SIMPLE AND NOT SO GOOD TUTORIAL ON Turbo Debugger or HOW TO CRACK VAMPIRES 2.0 The major keys in TD are: F2 - Set/Remove breakpoint F4 - Execute to cursor position F7 - Trace instruction (dive into CALLs, practicaly execute every single instruction) F8 - Step trace (Trace thru CALLs, LOOPs, etc) F9 - Run program ALT+F5 - View user screen ------------------------------------------------------------------------------- First load the program in Turbo Debugger and you'll see this: cs:0000>BA3469 mov dx,6934 cs:0003 2E89169102 mov cs:[0291],dx cs:0008 B430 mov ah,30 cs:000A CD21 int 21 cs:000C 8B2E0200 mov bp,[0002] cs:0010 8B1E2C00 mov bx,[002C] cs:0014 8EDA mov ds,dx cs:0016 A37D00 mov [007D],ax cs:0019 8C067B00 mov [007B],es cs:001D 891E7700 mov [0077],bx cs:0021 892E9100 mov [0091],bp cs:0025 E85501 call 017D cs:0028 A17700 mov ax,[0077] cs:002B 8EC0 mov es,ax cs:002D 33C0 xor ax,ax cs:002F 8BD8 mov bx,ax cs:0031 8BF8 mov di,ax cs:0033 B9FF7F mov cx,7FFF cs:0036 FC cld cs:0037 F2AE repnz scasb I'll tell you that the program is written in Borland C++ and I know that program compiled with this C begin here: cs:0138 FF367300 push word ptr [0073] cs:013C FF367100 push word ptr [0071] cs:0140 FF366F00 push word ptr [006F] cs:0144 FF366D00 push word ptr [006D] cs:0148 FF366B00 push word ptr [006B] cs:014C>9A46029223 call 2392:0246 <------ THE BEGGINING OF THE PROGRAM so go directly to the CALL and press F4 (EXECUTE TO HERE) then set breakpoint with F2, press F7 to get into the procedure and continue with F8 until you get here: cs:03A8 B80E00 mov ax,000E cs:03AB 50 push ax cs:03AC 9AA70D3B31 call 313B:0DA7 cs:03B1 83C402 add sp,0002 cs:03B4>9AC6019827 call 2798:01C6 <- write "UNREGISTERED" to screen Dive into taged call with F7 and continue with F8 until you get here: cs:01D5 9AA70D3B31 call 313B:0DA7 cs:01DA 83C402 add sp,0002 cs:01DD>833E5C9C00 cmp word ptr [9C5C],0000 <- Wow, this cs:01E2 7555 jne 0239 <- looks suspicious what you see here is that program checks variable for zero and if it's zero then write to screen UNREGISTERED. You need to replace these lines with these: cs:01DD C6065C9C01 mov byte ptr [9C5C],01 <- Set variable to 1 'cos probably somewhere in the program there's another check cs:01E2 EB55 jmp 0239 press F9 and program tells you that you're registered and nag delay is removed and everything is so c00l :) Now to apply patches in VAMPIRES.EXE Search for: 83 3E 5C 9C 00 75 55 Replace with: C6 06 5C 9C 01 EB 55 now EXE is patched you run it but you see terrible text that says "EXE file does not have a valid hash stamp; aborting." shit the program has SELF-CHECK, well back to the debugger :-))) Hopefully TURBO DEBUGGER has remembered your breakpoints, so after loading the program press F9 to run it. It will stop on the first breakpoint that you set. Dive into call (F7) and you'll see this: cs:024 55 push bp cs:0247 8BEC mov bp,sp cs:0249 39261A70 cmp [701A],sp cs:024D 7705 ja 0254 cs:024F 9A3E404C10 call 104C:403E cs:0254 9A2028A81D call 1DA8:2820 cs:0259 C45E08 les bx,[bp+08] cs:025C 26FF7702 push es:word ptr [bx+02] cs:0260 26FF37 push es:word ptr [bx] cs:0263 0E push cs cs:0264 E8EBFE call 0152 <- This is SELF-CHECK cs:0267 83C404 add sp,0004 cs:026A 3D0100 cmp ax,0001 cs:026D>7407 je 0276 !!!<- If AX <> 0 THEN ExeTampered := TRUE cs:026F 3D0200 cmp ax,0002 cs:0272 7411 je 0285 <- If AX <> 0 THEN ExeTampered := TRUE cs:0274 EB1E jmp 0294 <- Everything is fine go on cs:0276 1E push ds cs:0277 B8A115 mov ax,15A1 cs:027A 50 push ax cs:027B 9AEC5B4C10 call 104C:5BEC cs:0280 83C404 add sp,0004 cs:0283 5D pop bp cs:0284 CB retf 'cos of two check it's easy for us to modify first "JE" to jump over the checks. The patch that we'll apply here is: cs:026D 7407 je 0276 becames cs:026D EB25 jmp 0294 or in file: Search for: 74 07 3D 02 00 74 11 Replace with: EB 25 3D 02 00 74 11 well that's it I'm tired of typing and translating into english :))) P.S. You're wondering why the heck fucked program doesn't say "Registered to *NAME IN THE CFG*" ??? That's because the program requires KEYFILE to be properly registered, the USERNAME and CODE in .CFG file are not enough. If you dont't want to see the text "Registered to " in the beginning you should patch the program :>> This will be a little exercise for you...... P.P.S Sorry for all of the spelling errors :-)))))