This tutorial is coming from...

ReFleXZ '99 Url: Http://ReFleXZ99.cjb.net Email: ReFleXZ@fcmail.com

About the essay...

Written by: MiZ Date: 15th January 1999 Program name: TextPad v3.0.08 Program type: Win32 Program location: Here Program filename: N/A Program size: 1.4MB Tools required: Softice 3.2 x - Debugger Difficult level: Easy ( X )  Medium (   )  Hard (    )  Pro (    )

Introduction...

TextPad is a very good program for editing large text files.

About the protection...

Type of protection: NAG At startup you'll get a NAG.

The Essay...

Let's see what kind of protection it has.So,fire up the program,and we see evaluation notice: a nag screen.The nag is resident for a few seconds,after that it disappears. Ok press Ctrl+D to get into softice,type bpx GetTickCount,to set a breakpoint on GetTickCount,press Ctrl+D again to get out of softice.Now fire up TextPad and softice breaks,press F11 and you should be here: :00458350 FF15E01F4F00             Call [User32!UpdateWindow] :00458356 FF15BC1C4F00            Call [Kernel32!GetTickCount]          <--- Here we land :0045835C 8B4DE4                        mov ecx, dword ptr [ebp-1C] :0045835F 8901                              mov dword ptr [ecx], eax Now scroll up until you see: :00458335 56                                 push esi :00458336 8B01                            mov eax, dword ptr [ecx] :00458338 FF90D4000000           call dword ptr [eax+000000D4] :0045833E 85C0                           test eax, eax                                  <--- if EAX=0 then :00458340 741F                            je 00458361                                 <--- jump good guy :00458342 6A05                            push 00000005 :00458344 8B0F                            mov ecx, dword ptr [edi] :00458346 E84F2B0400               call 0049AE9A We see that jump at :00458340 jumps over the call to GetTickCount,so we set the new breakpoint at line :00458340,like this bpx 00458340,disable the first one by typinf bd 00,press Ctrl+D to get out of Softice and start TextPad again.Softice breaks now type r fl z,this will return the flag to zero,press Ctrl+D again and there&acute;s no nag.You did it. Now to make the crack permanent,open your favourite hexeditor and search for bytes: 000085C0741F6A05 and replace with: 000085C0EB1F6A05

Final notes...

Greetz and thanx: McCodEMaN,Bjanes,The Sandman,CrackZ,+ORC,Jeff,Eternal Bliss.....and all otherz....

Disclaimer...

This tutorial is written for EDUCATIONAL purposes only. So if you want to use the program after its trial period ends please BUY IT! Support shareware(and its authors), this is our learning tool!   ReFleXZ is not responsibile for any damage caused with this essay or any of its parts. So everything what you're doing and 'experimenting' is on your own responsibile!   Also, in this tutorial you'll not find any serial numbers, so try to search elsewhere under Cracks and Warez.