A hard drive certainly can be a messy place. It can
be crammed full of stuff you don't need, or want. Windows applications litter your hard
drive with junk that serves no purpose. This junk can cause your PC to slow down and even
cause some application problems.
System Cleaner 98 fixes and prevents errors in Windows 95 and Windows NT 4.0 by finding
and cleaning(deleting) error-producing and space-wasting garbage files. System Cleaner 98
operates by regularly scanning your hard drive for various error producing files and then
optionally cleaning them from your system for you.
System Cleaner 98 targets specific types of error producing files that common disk
utilities, uninstall, defrag, disk-scanning, and sweep-type programs will miss. The error
files that System Cleaner 98 searches for and deletes can produce hazardous results if
they are not properly cleaned from your drive on a periodic basis.
System Cleaner 98 is a safe, fast, and thorough way of keeping your system running like
new.
We are limited to 30 Days of use + 5 days of grace
period as an unregistered user. The register option in the tray area won't do nothing ..
even we kick on it ! Let's pushed the system date 2 months forward .. run the program ..
boom .. the expiration message pops up follow by the registration dialog ! Heh believe me
you can't make it registered even you entered the correct code ! So let's forget this
stupid things !
Now push the system date backward and run the
program .. boom .. " The system clock has been moved back .. bla bla bla " ..
huh let's finish this naughty delphi. We should use GETLOCALTIME function whenever we're
trying to crack time limit protection. Set BPX GETLOCALTIME and run the program ..
boom .. X [ENTER] .. F11 once to get the caller .. you should land in sc98 now .. keep
tracing (F10) untill you see 1E value being compare / move into register .. snip ..
snip .. oh ! :
| 0049CE53 |
BA1E000000 |
mov edx, 0000001E |
; recognize this ?! .. yep it's our 30
days trial period |
| 0049CE58 |
E8ABA3FEFF |
call 00487208 |
|
| 0049CE5D |
8B03 |
mov eax, [ebx] |
|
| 0049CE5F |
BA05000000 |
mov edx, 00000005 |
; and this ?! .. sure it's our 5 days
grace period |
| 0049CE64 |
E86FA4FEFF |
call 004872D8 |
|
| 0049CE69 |
8B03 |
mov eax, [ebx] |
|
.. we can make our trial period more longer ! e.g :
| mov edx, 00000001E |
CHANGE TO |
mov edx, 00FFFFFFF |
; this will give us 268,435,455 days |
| mov edx, 000000005 |
CHANGE TO |
mov edx, 00FFFFFFF |
; plus 268,435,455 days of grace
period |
so we'll have 536,870,910 days of trial period !! he
he he seems we'll enjoy the grace period in hell .. but let's continue our exciting trip
'coz thiz is not our target ..
| 0049CEA2 |
E875DFFEFF |
call 0048AE1C |
; step in here (F8) |
we're land here :
| 0048AE1C |
53 |
push ebx |
|
| 0048AE1D |
8BD8 |
mov ebx, eax |
|
| 0048AE1F |
8BC3 |
mov eax, ebx |
|
| 0048AE21 |
E87EACFFFF |
call 00485AA4 |
|
| 0048AE26 |
84C0 |
test al, al |
|
| 0048AE28 |
7439 |
je 0048AE63 |
; we should change this code |
| 0048AE2A |
8BC3 |
mov eax, ebx |
|
| 0048AE2C |
E8D3A1FFFF |
call 00485004 |
|
| 0048AE31 |
84C0 |
test al, al |
; AL=1 means we run
sc98 for the first time |
| 0048AE33 |
7407 |
je 0048AE3C |
|
| 0048AE35 |
8BC3 |
mov eax, ebx |
|
| 0048AE37 |
E8A8B1FFFF |
call 00485FE4 |
; this call pop up
the message "Thank you for trying ..bla bla" |
| 0048AE3C |
8BC3 |
mov eax, ebx |
|
| 0048AE3E |
E829ADFFFF |
call 00485B6C |
|
| 0048AE43 |
8BC3 |
mov eax, ebx |
|
| 0048AE45 |
E8FEA3FFFF |
call 00485248 |
|
| 0048AE4A |
84C0 |
test al, al |
|
| 0048AE4C |
7515 |
jne 0048AE63 |
|
| 0048AE4E |
8BC3 |
mov eax, ebx |
|
| 0048AE50 |
E86FB9FFFF |
call 004867C4 |
|
| 0048AE55 |
8BC3 |
mov eax, ebx |
|
| 0048AE57 |
E8D0A6FFFF |
call 0048552C |
; step in here (F8) |
keep tracing until we reach this code :
|
| 0048566A |
3BD8 |
cmp ebx, eax |
|
| 0048566C |
7D1A |
jge 00485688 |
; if ebx >= eax
then jump to 485688 else pops up " The system clock |
|
|
|
; has been moved back
.. bla bla bla " |
|
| 0048AE5C |
8BC3 |
mov eax, ebx |
|
| 0048AE5E |
E849B1FFFF |
call 00485FAC |
; step in here (F8)
.. you'll see a routine to check the expiration date |
| 0048AE63 |
5B |
pop ebx |
|
| 0048AE64 |
C3 |
ret |
|
we don't need that stupid routine right ?! .. let's
fix it .. now fire up Hiew and make the following changes:
| OFFSET |
ORIGINAL BYTE |
NEW BYTE |
|
|
|
| 8A228 |
7439 |
EB79 |
Now push your system date 2 months forward and run
the program .. does it expire ? NO ! .. now reset the system date back and run the program
.. does the stupid message pops up ?! NO !! .. yep sc98 has updated !
Now let's make our work more perfect ! .. click on
the about button you should see :
This program is licensed to :
Shareware
You have 4 days left to Evaluate
Unregistered evaluation copy
We don't want to see these ugly text .. do we ?!
double click on the text in SDR .. we should land here :
| 0048F20F |
83B81801000000 |
cmp [eax+00000118], 00 |
|
| 0048F216 |
0F8588000000 |
jne 0048F2A4 |
; we should change this code |
* Possible StringData Ref from Code Obj ->"- Shareware -" |
| 0048F21C |
BA34F34800 |
mov edx, 0048F334 |
|
| 0048F221 |
8B830C020000 |
mov eax, [ebx+0000020C] |
|
| 0048F227 |
E88CB7F9FF |
call 0042A9B8 |
|
* Possible StringData Ref from Code Obj ->"Unregistered evaluation copy" |
Fire up Hiew and make the following changes:
| OFFSET |
ORIGINAL BYTE |
NEW BYTE |
|
|
|
| 8E616 |
0F8588000000 |
0F8488000000 |
Now the ugly text has been removed ... let's make it
licensed to 'someone' :
| 0048F2A4 |
A194F34900 |
mov eax, [0049F394] |
|
| 0048F2A9 |
8B00 |
mov eax, [eax] |
|
| 0048F2AB |
8B9018010000 |
mov edx, [eax+00000118] |
|
| 0048F2B1 |
8B830C020000 |
mov eax, [ebx+0000020C] |
; we should change this
code ! |
| 0048F2B7 |
E8FCB6F9FF |
call 0042A9B8 |
|
| 0048F2BC |
A194F34900 |
mov eax, [0049F394] |
|
| 0048F2C1 |
8B00 |
mov eax, [eax] |
|
| 0048F2C3 |
8B9020010000 |
mov edx, [eax+00000120] |
|
| 0048F2C9 |
8B832C020000 |
mov eax, [ebx+0000022C] |
; we should change this
code ! |
Fire up Hiew and make the following changes:
| OFFSET |
ORIGINAL BYTES |
NEW BYTES |
|
|
|
| 8E6B1 |
8B830C020000 |
8B8018010000 |
| 8E6C9 |
8B832C020000 |
8B8020010000 |
He he he .. now it's just like a registered version
!
Notes :
Most applications stored their settings either in
the system registry or in the configuration file (INI, DAT, CFG, etc) .. you can use some
tools to help u to find it, eg: Win32dasm (search in SDR), SoftIce (using CreateKey(A)
function), Filemon (Finding files being used by the program), Regmon ( finding which key
are used by the program), or RegCrawler ( to search spesific key in the registry).
Especially in time limit / run time limited cracking .. you could just delete the key /
configuration file created by the program to get your trial period back ! (actually
you only need to delete the value used as a counter date but generally delete them all
won't do no harm 'coz the program will create them again)
Sc98 stored the settings in the system registry :
HKEY_LOCAL_MACHINE\Config\0001\.SCSecurity
HKEY_CURRENT_USER\Software\InforTech
simply delete these keys to get your 35 days back !
Well .. that's all for now guys .. let me know if you have any comment : widya2011@hotmail.com |