                     .    .              
                      :    .                                  
           :     :   /|    :           
      ____      |\  / |__  /\___  ___ __        
   . /    \  ___| \/     \/     \/   V  \         
   :/     _\/   |  \    _/   O   \       \           
   /      \/\   :  /_    ) ____   \       \ 
../          \  .    \   \/    \   \\_/|   \  
   \           \       \        /    \  |    \.... . .    
    \________  /_|_____/___/\  /__|  / /     /       
             |/    C.r.E.a.M |/   |_/  \____/   
             :               :    :    
             .         .     .    .      
               .   . .   .    .
                 .        . .   . 
                              .
\------------------------------.------------------\
 \ How to crack: How to crack with W32Dasm & HView \
  \-------------------------------------------------\

00/07/13

 /-------------------------------------\
| Tutorial made By: -=Metal=-           |
 \-------------------------------------/
  
 /---------------------------------------------\
| Program Name: Just Buttons v1.3               | 
| Program Name: Xara3D v3.04                    |
 \---------------------------------------------/

 /---------------------------------------------\
| Protections:                                  |
| Just Buttons v1.3  - Watermark on output file |
| Xara3D v3.04       - Serial                   |
 \---------------------------------------------/

 /---------------------------------------------\
| Tools: W32Dasm & HView                        |
 \---------------------------------------------/

 /---------------------------------------------\
| Where: http://www.lincolnbeach.com            |
| Where: http://www.xara.com                    |
 \---------------------------------------------/


Hi folks!!

This tutorial is for newbies ONLY :-)
So if you can use SoftICE skip this tutorial!! :-)

I will show you how to crack 2 programs with W32Dasm & HView
If you dont have these tools get them now because I will show how they work.

You can get them at http://protools.cjb.net

Ok Let us begin!



=====================================
-  How to crack Just Buttons v1.3   -
=====================================

First we should get some information about the program
and its protection etc.

So go to HELP/CONTENTS,
scroll down and look if you see
something that has with the protection to do.

I found this:

=====================================================================
EVALUATION COPY USERS: The evaluation copy is fully functional,
it does however watermark any output with an unregistered text note.
This is not done with the full version.
=====================================================================

Ok the program has all the functions in the UNREGISTERED verion except
it creates a watermark on the output file.

I didnt find any place where I can type in a serial or something.
You can also try if it expires. Set you clock at 2001 and see if it expires.

No it didnt expire..ok good I think we have enough information about the protection now.
So you know what we have to do?
I hope you do...but I say it if you dont know :-)

We are gonna remove the watermark that appears on the output file
because its not so nice to make button that has a the text

"UnRegistered Version" on it.

Ok to crack this program we dont have to use W32Dasm, just HView.

So create a new picture, File/Save Image As


Save it and open the picture.
what we see is a ugly text that says UnRegistered Version"
ok remember this text.


First make a backup of the EXE file.


Open HView scroll with the arrows until you find your directory
where Just Buttons is installed.

stand on "Justbtns.exe" and press ENTER.

Ok...hmm..wtf is this?
Alot of fucking strange symbols and shit.

Dont worry about this.
Now we have to change the MODE we should be in HEX MODE
not TEXT MODE so Press F4 and select HEX.

btw if you press F1 you can see all hotkeys etc.

Ok now its time to search for the message we got on our output file
so press F7 to search, besure to type the text in the ASCII field.
You can toggle between ASCII & HEX with the TAB button.

Ok, type in "unregistered" without the quotes.
press ENTER.

you can find the text on 8 different places.
But i will tell you the correct offset so you
dont screw up the exe and have to start over.

press F5 then type in E9010 then ENTER.
Now you can see the text "Unregistered Version"
so stand on the "U" click F3 (F3 = Edit) then TAB.

if you dont click TAB you stand in the HEX and we should not change
in HEX.

So lets decide what we should type in.
Registered Version?

haha...no...I prefer no text on my buttons so
I think we erase the text.

Dont erase more than til the "n" if you do you can screw up the exe file.

So "Unregistered Version" will be
   "No text here anymore"

Erase with teh SpaceBar.

Ok..to save the changes we have made press F9 followed by F10 to quit (F10 = Quit)
Open Just Buttons v1.3 and make a new file. save it and open the picture..

Do you se any text?

no I didnt think so....good you cracked the program CONGRATS!!
Now we can do one more thing with the program.

Look in the HELP/ABOUT Box

do you see:

Evaluation Copy - Unregistered Version


Lets change this too...like I changed mine from:

Evaluation Copy - Unregistered Version
--->
Cracked By: -=Metal=- (CrEaM)


Ok open HView again and search for "Evaluation"
I find the string at 2 places but the first is the
one we should change.

Like this:

+       $   Just
 Buttons- Ver: 1
.3 (Win95/98/NT)
        &   Eval
uation Copy - Un
registered Versi
on  S  P0

--->

+       $   Just
 Buttons- Ver: 1
.3 (Win95/98/NT)
        &   Crac
ed By: -=Metal=-
 (CrEaM)
on  S  P0

DON`T WRITE MORE THAN 38 CHARS!!!

Evaluation Copy - Unregistered Version = 38 chars (space it count as 1 letter)

So I should have 10 more letters to write...do you understand??

Now change to whatever you like but just 38 chars.

After you have chnaged it press F9 to save then F10 to quit.
Open the program look at your work and smile :-)

If you own a Patch Generator you can make a patch by comparing the
Original EXE with the Patched EXE (the one you changed)

You can find a Patch Generator at the site where you could find W32Dasm & HView!!

I hope this has helped you to know how easy you can remove a protection
like this.



=====================================
-     How to crack Xara3D v3.04     -
=====================================


Run Xara3D v3.04 and press the Purchase button
Enter a serial and press OK or REGISTER
I dont know as my version has expired :-)

But Im sure you know how to find the dialogbox where
you can type in the serial.

Ok now after you pressed the REGISTER button you got a
message that says You entered

Ok remember this message and now open W32Dasm.
Choose Disassembler/Open File to Disassemble

browse to your "X3D.exe" and start disassemble it.

After this is done we should find the message we got.
So press the "STRN REF" button beside the Printer button.

Now a window pops up and you can see alot of text and other stuff.
Scroll down until you find the message "You have entered an invalid unlock code"

stand on it ans double-click it. you will be located here:


This can be hard to understand but just follow.

=============================START CODE=============================
:0040FBFB 8D4C2414                lea ecx, dword ptr [esp+14]
:0040FBFF C78424B4040000FFFFFFFF  mov dword ptr [esp+000004B4], FFFFFFFF
:0040FC0A E8176A0700              call 00486626
:0040FC0F B001                    mov al, 01
:0040FC11 E9AA000000              jmp 0040FCC0

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0040FA34(C), :0040FA48(C), :0040FA64(C), :0040FA80(C), :0040FA9C(C)
|:0040FAB8(C), :0040FAD4(C), :0040FAF0(C), :0040FB5D(C)
|

* Possible Reference to Dialog: DialogID_0133, CONTROL_ID:00FF, ""
                                  |
:0040FC16 6AFF                    push FFFFFFFF
:0040FC18 6A10                    push 00000010

* Possible Reference to String Resource ID=03005: "You entered an invalid unlock code.
The program has not been"
                                  |
:0040FC1A 68BD0B0000              push 00000BBD
:0040FC1F E803EA0700              call 0048E627

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040FA24(C)
|
:0040FC24 8A442413                mov al, byte ptr [esp+13]
:0040FC28 33DB                    xor ebx, ebx
:0040FC2A 84C0                    test al, al
:0040FC2C 0F94C3                  sete bl
:0040FC2F 8D8C2444010000          lea ecx, dword ptr [esp+00000144]
:0040FC36 C68424B40400000E        mov byte ptr [esp+000004B4], 0E
:0040FC3E E8E3690700              call 00486626
:0040FC43 8D8C2440010000          lea ecx, dword ptr [esp+00000140]
==============================END CODE==============================

Ok do you see the text * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
This is the shit that made it unregistered.

So under the text you can see:

|:0040FA34(C), :0040FA48(C), :0040FA64(C), :0040FA80(C), :0040FA9C(C)
|:0040FAB8(C), :0040FAD4(C), :0040FAF0(C), :0040FB5D(C)


Write down all these numbers like this:

0040FA34
0040FA48
0040FA64
0040FA80
0040FA9C
0040FAB8
0040FAD4
0040FAF0
0040FB5D

Now press GoTo in the Menu and select Goto Code Location.

paste the first adress in the field.

and click OK. You will be located at:

=============================START CODE=============================
:0040FA2A 8B842440010000          mov eax, dword ptr [esp+00000140]
:0040FA31 3958F8                  cmp dword ptr [eax-08], ebx
:0040FA34 0F84DC010000            je 0040FC16  <---------------- you land here
:0040FA3A 0FBE10                  movsx edx, byte ptr [eax]
:0040FA3D 52                      push edx
==============================END CODE==============================

Double-Click on the JE (JE= Jump If Equal, JNE= Jump if Not Equal) on the JE
so it turns green look at the bottom and you see:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Line:30016 Pg 354 of 3872 Code Data @:0040Fa34 @Offset 0000EE34h
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You have to know the offset of the JE so write down it "0000EE34"
dont write the "h" it stand for HEX.

Ok do this with every Adress like this:

Press GoTo/GoTo Code Location <enter the adress>that you have write down.
press OK and you will be located to the adress you typed in.
Double-Click the adress and write down the offset.

You may think this is hard so I have write down all the offsets that you must have.


Adress:           Offest:
-------------------------
0040FA34         0000EE34
0040FA48         0000EE48 
0040FA64         0000EE64 
0040FA80         0000EE80 
0040FA9C         0000EE9C 
0040FAB8         0000EEB8 
0040FAD4         0000EED4 
0040FAF0         0000EEF0 
0040FB5D         0000EF5D
-------------------------

Ok close W32Dasm and open HView.
Scroll with the arrows until you find you
folder that contains "X3D.exe" stand on it
and press ENTER.
Now we have to change MODE.But NOT to HEX MODE as in
the earlier example. We should change to Decode MODE
So F4 select Decode.

Now we must go to all the adresses.
Press F5 and type:

0000EE34

you will see this:

.0040FA34: 0F84DC010000

what we have to do is to change:

0F84DC010000
------>
0F85DC010000

Do this with all adresses

like this:

First F5 then enter the offset then F3 to edit then change 84 ---> 85 press F9 to save changes.

So you have to type in all the offsets and then change 85 --> 84 or vice versa 85 --> 84

When you have changed all the adresses (dont forget to press F9 to save) press F10 to
leave HView.

Open Xara3D and enter whatever you like in the registration box...REGISTERED!!!


I hope you have learned something from this tutorial!
Well see ya next time!!

Bye!



-=Metal=-
metal_cracker@hotmail.com

=====================================
- Greetings Goes To -         
=====================================

- ThE CrEaM CrEw -
   
  - MagicMike - (For all help)   
    
   - Mantana -
    
   - Stimpy -