type_1 !!!
:0043C7BE C745FC01000000 mov [ebp-04], 00000001 return result 1 in [ebp-4]
:0043C7C5 E907000000 jmp 0043C7D1 jmp to end
* Referenced by a Jump at Address:0043C7B8(C)
|
:0043C7CA C745FC00000000 mov [ebp-04], 00000000 return result 1 in [ebp-4]
* Referenced by a Jump at Address:0043C7C5(U)
|
:0043C7D1 E906010000 jmp 0043C8DC jmp to end
* Referenced by a Jump at Address:0043C8A9(C)
|
:0043C7D6 8B45F4 mov eax, [ebp-0C]
:0043C7D9 3945F8 cmp [ebp-08], eax
:0043C7DC 0F8D0C000000 jnl 0043C7EE greater-equal? compare_type_2!
:0043C7E2 C745FC01000000 mov [ebp-04], 00000001
:0043C7E9 E907000000 jmp 0043C7F5
* Referenced by a Jump at Address:0043C7DC(C)
|
:0043C7EE C745FC00000000 mov [ebp-04], 00000000
* Referenced by a Jump at Address:0043C7E9(U)
|
:0043C7F5 E9E2000000 jmp 0043C8DC
* Referenced by a Jump at Address:0043C8B3(C)
|
:0043C7FA 8B45F4 mov eax, [ebp-0C]
:0043C7FD 3945F8 cmp [ebp-08], eax
:0043C800 0F8C0C000000 jl 0043C812 lower? compare_type_3!
:0043C806 C745FC01000000 mov [ebp-04], 00000001
:0043C80D E907000000 jmp 0043C819
* Referenced by a Jump at Address:0043C800(C)
|
:0043C812 C745FC00000000 mov [ebp-04], 00000000
* Referenced by a Jump at Address:0043C80D(U)
|
:0043C819 E9BE000000 jmp 0043C8DC
* Referenced by a Jump at Address:0043C8BD(C)
|
:0043C81E 8B45F4 mov eax, [ebp-0C]
:0043C821 3945F8 cmp [ebp-08], eax
:0043C824 0F8F0C000000 jg 0043C836 greater ? compare_type_4!
:0043C82A C745FC01000000 mov [ebp-04], 00000001
:0043C831 E907000000 jmp 0043C83D
* Referenced by a Jump at Address:0043C824(C)
|
:0043C836 C745FC00000000 mov [ebp-04], 00000000
* Referenced by a Jump at Address:0043C831(U)
|
:0043C83D E99A000000 jmp 0043C8DC
* Referenced by a Jump at Address:0043C8C7(C)
|
:0043C842 8B45F4 mov eax, [ebp-0C]
:0043C845 3945F8 cmp [ebp-08], eax
:0043C848 0F850C000000 jne 0043C85A not-equal ? compare_type_5!
:0043C84E C745FC01000000 mov [ebp-04], 00000001
:0043C855 E907000000 jmp 0043C861
* Referenced by a Jump at Address:0043C848(C)
|
:0043C85A C745FC00000000 mov [ebp-04], 00000000
* Referenced by a Jump at Address:0043C855(U)
|
:0043C861 E976000000 jmp 0043C8DC
* Referenced by a Jump at Address:0043C8D1(C)
|
:0043C866 8B45F4 mov eax, [ebp-0C]
:0043C869 3945F8 cmp [ebp-08], eax
:0043C86C 0F840C000000 je 0043C87E equal? compare_type_6!
:0043C872 C745FC01000000 mov [ebp-04], 00000001
:0043C879 E907000000 jmp 0043C885
* Referenced by a Jump at Address:0043C86C(C)
|
:0043C87E C745FC00000000 mov [ebp-04], 00000000
* Referenced by a Jump at Address:0043C879(U)
|
:0043C885 E952000000 jmp 0043C8DC
* Referenced by a Jump at Address:0043C8D7(U)
|
:0043C88A C745FC00000000 mov [ebp-04], 00000000
:0043C891 E946000000 jmp 0043C8DC
:0043C896 E941000000 jmp 0043C8DC
* Referenced by a Jump at Address:0043C7AD(U)
|
:0043C89B 837DEC01 cmp [ebp-14], 00000001 = JGE
2
LOWER JG 4
NOT-EQUAL != JNE 5
EQUAL = JE 6
MESSAGEBOX byte structure :
2A,0,61,length(word),text will show a messagebox with the specific text!
Since the compare part of an IF-THEN instruction is what
we really need for our interest
you could now go directly to the START further below !!!
Otherwise learn more about other instructions and how
they are build up =)
The structure of a compiled IF-THEN instruction may
look like this :
COMPARE, BRANCH_TO location IF !(result - arg_x)
(result - arg_x) will be zero if they are equal else it
will be not zero.
The result comes from the comparision and arg_x can be
a varible or a constant.
Now we come to the IF-THEN byte structure :
COMPARE-structure,BRANCH_TO_mnemonic,l_index, SUB,
Byte_A,result,Byte_C,arg_x
BRANCH_TO_mnemonic = 22,0,70
SUB = 95 (in an IF-THEN instruction!)
Byte_A="B"=0x42 result of comparision will allways be a variable_index
Byte_C="A"=0x41 arg_x allways will be a constant in an IF-THEN instruction!
l_index = type of word (index)
result = type of word (variable_index)
arg_x = will be a dword (constant) =0x00000000 in
an IF-THEN instruction!
The branch location will be an offset into the script and it
is calculated like this :
location = dword [ l_index* 6 + Branch-Table-Offset+2]
Location-Table-Offset = Offset "_EWQ" ;in this script it was 14546 !!!
Just search for "_EWQ" and you will find it ( Its linked at
the end of the script )!!!
GOTO byte stucture :
2C,00,70,l_index
There are more instructions i have decrypted, but we dont need
them for this tutorial.
Its quite easy to write a Decompiler with this information and
if you have found out the location where Setup is executing the
script then its not that hard to see what it is doing depending
on the mnemonic, but thats another story and this tutorial
is damn big enough !!!
Now we can try out our first Script-Cracking attempt =)...
START:
(CD-CHECK) First think about how this check was written with the
Script instructions !!
The easiest way may be done like this :
(Assume: Return_of_INSHELP=0/1 (BAD/GOOD) !!! )
arg1=CALL(INSHELP,CD-CHECK)
IF arg1 = 0 THEN MESSAGEBOX "Setup must be run from the original CD":END
ELSE RETURN(1)
or this...
arg1=CALL(INSHELP,CD-CHECK)
IF arg1 != 0 THEN RETURN(1)
ELSE MESSAGEBOX "Setup must be run from the original CD":RETURN(0)
After compiling this pice of code, the bytes would look like this:
28,01,32,"B",arg1 (word),"A",6 (dword),"A",0 (dword),...,2A,0,61,27
(word),"Setup must be..."
or this...
28,01,32,"B",arg1 (word),"A",5 (dword),"A",0 (dword),...,2A,0,61,27
(word),"Setup must be..."
I have retrieved this part of SETUP.INS for you....(Offset 8D70)
arg1_Variable_index (word) compare_type_5 !!!
result_Variable_index (word) .
SoftICE will pop up at 0043C89B several times and Setup will
perform comparisions !
Here is my history of the comparisions :
Comparisions: Compare_type:
(1) 0 != 1 5 Not important
(2) 0 >= 3 2 Not important (chr-position
counter?)
(3) 9 31 4 Well, its the first char of our
Serial !!!
(5) 7A 31 4 between "a"-"z","A"-"Z","0"-"9"
(7) 5A 31 4
(9) 39 DIR This dir will be created by _ins0432._mp !!!
_INS0432._MP 659 KB This is exactly Setup.exe from this Tutorial
!!!
_INZ0432._MP 20,1 KB This is LZWSERV.EXE (doing the de-compress.)
_WUTIL95.DLL 36,0 KB A win95 support file
_ISTMP0.DIR content :
_SETUP.LIB 151 KB This is exactly the same compressed lib file
!!!
1f8584.DLL 89,0 KB Support DLL
INSHELP.DLL 23,5 KB Yup, da same DLL !!!
UNINST.EXE 292 KB Also da same one
You see now that there are the same files, but only renamed, thats all !!!
Copy and rename them if you wanna work with these files.
________________________________________________________________________
G) WIN32.HLP
These Desciptions comes from win32.hlp
GetDriveType:
The GetDriveType function determines whether a disk drive is a
removable, fixed, CD-ROM, RAM disk, or network drive.
UINT GetDriveType(
LPCTSTR lpRootPathName // address of root path
);
Parameters
lpRootPathName
Points to a null-terminated string that specifies the root
directory of the disk to return information about. If
lpRootPathName is NULL, the function uses the root of the
current directory.
Return Value
The return value specifies the type of drive. It can be one of the
following values:
Value Meaning
0 The drive type cannot be determined.
1 The root directory does not exist.
2 The drive can be removed from the drive.
3 The disk cannot be removed from the drive.
4 The drive is a remote (network) drive.
5 The drive is a CD-ROM drive.
6 The drive is a RAM disk.
_________________________________________________
GetVolumeInformation:
The GetVolumeInformation function returns information about a
file system and volume whose root directory is specified.
BOOL GetVolumeInformation(
LPCTSTR lpRootPathName, // address of root directory of the file system
LPTSTR lpVolumeNameBuffer, // address of name of the volume
DWORD nVolumeNameSize, // length of lpVolumeNameBuffer
LPDWORD lpVolumeSerialNumber, // address of volume serial number
LPDWORD lpMaximumComponentLength, // address of system's maximum filename
length
LPDWORD lpFileSystemFlags, // address of file system flags
LPTSTR lpFileSystemNameBuffer, // address of name of file system
DWORD nFileSystemNameSize // length of lpFileSystemNameBuffer
);
Parameters
lpRootPathName
Points to a string that contains the root directory of the volume to
be described. If this parameter is NULL, the root of the current
directory is used.
lpVolumeNameBuffer
Points to a buffer that receives the name of the specified volume.
nVolumeNameSize
Specifies the length, in characters, of the volume name buffer.
This parameter is ignored if the volume name buffer is not supplied.
lpVolumeSerialNumber
Points to a variable that receives the volume serial number.
This parameter can be NULL if the serial number is not required.
lpMaximumComponentLength
Points to a doubleword value that receives the maximum length,
in characters, of a filename component supported by the specified
file system. A filename component is that portion of a filename
between backslashes.
The value stored in variable pointed to by *lpMaximumComponentLength
is used to indicate that long names are supported by the specified
file system. For example, for a FAT file system supporting long names,
the function stores the value 255, rather than the previous 8.3
indicator. Long names can also be supported on systems that use
the NTFS and HPFS file systems.
lpFileSystemFlags
Points to a doubleword that receives flags associated with the
specified file system. This parameter can be any combination of the
following flags, with one exception: FS_FILE_COMPRESSION and
FS_VOL_IS_COMPRESSED are mutually exclusive.
Value Meaning
FS_CASE_IS_PRESERVED If this flag is set, the file system
preserves the case of filenames when it
places a name on disk.
FS_CASE_SENSITIVE If this flag is set, the file system
supports case-sensitive filenames.
FS_UNICODE_STORED_ON_DISK If this flag is set, the file system
supports Unicode in filenames as they
appear on disk.
FS_PERSISTENT_ACLS If this flag is set, the file system
preserves and enforces ACLs. For
example, NTFS preserves and enforces ACLs,
HPFS and FAT do not.
FS_FILE_COMPRESSION The file system supports file-based
compression.
FS_VOL_IS_COMPRESSED The specified volume is a compressed
volume; for example, a DoubleSpace volume.
lpFileSystemNameBuffer
Points to a buffer that receives the name of the file system (such as
FAT, HPFS, or NTFS).
nFileSystemNameSize
Specifies the length, in characters, of the file system name buffer.
This parameter is ignored if the file system name buffer is not
supplied.
Return Value
If all the requested information is retrieved, the return value is
TRUE; otherwise, it is FALSE. To get extended error information,
call GetLastError.
Remarks
The FS_VOL_IS_COMPRESSED flag is the only indicator of volume-based
compression. The file system name is not altered to indicate
compression. This flag comes back set on a DoubleSpace volume,
for example. With volume-based compression, an entire volume is
either compressed or not compressed.
The FS_FILE_COMPRESSION flag indicates whether a file system supports
file-based compression. With file-based compression, individual files
can be compressed or not compressed.
The FS_FILE_COMPRESSION and FS_VOL_IS_COMPRESSED flags are mutually
exclusive; both bits cannot come back set.
The maximum component length value, stored in the DWORD variable pointed
to by lpMaximumComponentLength, is the only indicator that a volume
supports longer-than-normal FAT (or other file system) file names.
The file system name is not altered to indicate support for long file
names.
The GetCompressedFileSize function obtains the compressed size of a
file. The GetFileAttributes function can determine whether an individual
file is compressed.
______________________________________________________________________
GetWindowText:
The GetWindowText function copies the text of the specified window's title
bar (if it has one) into a buffer. If the specified window is a control,
the text of the control is copied.
int GetWindowText(
HWND hWnd, // handle of window or control with text
LPTSTR lpString, // address of buffer for text
int nMaxCount // maximum number of characters to copy
);
Parameters
hWnd
Identifies the window or control containing the text.
lpString
Points to the buffer that will receive the text.
nMaxCount
Specifies the maximum number of characters to copy to the buffer.
If the text exceeds this limit, it is truncated.
Return Value
If the function succeeds, the return value is the length, in
characters, of the copied string, not including the terminating
null character. If the window has no title bar or text, if the
title bar is empty, or if the window or control handle is invalid,
the return value is zero. To get extended error information,
call GetLastError.
This function cannot retrieve the text of an edit control in another
application.
Remarks
This function causes a WM_GETTEXT message to be sent to the specified
window or control.
This function cannot retrieve the text of an edit control in another
application.
____________________________________________________________________
H) LAST WORDS
Yeah, you made it =)
This is the end of this tutorial and i hope i could teach you something,
more or less.
If you have any questions, suggestions or just wanna gimme some feedback,
then just email me !!!
Also plz inform me if you have find out any error - i'am only a human
being =)
This Tutrorial was first written under note-pad, but it got just too big,
so that i had to continue writting it with WordPad. I hope you dont mind
it ;)
The next Tutorial (natz-2) will be in html and i don't exactly know what
it will discuss yet, so just watch out for it !!!
NaTzGUL/REVOLT
natzgul(at)hotmail(point)com
_________________________________________________________________
I) GREETINGS
Groups:
REVOLT, #CRACKING, UCF, PC97, HERITAGE,CRC32
#CRACKING4NEWBIES, CORE, RZR, PWA, XF, DEV etc.
PERSONAL:
CoPhiber, Spanky, Doc-Man, Korak, lgb, DDensity, Krazy_N,
delusion, riches, Laamaah, Darkrat, wiesel, DirHauge,
GnoStiC, JosephCo, niabi, Voxel,TeRaPhY, NiTR8, Marlman,
THE_OWL, razzia, K_LeCTeR, FaNt0m, zz187, HP, Johnastig,
StarFury, Hero, +ORC, +Crackers, Fravia+, LordCaligo,
BASSMATIC, j0b ,xoanon, EDISON etc.
(c) 1998 NaTzGUL All rights reversed
(c) Fravia 1995, 1996, 1997, 1998, 1999.
All rights reserved, in the European Union and elsewhere
|