10 Reasons Why PCs Crash U Must Know
Monday, February 7, 2011
10 reasons why PCs crash U must Know
Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications."
You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening?
1 Hardware conflict
The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.
For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself.
If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number. When the user tries to use both devices at the same time, a crash can happen. The way to check if your computer has a hardware conflict is through the following route:
* Start-Settings-Control Panel-System-Device Manager.
Often if a device has a problem a yellow '!' appears next to its description in the Device Manager. Highlight Computer (in the Device Manager) and press Properties to see the IRQ numbers used by your computer. If the IRQ number appears twice, two devices may be using it.
Sometimes a device might share an IRQ with something described as 'IRQ holder for PCI steering'. This can be ignored. The best way to fix this problem is to remove the problem device and reinstall it.
Sometimes you may have to find more recent drivers on the internet to make the device function properly. A good resource is http://www.driverguide.com/. If the device is a soundcard, or a modem, it can often be fixed by moving it to a different slot on the motherboard (be careful about opening your computer, as you may void the warranty).
When working inside a computer you should switch it off, unplug the mains lead and touch an unpainted metal surface to discharge any static electricity.
To be fair to Mcft, the problem with IRQ numbers is not of its making. It is a legacy problem going back to the first PC designs using the IBM 8086 chip. Initially there were only eight IRQs. Today there are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase the number of IRQs in future designs.
2 Bad Ram
Ram (random-access memory) problems might bring on the blue screen of death with a message saying Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacing.
But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixing 70-nanosecond (70ns) Ram with 60ns Ram will usually force the computer to run all the Ram at the slower speed. This will often crash the machine if the Ram is overworked.
One way around this problem is to enter the BIOS settings and increase the wait state of the Ram. This can make it more stable. Another way to troubleshoot a suspected Ram problem is to rearrange the Ram chips on the motherboard, or take some of them out. Then try to repeat the circumstances that caused the crash. When handling Ram try not to touch the gold connections, as they can be easily damaged.
Parity error messages also refer to Ram. Modern Ram chips are either parity (ECC) or non parity (non-ECC). It is best not to mix the two types, as this can be a cause of trouble.
EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.
3 BIOS settings
Every motherboard is supplied with a range of chipset settings that are decided in the factory. A common way to access these settings is to press the F2 or delete button during the first few seconds of a boot-up.
Once inside the BIOS, great care should be taken. It is a good idea to write down on a piece of paper all the settings that appear on the screen. That way, if you change something and the computer becomes more unstable, you will know what settings to revert to.
A common BIOS error concerns the CAS latency. This refers to the Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Setting the wrong figure can cause the Ram to lock up and freeze the computer's display.
Mcft Windows is better at allocating IRQ numbers than any BIOS. If possible set the IRQ numbers to Auto in the BIOS. This will allow Windows to allocate the IRQ numbers (make sure the BIOS setting for Plug and Play OS is switched to 'yes' to allow Windows to do this.).
4 Hard disk drives
After a few weeks, the information on a hard disk drive starts to become piecemeal or fragmented. It is a good idea to defragment the hard disk every week or so, to prevent the disk from causing a screen freeze. Go to
* Start-Programs-Accessories-System Tools-Disk Defragmenter
This will start the procedure. You will be unable to write data to the hard drive (to save it) while the disk is defragmenting, so it is a good idea to schedule the procedure for a period of inactivity using the Task Scheduler.
The Task Scheduler should be one of the small icons on the bottom right of the Windows opening page (the desktop).
Some lockups and screen freezes caused by hard disk problems can be solved by reducing the read-ahead optimisation. This can be adjusted by going to
* Start-Settings-Control Panel-System Icon-Performance-File System-Hard Disk.
Hard disks will slow down and crash if they are too full. Do some housekeeping on your hard drive every few months and free some space on it. Open the Windows folder on the C drive and find the Temporary Internet Files folder. Deleting the contents (not the folder) can free a lot of space.
Empty the Recycle Bin every week to free more space. Hard disk drives should be scanned every week for errors or bad sectors. Go to
* Start-Programs-Accessories-System Tools-ScanDisk
Otherwise assign the Task Scheduler to perform this operation at night when the computer is not in use.
5 Fatal OE exceptions and VXD errors
Fatal OE exception errors and VXD errors are often caused by video card problems.
These can often be resolved easily by reducing the resolution of the video display. Go to
* Start-Settings-Control Panel-Display-Settings
Here you should slide the screen area bar to the left. Take a look at the colour settings on the left of that window. For most desktops, high colour 16-bit depth is adequate.
If the screen freezes or you experience system lockups it might be due to the video card. Make sure it does not have a hardware conflict. Go to
* Start-Settings-Control Panel-System-Device Manager
Here, select the + beside Display Adapter. A line of text describing your video card should appear. Select it (make it blue) and press properties. Then select Resources and select each line in the window. Look for a message that says No Conflicts.
If you have video card hardware conflict, you will see it here. Be careful at this point and make a note of everything you do in case you make things worse.
The way to resolve a hardware conflict is to uncheck the Use Automatic Settings box and hit the Change Settings button. You are searching for a setting that will display a No Conflicts message.
Another useful way to resolve video problems is to go to
* Start-Settings-Control Panel-System-Performance-Graphics
Here you should move the Hardware Acceleration slider to the left. As ever, the most common cause of problems relating to graphics cards is old or faulty drivers (a driver is a small piece of software used by a computer to communicate with a device).
Look up your video card's manufacturer on the internet and search for the most recent drivers for it.
6 Viruses
Often the first sign of a virus infection is instability. Some viruses erase the boot sector of a hard drive, making it impossible to start. This is why it is a good idea to create a Windows start-up disk. Go to
* Start-Settings-Control Panel-Add/Remove Programs
Here, look for the Start Up Disk tab. Virus protection requires constant vigilance.
A virus scanner requires a list of virus signatures in order to be able to identify viruses. These signatures are stored in a DAT file. DAT files should be updated weekly from the website of your antivirus software manufacturer.
An excellent antivirus programme is McAfee VirusScan by Network Associates ( http://www.nai.com/). Another is Norton AntiVirus 2000, made by Symantec ( http://www.symantec.com/).
7 Printers
The action of sending a document to print creates a bigger file, often called a postscript file.
Printers have only a small amount of memory, called a buffer. This can be easily overloaded. Printing a document also uses a considerable amount of CPU power. This will also slow down the computer's performance.
If the printer is trying to print unusual characters, these might not be recognised, and can crash the computer. Sometimes printers will not recover from a crash because of confusion in the buffer. A good way to clear the buffer is to unplug the printer for ten seconds. Booting up from a powerless state, also called a cold boot, will restore the printer's default settings and you may be able to carry on.
8 Software
A common cause of computer crash is faulty or badly-installed software. Often the problem can be cured by uninstalling the software and then reinstalling it. Use Norton Uninstall or Uninstall Shield to remove an application from your system properly. This will also remove references to the programme in the System Registry and leaves the way clear for a completely fresh copy.
The System Registry can be corrupted by old references to obsolete software that you thought was uninstalled. Use Reg Cleaner by Jouni Vuorio to clean up the System Registry and remove obsolete entries. It works on Windows 95, Windows 98, Windows 98 SE (Second Edition), Windows Millennium Edition (ME), NT4 and Windows 2000.
Read the instructions and use it carefully so you don't do permanent damage to the Registry. If the Registry is damaged you will have to reinstall your operating system. Reg Cleaner can be obtained from http://www.jv16.org/
Often a Windows problem can be resolved by entering Safe Mode. This can be done during start-up. When you see the message "Starting Windows" press F4. This should take you into Safe Mode.
Safe Mode loads a minimum of drivers. It allows you to find and fix problems that prevent Windows from loading properly.
Sometimes installing Windows is difficult because of unsuitable BIOS settings. If you keep getting SUWIN error messages (Windows setup) during the Windows installation, then try entering the BIOS and disabling the CPU internal cache. Try to disable the Level 2 (L2) cache if that doesn't work.
Remember to restore all the BIOS settings back to their former settings following installation.
9 Overheating
Central processing units (CPUs) are usually equipped with fans to keep them cool. If the fan fails or if the CPU gets old it may start to overheat and generate a particular kind of error called a kernel error. This is a common problem in chips that have been overclocked to operate at higher speeds than they are supposed to.
One remedy is to get a bigger better fan and install it on top of the CPU. Specialist cooling fans/heatsinks are available from http://www.computernerd.com/ or http://www.coolit.com/
CPU problems can often be fixed by disabling the CPU internal cache in the BIOS. This will make the machine run more slowly, but it should also be more stable.
10 Power supply problems
With all the new construction going on around the country the steady supply of electricity has become disrupted. A power surge or spike can crash a computer as easily as a power cut.
If this has become a nuisance for you then consider buying a uninterrupted power supply (UPS). This will give you a clean power supply when there is electricity, and it will give you a few minutes to perform a controlled shutdown in case of a power cut.
It is a good investment if your data are critical, because a power cut will cause any unsaved data to be lost.
REVERSE CODING
----------------------
REVERSE CODING
----------------------
# Released by Cybnet Security Group
# legalz: modify and use at will, if you make any changes, improvements, updates or use the code
# in another project, please send us what you did and give credit
# if you have any questions, post them at forum.hackerthreads.net
# be sure to check out hackerthreads.org for updates and new tutorials/downloads
Copyrights reserved to k33t, 2002 from CYBNET Security Group
----------------------------------------------------------------------------------------------------
Index:
-------
1.Introduction
2.Disclaimer
3.Hexadecimal
4.RAM and ROM
5.ASM
6.Needed programs
7.Cracking
8.Conclusion
---------------------------
---Introduction----------
Welcome to my Reverse Coding tutorial! In this paper, you will
learn how to crack and modify your own software. I'll try to get
into as much detail as possible, yet also dumb it down a bit. =)
------------------------------------------------------------------------------------------------------
---Disclaimer------------
All information is purely for educational purposes only! The author
cannot be held responsible for any (ab)use of this information.
USE AT YOUR OWN RISK!!!
------------------------------------------------------------------------------------------------------
---Hexadecimal----------
To begin, I'm going to teach you about hexadecimal, so if you already
know it, then move on. Even if you do already know it, I suggest
sticking around for a refreshment of your memory.=)
Hexadecimal, or hex as it's more commonly known, is a base 16
numbering system. Base 16 meaning that it consists of 16 numbers:
0-9 and A-F. Each of these numbers (A-F=10-16) have a value of 4 bits
and are also called nibbles. In representing a hexadecimal number, one
would write an "0x" before the actual bit set. 0x is simply a tag put
before a hex number to let programmers know that it is in fact, hex.
When writing hex, you will not need to use this prefix.
If you haven't already noticed, the 0x prefix looks similar to that of exponential
notation. Actually this is where 0x has been derived, seeing as how
hex is simply a number that has been raised to a power of 16.
This means 10 in hexadecimal represents the value 16+0, or 16. So check
out this example:
0xB3 (hex)= 2*16(squared)+11*16(to the 1st power)+3*16(to the power of 0 )
=2*256+11*16+3=691 (decimal)
Yeah, you could do all of that, or you could be lazy and use an automated
program that does it all for you. Why do you need to know hex? Because
it's used by every piece of software and hardware. How? Memory based address
allocation. Here's an example:
When you clicked on your browsers icon to launch it, the click triggered a "call"
(an asm function that will be discussed more in depth in later chapters.) which
went back to the programs memory with the "click in it's hand." It finds the
address where the code is that makes the program launch and executes it. The
address is written in, you guessed it, hex. An example of an address would be
something like this:
101c5018
5108 would be the actual specific address and 101c would be the sector
of RAM were the address is located. Those are the basics of Hexadecimal
You should probley read this chapter againbecause getting a firm grasp on hex
is essential to cracking and moding programs.
----------------------------------------------------------------------------------------------------------
---RAM and ROM--------
In this section we are gonna learn about RAM and ROM. Many people kno about
the hardware part of RAM and ROM and that's gonna be very useful to you......
just not in this tutorial. =) We are about to learn about the "software" side. I use the
term software loosly in that software tends to have a GUI (Graphical User Interface)
and this does not. BUT, there are ways to access and modify the behavior of it that
I will talk about in this chapter, as well as in the next. To start off, I'll answer some
common questions:
What is RAM?
RAM (Random Access Memory) is basically memory and the process of accessing it.
The term "Random Access Memory" was approprietly given to this memory unit because
when executing a command, the CPU doesn't have to scroll through all the memory on
your PC until it finds the right address. It "randomly" whips out the addy from it's back
pocket and serves it up.This process is both quick and efficient. Learning this process
will help you understand the ASM functions in the next chapter.
How does RAM work?
When a command is issued and the memory is pulled from file, it must first go through
what is called a "vector". A vector is a "gateway" or a "sector" of RAM where the address
of the function is stored with others of it's own kind. An example of a vector would be
something like this:
8c0000b4-8c00ffff
This means that all "addressii" (hehe) that are between those values are stored in that
sector of RAM. A vector acts as a gateway in that, first, pass through a vector to get to
address. Your average program probley has about 30 to 40 main vectors, sectioning
off from boot until exit. Knowing the vector of an addy or a function will greatly reduce
your headache when you start searching for it.
ROM. ROM is a part of memory that doesn't change. (Although we can change it.=) )
Boot ROM for instance, follows the same plan of action it is called upon. ROM also has
vectors, just like RAM. ROM is not that important when it comes to cracking to we will
leave it alone for now.
Back to RAM. Believe it or not, but addressii (there I go again, I'm such a g33k.)
actually follow certain formats or syntax's for certain functions. Take hot keys for
example: In the under ground, we call them "Joker commands". By pressing a certain
combonation of keys, a program will run, close, be stupid, whatever. The syntax for a
Joker command is as follows:
0d-aaaaaf
000zvvvv
Let's examine this format a little closer.
0d= The proclemation of a specifyed format
aaaaa= The address of the function
f= The float or remainder; "Floating point number" ; decimal
000= "NOP" No operation
z= The "Booleon" as we the C++ programmers call it. A booleon is an "IF, THEN" statement.
"IF this is true, THEN do this." Value 0= equal; 1= different; 2=less than; 3=greater than.
vvvv= The combonation of hex values (The values of the keys pressed) used to execute the "CALL"
Say the "A" key had a vlaue of fffb and the "B" key has a vlaue of fffd. You would then add both
values using a hex calculator and get fff9 as the sum. The output on you calculator would
show 1fff8. Add the first value and the last value to find the fourth byte segment. So say
we've found the address of the Joker function (usually in the boot ROM sector) commonly
called the "Maple address" and we are ready to program in some hex code. Our code may
look like this:
0d7ae671
0000fff9
This means that IF the value of fff9 (A and B) is equal (0) to the address (aaaaf) of the function,
THEN execute it. See? Easy isn't it? You'll need to know things like this when modding programs
as a use of executing of your arbitrary code in certain parts of your program at a certain time.
Joker commands are also reversable in that if you enter the same code except with a 1,2, or 3,
in the z slot and by changing the button combonations. Reversable meaning terminating the
function or other functions that were started. A good use for this is for firewalls and babysitting
programs. Are you on a college machine and can't download stuff because of that pesky firewall?
Crack it open and program in some Joker commands so you can turn it on and off at will
WITHOUT the administrator's password!
--------------------------------------------------------------------------------------------------------------
---ASM-----------------------
To start off with our small and to the point ASM section, I'll warn you in advance, after reading this,
you'll need to go take a shower cause this is disgusting! Here we go!
To begin, I'm gonna define for you some functions that you'll be seeing alot of, and be using. Here they are:
.:Hex:. .:ASM:. .:MEANING:.
75,0f85 jne jump if not equal
74,0f84 je jump is equal
eb jmp jump directly to
90 nop no operation
77,0f87 ja jump if above
0f86 jna jump if not above
0f83 jae jump if above or equal to
0f82 jnae jump if not above or equal
0f82 jb jump if below
0f83 jnb jump is not below
of86 jbe jump if below or equal
0f87 jnbe jump if not below or equal
0f8f jg jump if greater
0f8e jng jump if not greater
0f8d jge jump if greater or equal
0f8c jnge jump if not greater or equal
0f8c jl jump if less
0f8d jnl jump if not less
0f8e jle jump if less or equal
0f8f jnle jump if not less or equal
The easy thing about most of the functions in ASM are that they sound like what they mean.
Jump, means of coarse, to Jump from one thing to another. Example:
"jmp 00401744" would mean to jump directly to the address 00401744 once the code
hits the function.
Let's look at "CALL". Call is a function that is used to "call" a certain task, string, address, whatever.
Take a look at this example:
"Call 0040ccc2" this would of coarse call the address 0040ccc2 and use it. Those are the functions
you'll be using.
The reason why I'm not going into loads of detail in this chapter is because when
cracking software, not an extensive amount of knowledge of ASM is needed. If you want
to know more or need help with something, e-mail me at the address provided at the end of
this tutorial. This chapter wasn't so nasty was it? Nah, it was easy =)
------------------------------------------------------------------------------------------------------------------------
---Needed Programs----------------
The programs you will need are as follows:
WDasm 8.9 or Higher
Hiew 6.1
Softice for win9x v3.24
SubmitWolf(demo)v4.01 (http://www.trellian.com/swolf)
Programming Language (C,C++,Pascal,ASM whatever you would like) Prefably C for this tutorial!
And a brain (no seriously)
--------------------------------------------------------------------------------------------------------------------------
---Cracking-----------------------------
Ok, here we go! The first thing you need to do is to open up SoftIce and then swolf32.exe which is the name given to our
target program. Go to the help menu and select register. Here's where your brain will come in, start to look
for how the protection is running by entering some random crap into the blank space. Don't press the OK button yet though.
Instead, press CTRL-D to bring up SoftIce. What we are gonna try to do is define a breakpoint, using BPX hmemcpy.
Hit CTRL-D again and it will bring you back to the program. Click OK on the box and SoftIce will again pop up. Now press F12
and it will bring you to the target program code. Scroll down a few lines and find:
:004167D9 8D4C2410 lea ecx, dword ptr {esp+10}--;ecx=the random crap you typed in.
:004167DD 8D94290000000 lea edx, dword ptr {esp+00000090}-;edx=name
:004167E4 51 push ecx
:004167E5 52 push edx
:004167E6 E8B5450100 call 0042ADA0----;this is the call which calculates the serial
:004167EB 83C410 add esp, 00000010--;
:004167EE 85C0 test eax, eax----;and return eax=1 if true (booleon =) )
:004167F0 0F8596000000 jne 0041688C----;jump to registered
:004167F6 8D442408 lea eax, dword ptr {esp+08}
:004167FA 8D8C2488000000 lea ecx, dword ptr {esp+00000088}
:00416801 50 push eax
:00416802 51 push ecx
:00416803 E868470100 call 0042AF70----;this call tests our serial
:00416808 83C408 add esp, 00000008---;
:0041680B 85C0 test eax, eax----;for v3.XX one.
:0041680D 7433 je 00416842;jump is equal
The call that we want to focas on is at 004167E6. This call tests wether our serial is for the correct version or not.
Let's trace the call 004ADA0:
*Referenced by a CALL at address:
:0042ABFC
:0042ADA 83EC30 sub esp, 00000030
:0042ADA3 55 push ebp
:0042ASA4 56 push esi
:004ADA5 57 push edi
:0042ADA6 8B7C24444 mov edi, dword ptr {esp+44}--;edi=our fake serial
:004ADAA 85FF test edi, edi
:004ADAC 0F4A7010000 je 0042AF59----;die if empty
:004ADB2 8B6C2440 mov ebp, dword ptr {esp+40}--ebp=our name
:0042ADB6 85ED test ebp, ebp
:004ADB8 0F849B010000 je 0042AF59---;die if empty
:004ADBE 8A07 mov al, byte ptr {edi}--;compare 1st byte of serial with 'p', die
:0042ADC0 3C50 cmp al, 50----;
:0042ADC2 0F8587010000 jne 0042AF4F----;if not equal
:0042ADC8 807F0134 cmp byte ptr {edi+01}, 34--:compare byte of serial with '4'
:004ADCC 750C jne 0042ADDA----;
:0042ADCE C70500C8430000000000 mov dword ptr {0043C800}, 00000000
:0042ADD8 EB1C jmp 0042ADF6
As we can see by the above, the code tells us that the first value of our serial will
be 'p' and a cycle of a four byte algorythm. I could go on and on about all of the internals
of all this stuff but that would be going beyond the scope of this tutorial. The idea was to show
how to crack this pro, and thats what I'm going to do. Based on the information I've given you, and the
information that you can deduce from reading the code, I've written a small key generator in C.
If you know C, then you'll be able to tell where i got the algorythms to write it. So here it is:
#include
#include
int main(void)
{
long code=555583,count1,count2;
char name[25],cod[5],type='0';
clrscr();
textcolor(14);
printf("This is a simple key-generator written by k33t of CYBNET Security Group");
printf("=================================================");
text color(10);
printf("SubmitWolf(demo)ver4.1 cracked by k33t");
textcolor(14);
printf("%c%c%c",0x10,0x10,0x10");
textcolor(12);
printf("Yup")
prinf("-November 2002");
prinf("'\n\nSelect Edition PRO(0) or Enterprise(1) (0/1)=");
scanf("%c",&type);
if(type=='1')code=557283;
getchar();
prinf("Enter Registration Name=");
scanf("%[^\n]",name);
for(count1=0;count1<=3;count1++
cod[count1]=name[count1];
for(count=1;count1=3;count1++){
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]*(code%100);
code=code/100;
}
for(count1=0;name[count1]>0;count1++);
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]^(name[count1]+3);
for=(count1-3;count1>=0;count1--){
code=code+(cod[count1]&0xFF);
if(count1>0)
code=code*0x100;
}
if(code<0)code=-code;
for(;code<10000;) code=code*10;
for(;code>999999;) code=code/10;
printf(Your Serial Number=P%c4-%ld",(type=='1')? 'E':'4'code);
return ;
}
Ok! So! An overall conclusion of this code is:
1.First two characters of the serial must be either 'PE' or 'P4'.
2.Multiply every first four characters or our name with every byte of our serial before '-'
3.XOR every four byte with every byte of our name.
4.Convert to positive number if<0.
5.Convert to number between 10000 and 1000000.
Forgive me if this code is buggy as I wrote it very quickly in the little spare time I had.
-----------------------------------------------------------------------------------------------------------
---Conclusion-------
Well how was your first cracking expierience? Not bad eh? Ok well if you have any questions,
problems,comments,.....criticsms.......you can e-mail them to me at:
Email: badini4ever@yahoo.com 0333-7700757
REVERSE CODING
----------------------
# Released by Cybnet Security Group
# legalz: modify and use at will, if you make any changes, improvements, updates or use the code
# in another project, please send us what you did and give credit
# if you have any questions, post them at forum.hackerthreads.net
# be sure to check out hackerthreads.org for updates and new tutorials/downloads
Copyrights reserved to k33t, 2002 from CYBNET Security Group
----------------------------------------------------------------------------------------------------
Index:
-------
1.Introduction
2.Disclaimer
3.Hexadecimal
4.RAM and ROM
5.ASM
6.Needed programs
7.Cracking
8.Conclusion
---------------------------
---Introduction----------
Welcome to my Reverse Coding tutorial! In this paper, you will
learn how to crack and modify your own software. I'll try to get
into as much detail as possible, yet also dumb it down a bit. =)
------------------------------------------------------------------------------------------------------
---Disclaimer------------
All information is purely for educational purposes only! The author
cannot be held responsible for any (ab)use of this information.
USE AT YOUR OWN RISK!!!
------------------------------------------------------------------------------------------------------
---Hexadecimal----------
To begin, I'm going to teach you about hexadecimal, so if you already
know it, then move on. Even if you do already know it, I suggest
sticking around for a refreshment of your memory.=)
Hexadecimal, or hex as it's more commonly known, is a base 16
numbering system. Base 16 meaning that it consists of 16 numbers:
0-9 and A-F. Each of these numbers (A-F=10-16) have a value of 4 bits
and are also called nibbles. In representing a hexadecimal number, one
would write an "0x" before the actual bit set. 0x is simply a tag put
before a hex number to let programmers know that it is in fact, hex.
When writing hex, you will not need to use this prefix.
If you haven't already noticed, the 0x prefix looks similar to that of exponential
notation. Actually this is where 0x has been derived, seeing as how
hex is simply a number that has been raised to a power of 16.
This means 10 in hexadecimal represents the value 16+0, or 16. So check
out this example:
0xB3 (hex)= 2*16(squared)+11*16(to the 1st power)+3*16(to the power of 0 )
=2*256+11*16+3=691 (decimal)
Yeah, you could do all of that, or you could be lazy and use an automated
program that does it all for you. Why do you need to know hex? Because
it's used by every piece of software and hardware. How? Memory based address
allocation. Here's an example:
When you clicked on your browsers icon to launch it, the click triggered a "call"
(an asm function that will be discussed more in depth in later chapters.) which
went back to the programs memory with the "click in it's hand." It finds the
address where the code is that makes the program launch and executes it. The
address is written in, you guessed it, hex. An example of an address would be
something like this:
101c5018
5108 would be the actual specific address and 101c would be the sector
of RAM were the address is located. Those are the basics of Hexadecimal
You should probley read this chapter againbecause getting a firm grasp on hex
is essential to cracking and moding programs.
----------------------------------------------------------------------------------------------------------
---RAM and ROM--------
In this section we are gonna learn about RAM and ROM. Many people kno about
the hardware part of RAM and ROM and that's gonna be very useful to you......
just not in this tutorial. =) We are about to learn about the "software" side. I use the
term software loosly in that software tends to have a GUI (Graphical User Interface)
and this does not. BUT, there are ways to access and modify the behavior of it that
I will talk about in this chapter, as well as in the next. To start off, I'll answer some
common questions:
What is RAM?
RAM (Random Access Memory) is basically memory and the process of accessing it.
The term "Random Access Memory" was approprietly given to this memory unit because
when executing a command, the CPU doesn't have to scroll through all the memory on
your PC until it finds the right address. It "randomly" whips out the addy from it's back
pocket and serves it up.This process is both quick and efficient. Learning this process
will help you understand the ASM functions in the next chapter.
How does RAM work?
When a command is issued and the memory is pulled from file, it must first go through
what is called a "vector". A vector is a "gateway" or a "sector" of RAM where the address
of the function is stored with others of it's own kind. An example of a vector would be
something like this:
8c0000b4-8c00ffff
This means that all "addressii" (hehe) that are between those values are stored in that
sector of RAM. A vector acts as a gateway in that, first, pass through a vector to get to
address. Your average program probley has about 30 to 40 main vectors, sectioning
off from boot until exit. Knowing the vector of an addy or a function will greatly reduce
your headache when you start searching for it.
ROM. ROM is a part of memory that doesn't change. (Although we can change it.=) )
Boot ROM for instance, follows the same plan of action it is called upon. ROM also has
vectors, just like RAM. ROM is not that important when it comes to cracking to we will
leave it alone for now.
Back to RAM. Believe it or not, but addressii (there I go again, I'm such a g33k.)
actually follow certain formats or syntax's for certain functions. Take hot keys for
example: In the under ground, we call them "Joker commands". By pressing a certain
combonation of keys, a program will run, close, be stupid, whatever. The syntax for a
Joker command is as follows:
0d-aaaaaf
000zvvvv
Let's examine this format a little closer.
0d= The proclemation of a specifyed format
aaaaa= The address of the function
f= The float or remainder; "Floating point number" ; decimal
000= "NOP" No operation
z= The "Booleon" as we the C++ programmers call it. A booleon is an "IF, THEN" statement.
"IF this is true, THEN do this." Value 0= equal; 1= different; 2=less than; 3=greater than.
vvvv= The combonation of hex values (The values of the keys pressed) used to execute the "CALL"
Say the "A" key had a vlaue of fffb and the "B" key has a vlaue of fffd. You would then add both
values using a hex calculator and get fff9 as the sum. The output on you calculator would
show 1fff8. Add the first value and the last value to find the fourth byte segment. So say
we've found the address of the Joker function (usually in the boot ROM sector) commonly
called the "Maple address" and we are ready to program in some hex code. Our code may
look like this:
0d7ae671
0000fff9
This means that IF the value of fff9 (A and B) is equal (0) to the address (aaaaf) of the function,
THEN execute it. See? Easy isn't it? You'll need to know things like this when modding programs
as a use of executing of your arbitrary code in certain parts of your program at a certain time.
Joker commands are also reversable in that if you enter the same code except with a 1,2, or 3,
in the z slot and by changing the button combonations. Reversable meaning terminating the
function or other functions that were started. A good use for this is for firewalls and babysitting
programs. Are you on a college machine and can't download stuff because of that pesky firewall?
Crack it open and program in some Joker commands so you can turn it on and off at will
WITHOUT the administrator's password!
--------------------------------------------------------------------------------------------------------------
---ASM-----------------------
To start off with our small and to the point ASM section, I'll warn you in advance, after reading this,
you'll need to go take a shower cause this is disgusting! Here we go!
To begin, I'm gonna define for you some functions that you'll be seeing alot of, and be using. Here they are:
.:Hex:. .:ASM:. .:MEANING:.
75,0f85 jne jump if not equal
74,0f84 je jump is equal
eb jmp jump directly to
90 nop no operation
77,0f87 ja jump if above
0f86 jna jump if not above
0f83 jae jump if above or equal to
0f82 jnae jump if not above or equal
0f82 jb jump if below
0f83 jnb jump is not below
of86 jbe jump if below or equal
0f87 jnbe jump if not below or equal
0f8f jg jump if greater
0f8e jng jump if not greater
0f8d jge jump if greater or equal
0f8c jnge jump if not greater or equal
0f8c jl jump if less
0f8d jnl jump if not less
0f8e jle jump if less or equal
0f8f jnle jump if not less or equal
The easy thing about most of the functions in ASM are that they sound like what they mean.
Jump, means of coarse, to Jump from one thing to another. Example:
"jmp 00401744" would mean to jump directly to the address 00401744 once the code
hits the function.
Let's look at "CALL". Call is a function that is used to "call" a certain task, string, address, whatever.
Take a look at this example:
"Call 0040ccc2" this would of coarse call the address 0040ccc2 and use it. Those are the functions
you'll be using.
The reason why I'm not going into loads of detail in this chapter is because when
cracking software, not an extensive amount of knowledge of ASM is needed. If you want
to know more or need help with something, e-mail me at the address provided at the end of
this tutorial. This chapter wasn't so nasty was it? Nah, it was easy =)
------------------------------------------------------------------------------------------------------------------------
---Needed Programs----------------
The programs you will need are as follows:
WDasm 8.9 or Higher
Hiew 6.1
Softice for win9x v3.24
SubmitWolf(demo)v4.01 (http://www.trellian.com/swolf)
Programming Language (C,C++,Pascal,ASM whatever you would like) Prefably C for this tutorial!
And a brain (no seriously)
--------------------------------------------------------------------------------------------------------------------------
---Cracking-----------------------------
Ok, here we go! The first thing you need to do is to open up SoftIce and then swolf32.exe which is the name given to our
target program. Go to the help menu and select register. Here's where your brain will come in, start to look
for how the protection is running by entering some random crap into the blank space. Don't press the OK button yet though.
Instead, press CTRL-D to bring up SoftIce. What we are gonna try to do is define a breakpoint, using BPX hmemcpy.
Hit CTRL-D again and it will bring you back to the program. Click OK on the box and SoftIce will again pop up. Now press F12
and it will bring you to the target program code. Scroll down a few lines and find:
:004167D9 8D4C2410 lea ecx, dword ptr {esp+10}--;ecx=the random crap you typed in.
:004167DD 8D94290000000 lea edx, dword ptr {esp+00000090}-;edx=name
:004167E4 51 push ecx
:004167E5 52 push edx
:004167E6 E8B5450100 call 0042ADA0----;this is the call which calculates the serial
:004167EB 83C410 add esp, 00000010--;
:004167EE 85C0 test eax, eax----;and return eax=1 if true (booleon =) )
:004167F0 0F8596000000 jne 0041688C----;jump to registered
:004167F6 8D442408 lea eax, dword ptr {esp+08}
:004167FA 8D8C2488000000 lea ecx, dword ptr {esp+00000088}
:00416801 50 push eax
:00416802 51 push ecx
:00416803 E868470100 call 0042AF70----;this call tests our serial
:00416808 83C408 add esp, 00000008---;
:0041680B 85C0 test eax, eax----;for v3.XX one.
:0041680D 7433 je 00416842;jump is equal
The call that we want to focas on is at 004167E6. This call tests wether our serial is for the correct version or not.
Let's trace the call 004ADA0:
*Referenced by a CALL at address:
:0042ABFC
:0042ADA 83EC30 sub esp, 00000030
:0042ADA3 55 push ebp
:0042ASA4 56 push esi
:004ADA5 57 push edi
:0042ADA6 8B7C24444 mov edi, dword ptr {esp+44}--;edi=our fake serial
:004ADAA 85FF test edi, edi
:004ADAC 0F4A7010000 je 0042AF59----;die if empty
:004ADB2 8B6C2440 mov ebp, dword ptr {esp+40}--ebp=our name
:0042ADB6 85ED test ebp, ebp
:004ADB8 0F849B010000 je 0042AF59---;die if empty
:004ADBE 8A07 mov al, byte ptr {edi}--;compare 1st byte of serial with 'p', die
:0042ADC0 3C50 cmp al, 50----;
:0042ADC2 0F8587010000 jne 0042AF4F----;if not equal
:0042ADC8 807F0134 cmp byte ptr {edi+01}, 34--:compare byte of serial with '4'
:004ADCC 750C jne 0042ADDA----;
:0042ADCE C70500C8430000000000 mov dword ptr {0043C800}, 00000000
:0042ADD8 EB1C jmp 0042ADF6
As we can see by the above, the code tells us that the first value of our serial will
be 'p' and a cycle of a four byte algorythm. I could go on and on about all of the internals
of all this stuff but that would be going beyond the scope of this tutorial. The idea was to show
how to crack this pro, and thats what I'm going to do. Based on the information I've given you, and the
information that you can deduce from reading the code, I've written a small key generator in C.
If you know C, then you'll be able to tell where i got the algorythms to write it. So here it is:
#include
#include
int main(void)
{
long code=555583,count1,count2;
char name[25],cod[5],type='0';
clrscr();
textcolor(14);
printf("This is a simple key-generator written by k33t of CYBNET Security Group");
printf("=================================================");
text color(10);
printf("SubmitWolf(demo)ver4.1 cracked by k33t");
textcolor(14);
printf("%c%c%c",0x10,0x10,0x10");
textcolor(12);
printf("Yup")
prinf("-November 2002");
prinf("'\n\nSelect Edition PRO(0) or Enterprise(1) (0/1)=");
scanf("%c",&type);
if(type=='1')code=557283;
getchar();
prinf("Enter Registration Name=");
scanf("%[^\n]",name);
for(count1=0;count1<=3;count1++
cod[count1]=name[count1];
for(count=1;count1=3;count1++){
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]*(code%100);
code=code/100;
}
for(count1=0;name[count1]>0;count1++);
for(count2=0;count2<=3;count2++)
cod[count2]=cod[count2]^(name[count1]+3);
for=(count1-3;count1>=0;count1--){
code=code+(cod[count1]&0xFF);
if(count1>0)
code=code*0x100;
}
if(code<0)code=-code;
for(;code<10000;) code=code*10;
for(;code>999999;) code=code/10;
printf(Your Serial Number=P%c4-%ld",(type=='1')? 'E':'4'code);
return ;
}
Ok! So! An overall conclusion of this code is:
1.First two characters of the serial must be either 'PE' or 'P4'.
2.Multiply every first four characters or our name with every byte of our serial before '-'
3.XOR every four byte with every byte of our name.
4.Convert to positive number if<0.
5.Convert to number between 10000 and 1000000.
Forgive me if this code is buggy as I wrote it very quickly in the little spare time I had.
-----------------------------------------------------------------------------------------------------------
---Conclusion-------
Well how was your first cracking expierience? Not bad eh? Ok well if you have any questions,
problems,comments,.....criticsms.......you can e-mail them to me at:
Email: badini4ever@yahoo.com 0333-7700757
Powered by Qumana
