<HTML>
<HEAD>
   <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
   <META NAME="GENERATOR" CONTENT="Mozilla/4.04 [en] (Win95; I) [Netscape]">
   <META NAME="Author" CONTENT="AnDEc! '98">
   <META NAME="Classification" CONTENT="Reverse Code Engineering">
   <META NAME="Description" CONTENT="Step by step guide to Zip Manager 5.3">
   <META NAME="KeyWords" CONTENT="How to crack Zip Manager 5.3">
   <TITLE>Zip Manager 5.3</TITLE>
</HEAD>
<BODY TEXT="#001010" BGCOLOR="#C0C0C0" LINK="#FF0000" VLINK="#000099" ALINK="#FFFF00">
&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" 22" >
<TR BGCOLOR="#FFFFFF">
<TD WIDTH="15%">
<CENTER><B><FONT FACE="Arial,Helvetica">Sept 1998</FONT></B></CENTER>
</TD>

<TD WIDTH="100%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+1>"</FONT><FONT SIZE=+2>Basic
Win95 Cracking</FONT><FONT SIZE=+1>"</FONT></FONT></CENTER>
</TD>

<TD WIDTH="30%">
<CENTER><B><FONT FACE="Arial,Helvetica">Win '95 PROGRAM</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">Win Code Reversing</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">&nbsp;</FONT></FONT></CENTER>
</TD>
</TR>

<TR BGCOLOR="#FFFF99">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#890000">&nbsp;</FONT></FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">by <FONT SIZE=+3>AnDEc! '98&nbsp;</FONT></FONT></CENTER>
</TD>

<TD VALIGN=CENTER WIDTH="30%"><FONT FACE="Arial,Helvetica">&nbsp;</FONT></TD>
</TR>

<TR BGCOLOR="#999900">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">Code Reversing For Beginners&nbsp;</FONT></CENTER>
</TD>

<TD WIDTH="30%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>
</TR>

<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>

<TD ALIGN=LEFT>
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica">Program Details</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Name:</B> zm53inst.exe</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Type:</B> Windoze archiving
program.</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Location: <A HREF="http://www.sebd.com">www.sebd.com</A></B>&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Size:&nbsp;</B> 606k.</FONT></CENTER>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT></TD>

<TD WIDTH="30%"></TD>
</TR>

<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>

<TD><FONT FACE="Arial,Helvetica"><B>&nbsp;</B>&nbsp;</FONT>&nbsp;
<CENTER><B><FONT FACE="Arial,Helvetica">Tools Used:</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><A HREF="http://www.fortunecity.com/bally/waterford/18/w32dsm89.zip">W32Dasm
V8.9 - Disassembler</A></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">Softice V3.23 - Debugger</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">A hex editor (Any will do)</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>

<TD WIDTH="30%"></TD>
</TR>

<TR>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT COLOR="#0000FF">Rating</FONT></FONT></B></CENTER>
</TD>

<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><FONT COLOR="#0000FF">Easy
( X )&nbsp; Medium (&nbsp; )&nbsp; Hard (&nbsp;&nbsp;&nbsp; )&nbsp; Pro
(&nbsp;&nbsp;&nbsp; )</FONT>&nbsp;</FONT></FONT></B></CENTER>
</TD>

<TD WIDTH="30%" BGCOLOR="#999900"><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>There
is a crack, a crack in everything. That's how the light gets in.</FONT></FONT></B></TD>
</TR>
</TABLE>

<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>&nbsp;</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT>&nbsp;
<HR></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>Zip Manager 5.3.</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#0B7FC1">Written by AnDEc!
'98</FONT></FONT></CENTER>
<FONT FACE="Arial Black">&nbsp;</FONT>
<BR>&nbsp;
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Introduction</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><B><FONT FACE="Arial,Helvetica">This program is similar to Winzip.
I chose this program for this tutorial because, to my knowledge, there
is no crack file available for it. That means that you have to at least
follow this tutorial in order to make the crack. Don't worry though, the
asm code is fully commented.&nbsp;</FONT></B>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#3333FF"><FONT SIZE=+2>About this protection system</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><B><FONT FACE="Arial,Helvetica">This protection scheme is a simple
name/serial number based scheme.</FONT></B>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The Essay</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica">As I said above, this program uses a simple
name/serial code protection scheme and should not present a problem to
even the newest newbies.</FONT>
<BR><FONT FACE="Arial,Helvetica">O.k.</FONT>
<BR><FONT FACE="Arial,Helvetica">Let's crack.</FONT>

<P><FONT FACE="Arial,Helvetica">Fire up Soft-ICE and in the loader, load
<FONT COLOR="#3333FF">ZM53INTL.EXE.</FONT> Soft-ICE will do it's loading
thing and</FONT>
<BR><FONT FACE="Arial,Helvetica">pretty soon you'll you'll break into it
at the program entry point. Press <FONT COLOR="#3333FF">F5 </FONT><FONT COLOR="#000000">to
continue the loading</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">process. The Zip
Manager Shareware Evaluation License Agreement dialog box will be displayed.
Click on the "I Agree" - continue button and the Registration Information
dialog box will be displayed. Select the "Enter Registration" button and
enter:</FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;
Name:= </FONT><FONT COLOR="#3333FF">Cracked</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;
Reg#:= </FONT><FONT COLOR="#3333FF">555</FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><U><FONT COLOR="#000000">Before</FONT></U><FONT COLOR="#FF0000">
</FONT><FONT COLOR="#000000">you click on O.K, press </FONT><FONT COLOR="#3333FF">CTRL+D
</FONT><FONT COLOR="#000000">so that you break into softice and set a breakpoint
on GetDlgItemTextA by typing </FONT><FONT COLOR="#3333FF">getdlgitemtexta
</FONT><FONT COLOR="#000000">in the command window at the bottom of the
softice screen. Press CTRL+D again so that you can press the O.K. button.
After you have pressed O.K., you will find yourself very quickly inside
softice again. Press</FONT><FONT COLOR="#3366FF"> F11</FONT><FONT COLOR="#000000">
to trace back through the call. *NOTE* the addresses on the far left of
my disassembly of the target program may be different on your computer.
The principle remains the same though.</FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">You should see something
like:</FONT></FONT>
<BR><FONT COLOR="#FF0000">:00413C63 68B0BB4600&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push 0046BBB0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Save our entered code (555)&nbsp;</FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">You can see the code
that you typed in by typing </FONT><FONT COLOR="#3366FF">d 46bbb0</FONT><FONT COLOR="#000000">
in the command window. Ok. We know where the program stores our inputted
code. But. the code cannot be generated until the program gets our name.
So now we press </FONT><FONT COLOR="#3333FF">F5</FONT><FONT COLOR="#000000">
again. We break into softice again very quickly and at the same location!
Below is the disassembly.</FONT></FONT>

<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C5A FF15E4994700&nbsp;&nbsp;
Call dword ptr [004799E4]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#000000"><FONT SIZE=-1>:00413C60
FF75FC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; push [ebp-04]</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:00413C63
68B0BB4600&nbsp;&nbsp;&nbsp;&nbsp; push 0046BBB0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Save our entered name</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C68 E8479B0400&nbsp;&nbsp;&nbsp;&nbsp;
call 0045D7B4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -> Call something</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C6D 83C408&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add esp, 00000008</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:00413C70
85C0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; test eax,
eax&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -> Test to see if EAX = 0</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:00413C72
0F851F000000&nbsp;&nbsp; jne 00413C97&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Nope.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C78 6830200000&nbsp;&nbsp;&nbsp;&nbsp;
push 00002030</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C7D 68E8594700&nbsp;&nbsp;&nbsp;&nbsp;
push 004759E8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -> Save message box title.</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C82 688C294700&nbsp;&nbsp;&nbsp;&nbsp;
push 0047298C&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -> Not A Valid Registration
Number! message</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C87 FF7508&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push [ebp+08]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:00413C8A FF1594984700&nbsp;&nbsp;
Call dword ptr [00479894]&nbsp;&nbsp; -> Display a message box.</FONT></FONT>

<P><FONT FACE="Arial,Helvetica">Examine the above peice of code. We know
that the <FONT COLOR="#3333FF">PUSH</FONT> statement at <FONT COLOR="#3333FF">0043C63</FONT>
is saving the user name that we are entering. We also know that the next
statement is calling some sort of sub routine. The call at the end of the
code snippet is calling a message box of some sort.&nbsp; This says to
me that the peice of code that does the compare is somewhere inside the
subroutine. Lets step into it by pressing <FONT COLOR="#3333FF">F8</FONT>
and see where it takes us.</FONT>
<BR>&nbsp;

<P><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7B4 55&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push ebp</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7B5 8BEC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov ebp, esp</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7B7 83EC28&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
sub esp, 00000028</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7BA 53&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push ebx</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7BB 56&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push esi</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7BC 57&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push edi</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D7BD
C745F800000000&nbsp;&nbsp; mov [ebp-08], 00000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Clear old values.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7C4 C745F400000000&nbsp;&nbsp;
mov [ebp-0C], 00000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
"</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7CB C745F000000000&nbsp;&nbsp;
mov [ebp-10], 00000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
"</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7D2 C745EC00000000&nbsp;&nbsp;
mov [ebp-14], 00000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
"</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7D9 C745E800000000&nbsp;&nbsp;
mov [ebp-18], 00000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
"</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7E0 C745E438270000&nbsp;&nbsp;
mov [ebp-1C], 00002738</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D7E7
8B4508&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mov
eax, dword ptr [ebp+08]&nbsp;&nbsp;&nbsp; -> Move our reg code to EAX</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D7EA 8945FC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov dword ptr [ebp-04], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D7ED
66C745D80000&nbsp;&nbsp;&nbsp;&nbsp; mov [ebp-28], 0000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Zero Counter.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D7F3
E904000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jmp 0045D7FC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Jump over INC instruction.</FONT></FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">The peice of code
above clears the previously failed attemps at registering the program as
well as zero's the counter needed for the next peice of code.</FONT></FONT>

<P><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D7F8
66FF45D8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inc [ebp-28]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Increment counter.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D7FC
0FBF45D8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; movsx eax,
word ptr [ebp-28]&nbsp; -> jump from 0045D7F3 lands here.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D800
83F82B&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
cmp eax, 0000002B&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Compare EAX with 42</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D803
0F8D5B000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jnl 0045D864&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> jump if equal</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D809
0FBF45D8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; movsx eax,
word ptr [ebp-28]&nbsp; -> move user name into EAX</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D80D 8B4DFC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov ecx, dword ptr [ebp-04]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#000000"><FONT SIZE=-1>:0045D810
0FBE0408&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; movsx eax,
byte ptr [eax+ecx]</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D814 8945E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov dword ptr [ebp-20], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D817 8B45E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-20]&nbsp;&nbsp; <FONT COLOR="#FF0000">-> move hex
value for letter</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D81A
69C049870100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; imul eax, 00018749&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> multiply eax*eax*18748</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D820
0145F8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add dword ptr [ebp-08], eax&nbsp;&nbsp; -> add eax to ebp-08</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D823
8B45E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-20]&nbsp;&nbsp; -> Similar to end of snippet.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D826 69C061870100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
imul eax, 00018761</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D82C 0145F4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add dword ptr [ebp-0C], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D82F 8B45E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-20]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D832 69C095860100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
imul eax, 00018695</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D838 0145F0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add dword ptr [ebp-10], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D83B 8B45E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-20]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D83E 69C037870100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
imul eax, 00018737</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D844 0145EC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add dword ptr [ebp-14], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D847 8B45E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-20]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D84A 69C057870100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
imul eax, 00018757</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D850 0145E8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add dword ptr [ebp-18], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D853 8B45E0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-20]</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D856 69C0D9860100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
imul eax, 000186D9</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D85C 0145E4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add dword ptr [ebp-1C], eax</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D85F
E994FFFFFF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jmp 0045D7F8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Go back and do it again.</FONT></FONT></FONT>

<P><FONT FACE="Arial,Helvetica">The above peice of code is the string manipulation
routine. This routine is run through a total of <FONT COLOR="#3366FF">43</FONT>
times. The following peice of code does the addition of all the values
that were computed in the above peice of code. It also converts the double
word value in EAX(CDQ) into a quad word value then devides the value in
ECX saving the result in EAX.</FONT>

<P><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D864
8B45F0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp-10]&nbsp;&nbsp; -> move initial value to EAX.</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D867
0345F4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add eax, dword ptr [ebp-0C]&nbsp;&nbsp; -> Do addition</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D86A 0345F8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add eax, dword ptr [ebp-08]&nbsp;&nbsp; ->&nbsp;&nbsp;&nbsp; "</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D86D 0345E4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add eax, dword ptr [ebp-1C]&nbsp;&nbsp; ->&nbsp;&nbsp;&nbsp; "</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D870 0345E8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add eax, dword ptr [ebp-18]&nbsp;&nbsp; ->&nbsp;&nbsp;&nbsp; "</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D873 0345EC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add eax, dword ptr [ebp-14]&nbsp;&nbsp; ->&nbsp;&nbsp;&nbsp; "</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D876
B93DBB0D00&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mov ecx, 000DBB3D&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
->&nbsp;&nbsp;&nbsp; " move reg code to ECX</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D87B
99&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
cdq&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> Convert into quad word</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D87C
F7F9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
idiv ecx&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> division</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D87E
8D4201&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
lea eax, dword ptr [edx+01]&nbsp;&nbsp; -> Save the result in EAX</FONT></FONT></FONT>

<P><FONT FACE="Arial,Helvetica">See if you can guess what the importance
of the following peice of code is.</FONT>

<P><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D881
8945DC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov dword ptr [ebp-24], eax&nbsp;&nbsp; -> Move EAX to ebp-24</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D884
8B450C&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [ebp+0C]&nbsp;&nbsp; -> move ebp+0c to eax</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D887
3945DC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
cmp dword ptr [ebp-24], eax&nbsp;&nbsp; -> **** COMPARE ****</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D88A
0F850F000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jne 0045D89F&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> not equal so bugger off cracker</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>:0045D890
B801000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; mov eax, 00000001&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-> registered flag</FONT></FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D895 E90C000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
jmp 0045D8A6</FONT></FONT>
<BR><FONT FACE="Courier New,Courier"><FONT SIZE=-1>:0045D89A E907000000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
jmp 0045D8A6</FONT></FONT>

<P><FONT FACE="Arial,Helvetica">That's right. This is the compare routine.
All that needs to be done now is to make a permanent crack at <FONT COLOR="#3333FF">:0045D88A
(jne 0045D89F).</FONT></FONT><FONT FACE="Courier New,Courier"><FONT COLOR="#FF0000"><FONT SIZE=-1>
</FONT></FONT></FONT><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">I
would suggest that a few NOP's would not go astray here.</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The 'Crack'</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<B><FONT FACE="Arial,Helvetica">To make this a permenant crack,</FONT></B>
<BR><FONT FACE="Arial,Helvetica">Load up zm53intl.exe into your favorite
Hex-Editor ( I prefer hexWorkshop-32) but just about any Hex-Editor will
do..</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica"><B>SEARCH</B> FOR THE FOLLOWING BYTES
: <FONT COLOR="#000000">3945DC0F850F000000</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><B>REPLACE</B> WITH <B><U><FONT COLOR="#990000">HIGHLIGHTED</FONT></U></B>
BYTES :&nbsp; <FONT COLOR="#000000">3945DC</FONT><FONT COLOR="#000099">909090909090</FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">Also, if you want
your name in the about box, copy below and paste&nbsp; into the zm53intl.ini
file (at the end)</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">replacing, of course
</FONT></FONT>[ANY NAME YOU WANT] and [ANY CODE YOU WANT] <FONT FACE="Arial,Helvetica">with
your name and any number.</FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">--------x-------x--------x---------
Start Copy -----------x---------x----------x</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica">[Registration]</FONT>
<BR>Name=[ANY NAME YOU WANT]
<BR>Number=[ANY CODE YOU WANT]
<BR><FONT FACE="Arial,Helvetica">-------x--------x------x---------- End
copy ------x--------x-----------x-----x</FONT>
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">Final Notes</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">My thanks and gratitude goes to:-</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">Fravia+ for providing possibly the greatest
source of Reverse Engineering</FONT>
<BR><FONT FACE="Arial,Helvetica">knowledge on the Web.</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">+ORC for showing me the light at the end
of the tunnel.</FONT>

<P><FONT FACE="Arial,Helvetica">All Newbies: Without all of you, the cracking
scene would die over time.</FONT>
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Ob Duh</FONT></FONT>&nbsp;</CENTER>
</TD>
</TR>
</TABLE>
<I><FONT FACE="Arial,Helvetica">&nbsp;</FONT></I>
<BR><I><FONT FACE="Arial,Helvetica">Do I really have to remind you all
that by buying and NOT stealing the software you use will ensure that these
software houses will continue to&nbsp; produce even *better* software for
us to use and more importantly, to continue offering even more challenges
to breaking their often weak protection systems.</FONT></I>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><I><FONT FACE="Arial,Helvetica">If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.</FONT></I>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR>
<HR SIZE=3 WIDTH="100%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><TABLE BORDER=2 >
<TR>
<TD>&nbsp;<FONT FACE="Arial,Helvetica"><FONT SIZE=+1>[ <A HREF="Main.html">Return</A>
]</FONT></FONT>&nbsp;</TD>
</TR>
</TABLE></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=+1>&nbsp;</FONT></FONT></B></CENTER>

<HR SIZE=3 WIDTH="100%">
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Essay by: <A HREF="mailto:andec@tac.com.au">andec@tac.com.au</A></FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Page Created: 24th July
1998</FONT></FONT>
</BODY>
</HTML>
