<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>How to patch AWEB Developer 1</title>
</head>

<body bgcolor="#C0C0C0">

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<b><u><font size="4" color="#000080">How to patch AWEB Developer 1.31</font></u></b></p>
<p>&nbsp;</p>
<p><font color="#000080" size="3">&nbsp;&nbsp;&nbsp; This program is shareware
and after a period, it asks you to register. It's a Visual Basic 6 prog, and I
have searched for the right serial, but it doesn't work; actually it creates two
serials. Never mind, we will patch it. So before we continue, make two copies of
the exe file. The one for backup and the other with extension .w32 for use with
W32Dasm.</font></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;<font color="#000080" size="3"> Ok, now open the .w32
file with W32Dasm and go to SDR (String Data References) and double click
&quot;Evaluation period is over. Do you want to register AWeb Developer
now?&quot;, but as it there is many times inside the code, you must reach the
line 004AE1A7. It will be like this&nbsp;</font></p>
<p><font size="3" color="#000000">:004AE19E 8D954CFFFFFF
l&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
lea edx, dword ptr [ebp+FFFFFF4C]<br>
:004AE1A4 8D4D8C&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
lea ecx, dword ptr [ebp-74]<br>
</font><font color="#000080" size="3"><br>
</font><font size="3" color="#000000">* Possible StringData Ref from Code Obj</font><font color="#000080" size="3">
</font><font size="3" color="#008000">-&gt;</font><font size="3" color="#FF0000">&quot;Evaluation period is over, Do
&quot;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</font><font size="3" color="#008000">-&gt;&quot;you want to register AWeb Developer
&quot;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
->"now?"</font><font color="#000080" size="3"><br>
</font><font size="3" color="#000000">                                  |<br>
:004AE1A7 C78554FFFFFF54044200&nbsp;&nbsp;&nbsp;&nbsp; mov dword ptr [ebp+FFFFFF54], 00420454<br>
:004AE1B1 C7854CFFFFFF08000000&nbsp;&nbsp;&nbsp;&nbsp; mov dword ptr [ebp+FFFFFF4C], 00000008</font></p>
<p>&nbsp;</p>
<p><font color="#000080" size="3">Now scroll a bit up till you see&nbsp;</font></p>
<p>* Reference To: MSVBVM60.__vbaR8Str, Ord:0000h<br>
                                  |<br>
:004AE102 FF15D8114000&nbsp;&nbsp;&nbsp;&nbsp; Call dword ptr [004011D8]<br>
:004AE108 DC1D40414000&nbsp;&nbsp;&nbsp; fcomp qword ptr [00404140]<br>
:004AE10E DFE0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
fstsw ax<br>
:004AE110 F6C440&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
test ah, 40<br>
:004AE113 0F84BC010000&nbsp;&nbsp;&nbsp; je 004AE2D5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<b><font color="#FF00FF">&lt;=</font></b> <font color="#800000"><b>Here we are. </b>Write
down offset <i>AE113</i></font><br>
:004AE119 8B0E&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov ecx, dword ptr [esi]</p>
<p>&nbsp;</p>
<p><font color="#000080">Ok, now choose string &quot;Unregistered&quot; and you
shall land here</font></p>
<p>* Referenced by a (U)nconditional or (C)onditional Jump at Address:<br>
|:004AD2D6(C)&nbsp;&nbsp; <b><font color="#FF00FF">&lt;=</font></b> <b><font color="#800000">See
this?</font></b></p>
<p>|<br>
:004AD3A8 8B06&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [esi]<br>
:004AD3AA 56&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push esi<br>
:004AD3AB FF9010030000&nbsp;&nbsp;&nbsp; call dword ptr [eax+00000310]<br>
:004AD3B1 8D4DD0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
lea ecx, dword ptr [ebp-30]<br>
:004AD3B4 50                      push eax<br>
:004AD3B5 51                      push ecx<br>
<br>
* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h<br>
                                  |<br>
:004AD3B6 FF15AC104000            Call dword ptr [004010AC]<br>
:004AD3BC 8BF0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov esi, eax<br>
<br>
* Possible StringData Ref from Code Obj -&gt;<font color="#FF0000">&quot;Unregistered&quot;</font><br>
                                  |<br>
:004AD3BE 6898024200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; push 00420298</p>
<p>&nbsp;</p>
<p><font color="#000080">Go to Goto-&gt;Goto Code Location and enter 4AD2D6.
You'll see this code</font></p>
<p>* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h<br>
                                  |<br>
:004AD2CE FF150C114000&nbsp;&nbsp;&nbsp;&nbsp; Call dword ptr [0040110C]<br>
:004AD2D4 85C0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
test eax, eax&nbsp;&nbsp;&nbsp;<font color="#0000FF">&nbsp;&nbsp;&nbsp;</font>&nbsp;&nbsp;&nbsp;&nbsp;
<font color="#0000FF">&lt;=</font> <font color="#800000">We don't like that.
Note the offset <i>AD2D4</i></font><br>
:004AD2D6 0F85CC000000&nbsp;&nbsp;&nbsp;&nbsp; jne 004AD3A8<br>
:004AD2DC 8B0E&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov ecx, dword ptr [esi]</p>
<p>&nbsp;</p>
<p><font color="#000080">Double click again the &quot;Unregistered&quot;
reference to land elsewhere</font></p>
<p>&nbsp;</p>
<p>* Referenced by a (U)nconditional or (C)onditional Jump at Address:<br>
|:004AE07A(C)&nbsp;&nbsp; <font color="#FF00FF"><b>&lt;=</b></font> <b><font color="#800000">See
this?</font></b><br>
|<br>
:004AE0BF 8B06&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov eax, dword ptr [esi]<br>
:004AE0C1 56&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push esi<br>
:004AE0C2 FF9010030000&nbsp; call dword ptr [eax+00000310]<br>
:004AE0C8 8D4D9C&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
lea ecx, dword ptr [ebp-64]<br>
:004AE0CB 50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push eax<br>
:004AE0CC 51&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push ecx<br>
<br>
* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h<br>
                                  |<br>
:004AE0CD FF15AC104000&nbsp; Call dword ptr [004010AC]<br>
:004AE0D3 8BF8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov edi, eax<br>
<br>
* Possible StringData Ref from Code Obj -&gt;<font color="#FF0000">&quot;Unregistered&quot;<br>
</font>                                  |<br>
:004AE0D5 6898024200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; push 00420298</p>
<p><font color="#000080">Go to Goto-&gt;Goto Code Location and enter 4AE07A.
You'll see this code</font></p>
<p>* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h<br>
                                  |<br>
:004AE072 FF150C114000            Call dword ptr [0040110C]<br>
:004AE078 85C0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
test eax, eax&nbsp;&nbsp;&nbsp;&nbsp; <font color="#0000FF">&lt;=</font> <font color="#800000">We
don't like that. Note the offset <i>AE078</i></font><br>
:004AE07A 7543&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
jne 004AE0BF<br>
:004AE07C 8B16&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov edx, dword ptr [esi]</p>
<p>&nbsp;</p>
<p><font color="#000080">We are done now. Time to make the changes. Run Hiew and
open the exe file. Press F4 to go to Decode Mode, F5 and enter the first offset
(<i>AE113), </i>press F3 and change the </font> 0F84BC010000 <font color="#000080">to</font>
0F8<font color="#FF0000">5</font>BC010000<font color="#000080">, press F9 to
save, F5 again and enter </font><font color="#000080"><i>AD2D4 </i>and change
the </font> 85C0 <font color="#000080">to</font> 85C<font color="#FF0000">9</font><font color="#000080">,
F9 again and once more F5 and </font><font color="#000080"><i>AE078</i>, change
the </font> 85C0 <font color="#000080">to</font> 85C<font color="#FF0000">9</font><font color="#000080">,
F9 and press &lt;ESC&gt; to leave. Run the program now. No unregistered. I have
not tested if all functions work correctly, but if you see any bug about
registration, then mail to me.</font></p>
<p><font color="#000080">Thanks for reading this tut.</font></p>
<p><font color="#000080">For any questions you can reach me on EF-Net #cracking
and #cracking4newbies, or on GR-NET in #cracking (thats mine,hehe) with the
nick iNFRA .</font></p>
<p><font color="#000080">My e-mail is</font> <b><a href="mailto:dmitspan@usa.net">dmitspan@usa.net</a></b></p>
<p><font color="#000080">Goodbye my friends.</font></p>
<p><font color="#000080">&nbsp;</font></p>
<p><font color="#000080">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<u>Written by</u>: Mitsaras Nuker</font></p>
<p>&nbsp;</p>
<p><font color="#000080">&nbsp;</font></p>

</body>

</html>
