AnonymousRe: Post solution to Task #5 Here:Thu Dec 31 12:17:09 1998 Edited so everyone has a chance:The registration file is really most smoke to throw off any newbye cracker as there are really only four locations that are important.Two of these hold the counter when we are unregistered. They have to match or we will be warned we tampered with the program. They are bold and underlined 01 below.The other two are the digits 2, and 7 at offset F8 and F9 They are underlined below.Here they are 8 and 6 because CYT is unregistered.This is a generated file. Any attempt to edit will result in a disfunctional program. YOU HAVE BEEN WARNED!!!100000101001001010110011001010010100010101000100pΨÎW|^>2-28xGd$%)@ޞY"U4(*bD&7<ֈRvgg43117119862391983421430987349287201987219283712039817239872134982947107161416385937281171831426740918374019238471234908713249081723481903481902340798098712087943907821907321012908712482172161515751988343950298371219812838871298287317832847128793498712364871348112740-0101uses----010203040506070809101112131415[self-destruct]=falseBut changing them to 27 we could eliminate everything below these two digits because it will now think we are registered, that is what the 27 tells the program.Therefore the msffs.dll could look like this.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027The preceding zero's are necessary to get the proper offset. However we could eliminate the msffs.dll registration file altogether , ( that includes the file win64os.cpl) by changing two locations within CYT.No nag will appear, and you can run the program as registered without ever having to do so.1. change location 00xxxxxx from Jz to Jnz. This will kill the first nagscreen and we will not have to register2. Change the instruction at 00xxxxxx to a Ret Eliminate msffs.dll we will not need it anymore.PrincessRe: Post solution to Task #5 Here: by LenraV , Fri Jan 1 22:31