4/29/00 10:54:25 AM


WHY PATCHING WHILE SERIAL NUMBER IS FISHY

BitmapShrinker V 1.02
A Cracking Tutorial 
by ASTAGA [D4C/C4A]


DISCLAIMER 

This reading material is not intended to violate Copyrights 
and/or it is law, but educational purposes only. I hold no 
responsibility ( by all means and in any shape whatsoever ) 
of the mis-used of this material.


ABOUT THE PROGRAM 

The BitmapShrinker is mainly a tool for authors of web-pages
and help-files. It can shrink and enlarge graphics. 
The BitmapShrinker tries to choose the best fitting colors 
for the pixels in the resulting graphic to avoid disturbing 
stair and block-effects. The used method is often called 
anti-aliasing or bilinear interpolation.
Shareware; Win95; English&German

Homepage: http://www.beyersdorf.com/
URL     : http://www.beyersdorf.com/archives/BShrink.exe

Level		: Beginner ( non programmer )
Protection	: Serial Number, Time Limo
Tool(s)	: SoftIce v3.24 or higher



1.  Run BitmapShrinker.exe , when the nag pops up click on 
    the ENTER KEY button. Type your desired name and fake 
    serial number i.e  
		Name	: Tracy Lord
		Key	: 9073884665

	    DO NOT CLICK 'OK' yet

2.  Press [ Ctrl + D ] to get into SoftIce, and type breakpoint
    bpx hmemcpy [enter] and
    F5 to return to the program, you can click OK button now.

3.  You'll get into SoftIce and break in HMEMCPY, all you have
    to do is press F11, F5 and F11. To get into main program
    press F12 eleven (11) times until you see these below follow
    ing codes : 
	_____________________________________________________________
	:0047E9E1 E872B0F9FF       call 00419A58 <---- YOU LAND HERE
	:0047E9E6 8B4DF8           mov ecx, dword ptr [ebp-08]
	:0047E9E9 8B93E0010000     mov edx, dword ptr [ebx+000001E0]
	:0047E9EF 8B83DC010000     mov eax, dword ptr [ebx+000001DC]
	:0047E9F5 E81EF5FFFF       call 0047DF18 <---- Follow this
	:0047E9FA 84C0             test al, al         call
	:0047E9FC 7432             je 0047EA30
	:0047E9FE C605985B490001	mov byte ptr [00495B98], 01	

	_________________BITMAPSHRINKER!CODE+0007D9E1________________

    Press F10 4 times or until you get 0047E9F5 is highlighted,
    press F8 to follow and trace this call ... this time you'll 
    land at these below codes :

	:0047DF16 8BC0       mov eax, eax
	:0047DF18 55         push ebp
	:0047DF19 8BEC       mov ebp, esp
	:0047DF1B 83C4E0 	add esp, FFFFFFE0
	:0047DF1E 53         push ebx
	:0047DF1F 56         push esi
	.......
	.......

4.  Keep continue pressing F10 and stop at the 15th, at this step
    you have to watch what's going on in the SoftIce's Register
    Window and Data Window :

	:0047DF37 E8E058F8FF 	call 0040381C
	:0047DF3C 8B45F8	 	mov eax, dword ptr [ebp-08]
	:0047DF3F E8D858F8FF 	call 0040381C
	
	REGISTER WINDOW : EAX=00D36C10   SS:006EFD8

    Dump/display the contents in EAX by typing :

	d eax		----> you'll see your Name and fake Serial Number
			      in the SoftIce's Data Window.
	or
	d 006EFD8 	----> your Name is there

	( note:alternatively you can double click your RIGHT mouse 
	button and choose DISPLAY to see the contents )


5.  Press F10 again and stop at the 45th, and take care should be
    taken because I see the classic comparison code between ESI
    and EAX ( :0047DFAC 3BF0  cmp esi, eax ) ... let's prove it ..
    does the REAL Serial Number is there or not ?  

	REGISTER WINDOW : EAX=00031372   ESI=006EF6D0

	:0047DFA2 8BF0             mov esi, eax ---> YOU LAND HERE
	:0047DFA4 8B4508           mov eax, dword ptr [ebp+08]
	:0047DFA7 E8C87DF8FF       call 00405D74
	:0047DFAC 3BF0             cmp esi, eax ---> DO ?EAX or ?ESI
	:0047DFAE 0F8533010000	jne 0047E0E7

    At memory address 0047DFA2 type in the SoftIce Command Line
    	? EAX ---> you'll get 201586
	? ESI ---> 7272144

    ( Note: why shouldn't we do ?EAX at memory address 0047DFAC ?,
    because at the 47th of F10 you'll returned to the program and
    get 'Invalid code' message. However, by clicking OK in the 
    prog's registration window you'll back into SoftIce and landed
    at memory address 0047DFA7. Press F10 once and do ?EAX and 
    ?ESI )

6.  Disable all breakpoint by typing BD * , press F5 to return to
    the main program, and keyed in 201586 as your Serial Number.
    Click OK .  Badass... you're registered !


TIPS FOR BEGINNERS/NEWBIES

*   From the above explanation we have learn that do not always
    wait until classic CMP ESI,EAX ( or similar ) comes to your 
    eyes... even it's exactly true. Keep on eyes the changes
    in the Register Window.


END NOTES

   This program is sold as shareware, so you can try before you buy.  
   This is convenient for you, saves expenses by dispensing with all 
   that packaging, and cuts out the middle person.  So it is cheap, 
   but it is not free.  
   If you like the program, and you will, be sure to register and pay.
   To keep shareware prices low,  users must do the right thing: 
   Register, pay up, and smile/grin at yourself in the mirror.

   Do not distribute your crack release based on this tutorial, because
   you become a LAMER(s)!!!!!!!!
   ( tHATDUDE (PC97) defined LAMER(s) is the guy who sits in front of
   personal computer, using Hex Editor, ripping off other group(s)
   crack release, repacking (distro) them under his name. 
   Adopted from newsgroup alt.cracks, alt.crackers - February 1997 ) 


 _ Never attribute to malice that which is adequately explained by stupidity _

  

ASTAGA [D4C/C4A] tute-bmpshrk102.zip  or c4a_bs12.zip
[EOF]
