How to make Keygens.
Long and detailed tutorial :
Tools!
For tools you need a minimum of debugger like SoftIce for Windows (hence WinIce), and a C compiler with Dos libraries.
Content!
In this tutorial I will show how to make a key-gen for Ize and Swiftsearch. The protection that these programs use is the well
known Enter-Name-and-Registration-Number method. After selecting 'register', a window pops up where you can enter your name and
your registration number. The strategy here is to find out where in memory the data you enter is stored and then to find out what
is done with it. Before you go on make sure you configure the SoftIce dat file correctly.
Tutorial number 1:
Scanline Swiftsearch 2.0!
Swiftsearch is a useful little program that you can use to search on the web. I will explain step by step how to crack it.
step 1. Start the program
step 2: Choose register from the menus. You will now get a window where you can enter your name and your registration number.
step 3: Enter SoftIce (ctrl-d)
step 4: We will now set a breakpoint on functions like GetWindowText(a) and GetDlgItemText(a) to find out where in memory the data that we just entered
is stored. The function that is used by this program is GetDlgItemTexta (trial and error, just try yourself so, in SoftIce type BPX GetDlgItemTexta
and exit SoftIce with the g command.
step 5: Now type a name and a registration number (I used jmdg and 12345) and press OK, this will put you back in SoftIce. Since you are now inside
the GetDlgItemTexta function press F11 to get out of it. You should see the following code:
lea eax, [ebp-2C] :<--- we are looking for this location
push eax
push 00000404
push [ebp+08]
call [USER32!GetDlgItemTextA]
mov edi, eax :<--- eax has the length of the string
and is stored in edi for later usage.
We see that EAX is loaded with a memory address and then pushed to the stack as a parameter for the function GetDlgItemTextA. Since the function
GetDlgItemTextA is already been run we can look at EBP-2c (with ED EDP-2c) and see that the name we entered is there. Now we know where the name
is stored in memory, normally it would be wise to write that address down, but we will see that in this case it wont be necessary.
So, what next? Now we have to allow the program to read the registration number we entered. Just type g and return and when back in SoftIce press F11.
You should see the following code:
push 0000000B
lea ecx, [ebp-18] : <--So, ebp-18 is where the reg. number
push ecx : is stored.
push 0000042A
push [ebp+08]
call [USER32!GetDlgItemTextA]
mov ebx, eax : <--save the lenght of string in EBX
test edi, edi : <--remember EDI had the lenght of the
jne 00402FBF : name we entered?
We see that the registration number is stored at location EBP-18 , check it with ED EBP-18. Again, normally it would be wise to note that address down.
Also we see that it is checked if the length of the name we gave was not zero. If it is not zero the program will continue.
Step 6: Ok, now we know where the data we entered is stored in memory. What next?
Now we have to find out what is DONE with it. Usually it would we wise to put breakpoints on those memory locations and find out where in the program
they are read. But in this case the answer is just a few F10's away. Press F10 until you see the following code :
cmp ebx, 0000000A :<--remember EPX had the length of the
je 00402FDE : registration code we entered?
These two lines are important. They check if the length of the registration code we entered is equal to 10. If not the registration number will be
considered wrong already. The program wont even bother to check it. Modify EBX or the FLAG register in the register window to allow the jump. Continue
Pressing F10 until you get to the following code (note that the adresses you will see could be different) :
:00402FDE xor esi, esi :<-- Clear ESI
:00402FE0 xor eax, eax :<-- Clear EAX
:00402FE2 test edi, edi
:00402FE4 jle 00402FF2
:00402FE6 movsx byte ptr ecx, [ebp + eax - 2C] :<-- ECX is loaded with a letter of the name we entered.
:00402FEB add esi, ecx :<-- Add the letter to ESI
:00402FED inc eax :<-- Increment EAX to get next letter
:00402FEE cmp eax, edi :<-- Did we reach the end of the string?
:00402FF0 jl 00402FE6 :<-- If not, go get the next letter.
Well, we see that the program adds together all the letters of the name we entered. Knowing that ESI contains the sum of the letters, lets continue
and find out what the program does with that value :
:00402FF2 push 0000000A
:00402FF4 lea eax, [ebp-18] :<-- Load EAX with the address of the reg. number we entered
:00402FF7 push 00000000
:00402FF9 push eax :<-- Push EAX (as a parameter for the following function)
:00402FFA call 00403870 :<-- Well, what do you think this function does?
:00402FFF add esp, 0000000C
:00403002 cmp eax, esi :<-- Hey!
:00403004 je 00403020
We see that a function is called and when RETurned ESI is compared with EAX. Hmm, lets look at what's in EAX. A '? EAX' reveals :
00003039 0000012345 "09"
Bingo. That's what we entered as the registration number. It should have been what's inside ESI. And we know what's inside ESI, the sum of
the letters of the name we entered!
Step 7: Now we know how the program computes the registration code we can make a key-gen.
But we should not forget that the program checks also that the registration number has 10
digits.
A simple C code that will compute the registration number for this program could look like this:
#include
#include
main()
{
char Name[100];
int NameLength,Offset;
long int Reg = 0, Dummy2 = 10;
int Dummy = 0;
int LengtDummy = 1;
int Lengt , Teller;
printf("Scanline SwiftSearch 2.0 crack by JM-DG.\n");
printf("Enter your name: ");
gets(Name);
NameLength=strlen(Name);
/* the for lus calculates the sum of the letters in Name */
/* and places that value in Reg */
for (Offset=0;Offset /* Then print the registration number */
printf("%lu\n", Reg);
}
Tutorial number 2
Ize 2.04 from Gadgetware
Ize from Gadgetware is a cute little program that will put a pair of eyes on your screen which will
follow your mousepointer. It has a register function where you can enter your name and a registration
number. The strategy in this case is still the same : Find out where in memory the entered information
is stored and then find out what is done with that information.
Step 1: Start Ize. Chose register and enter a name and a number. I used again 'jmdg' and '12345'.
Sterp 2: Enter (CTRL-D) Softice and set a breakpoint on GetDlgItemTextA.
Step 3: Leave SoftIce and press OK. This will put you back in Softice. You will be inside the GetDlgItemTextA
function. To get out of it press F11. You should see the following code :
mov esi, [esp + 0C]
push 00000064
push 0040C3A0 :<--On this memory location the NAME we entered will be stored.
mov edi, [USER32!GetDlgItemTextA] :<--Load edi with adress of GetDlgItemTextA
push 00004EE9
push esi
call edi :<-- Call GetDlgItemTextA
push 00000064 :<-- (you should be here now)
push 0040C210 :<--On this memory location the NUMBER we entered will be stored
push 00004EEA
push esi
call edi :<-- Call GetDlgItemTextA
We see that the function GetDlgItemTextA is called twice in this code fragment. The first call has
already happened. With ED 40C3A0 we can check that the name we entered is stored on that location.
To allow the program to read in the number we entered we type G and enter. Now we are inside the Get-
DlgItemTextA function again and we press f11 to get out of it. We check memory location 40C210 and
we see the number we entered is stored there.
Now we know the locations were the name and the number are stored,we note those down!
Step 4: Ok, what next? We now know where in memory the name and the number are stored. We need to find out
what the program does with those values. In order to do that we could set breakpoints on those memory
locations to see where they are read. But in this case it wont be necessary. The answer is right after the
above code :
push 0040C210 :<--save the location of the number we entered (as a parameter for the next call)
call 00404490 :<-- call this unknown function
add esp, 00000004
mov edi, eax :<-- save EAX (hmmmm)
We see a function being called with the number-location as a parameter. We could trace into the function and see what it does, but that is not
needed. With your experience of the Swiftsearch example you should be able to guess what this function does. It calculates the numerical value
of the registration number and puts it in EAX. To be sure we step further using F10 until we are past the call and check the contents of EAX
(with ? EAX). In my case it showed : 00003039 0000012345 "09".
Knowing that EDI contains our registration number we proceed:
push 0040C3A0 :<-- save the location of the name we entered (as a parameter for the next call)
push 00409080 :<-- save an unknown memory-location (as a parameter for the next call)
call 004043B0 :<--call to an unknown function
add esp, 00000008
cmp edi, eax :<--compare EDI (reg # we entered) with EAX (unknown, since the previous call changed it)
jne 004018A1 :<--jump if not equal
We see that a function is called with two parameters. One of the parameters is the location of the name
we entered. The other we dont know, but we can find out with ED 409080. We see the text 'Ize'.
This function calculates the right registration number using those two parameters. If you just want to
crack this program, you can place a breakpoint right after the call and check the contents of EAX. It will
contain the right registration number. But since we want to know HOW the reg. # is calculated we will trace
inside the function (using T). We will then try to find out HOW the contents of EAX got in there.
Step 5: Once inside the interesting function you will see that we are dealing with a rather long function.
It wont be necessary for me to include the complete listing of this function, because we wont need all of it to make our key-gen.
But in order find out which part of the code is essential for the computation of the right registration number,
you have to trace STEP by STEP and figure out what EXACTLY is going on!
Afther doing this i found out that the first part of the function computes some kind of "key". Then this
"key" is stored in memory and in that way passed on to the second part of the function.
The second part of the function then computes the right registration number, based on this "key" AND
the name we entered.
The code that is essential and that we need for our key-gen is the following:
( Note that before the following code starts, the registers that are used will have the following values:
EBX will point to the first letter of the name we entered,
EDX will be zero,
EBP will be zero,
The "key" that we talked about earlier is stored in memory location 0040B828 and will
have 0xA4CC as its initial value. )
:00404425 movsx byte ptr edi, [ebx + edx] :<-- Put first letter of the name in EDI
:00404429 lea esi, [edx+01] :<-- ESI gets the "letter-number"
:0040442C call 00404470 :<-- Call function
:00404431 imul edi, eax :<-- EDI=EDI*EAX (eax is the return value of the the previous call)
:00404434 call 00404470 :<-- Call function
:00404439 mov edx, esi
:0040443B mov ecx, FFFFFFFF
:00404440 imul edi, eax :<-- EDI=EDI*EAX (eax is the return value of the previous call)
:00404443 imul edi, esi :<-- EDI=EDI*ESI ( esi is the number of the letter position)
:00404446 add ebp, edi :<-- EBP=EBP+EDI (beware that EBP will finally contain the right reg#)
:00404448 mov edi, ebx :<--these lines compute the lenght of the name we entered
:0040444A sub eax, eax :<--these lines compute the lenght of the name we entered
:0040444C repnz :<--these lines compute the lenght of the name we entered
:0040444D scasb :<--these lines compute the lenght of the name we entered
:0040444E not ecx :<--these lines compute the lenght of the name we entered
:00404450 dec ecx :<-- ECX now contains the lenght of the name
:00404451 cmp ecx, esi
:00404453 ja 00404425 :<-- If its not the end of the name , go do the same with the next letter
:00404455 mov eax, ebp :<-- SAVE EBP TO EAX !!!!
:00404457 pop ebp
:00404458 pop edi
:00404459 pop esi
:0040445A pop ebx
:0040445B ret
_____
:00404470 mov eax, [0040B828] :<-- Put "key" in EAX
:00404475 mul eax, eax, 015A4E35 :<-- EAX=EAX * 15A4E35
:0040447B inc eax :<-- EAX=EAX + 1
:0040447C mov [0040B828], eax :<-- Replace the "key" with the new value of EAX
:00404481 and eax, 7FFF0000 :<-- EAX=EAX && 7FFF0000
:00404486 shr eax, 10 :<-- EAX=EAX >>10
:00404489 ret
The above code consists of a loop that goes trough all the letters of the name we entered. With each
letter some value is calculated, all these values are added up together (in EBP). Then this value is stored
in EAX and the function RETurns. And that was what we were looking for, we wanted to know how EAX got its value!
Step 6: Now to make a key-gen we have to translate the above method of calculating the right reg# into a
c program. It could be done in the following way :
(Note : I am a bad c programmer I just began to use this language...)
#include
#include
main()
{
char Name[100];
int NameLength,Offset;
unsigned long Letter,DummyA;
unsigned long Key = 0xa4cc;
unsigned long Number = 0;
printf("Ize 2.04 crack by JM-DG\n");
printf("Enter your name: ");
gets(Name);
NameLength=strlen(Name);
for (Offset=0;Offset }
How to make Keygens
How to Bypass BIOS Passwords
How to Bypass BIOS Passwords
DISCLAIMER
This article is intended for IT Professionals and systems administrators with experience servicing computer hardware. It is not intended for home users, hackers, or computer thieves attempting to Cr*ck the password on a stolen PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, and please use this information responsibly. LabMice.net is not responsible for the use or misuse of this material, including loss of data, damage to hardware, or personal injury.
Before attempting to bypass the BIOS password on a computer, please take a minute to contact the hardware manufacturer support staff directly and ask for their recommended methods of bypassing the BIOS security. In the event the manufacturer cannot (or will not) help you, there are a number of methods that can be used to bypass or reset the BIOS password yourself. They include:
Using a manufacturers backdoor password to access the BIOS
Use password cracking software
Reset the CMOS using the jumpers or solder beads.
Removing the CMOS battery for at least 10 minutes
Overloading the keyboard buffer
Using a professional service
Please remember that most BIOS passwords do not protect the hard drive, so if you need to recover the data, simply remove the hard drive and install it in an identical system, or configure it as a slave drive in an existing system. The exception to this are laptops, especially IBM Thinkpads, which silently lock the hard drive if the supervisor password is enabled. If the supervisor password is reset without resetting the and hard drive as well, you will be unable to access the data on the drive.
--------------------------------------------------------------------------------
Backdoor passwords
Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password. These passwords are case sensitive, so you may wish to try a variety of combinations. Keep in mind that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards. Laptops typically have better BIOS security than desktop systems, and we are not aware of any backdoor passwords that will work with name brand laptops.
WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords
Award BIOS backdoor passwords:
ALFAROME ALLy aLLy aLLY ALLY aPAf _award AWARD_SW AWARD?SW AWARD SW AWARD PW AWKWARD awkward BIOSTAR CONCAT CONDO Condo d8on djonet HLT J64 J256 J262 j332 j322 KDD Lkwpeter LKWPETER PINT pint SER SKY_FOX SYXZ syxz shift + syxz TTPTHA ZAAADA ZBAAACA ZJAAADC 01322222
589589 589721 595595 598598
AMI BIOS backdoor passwords:
AMI AAAMMMIII BIOS PASSWORD HEWITT RAND AMI?SW AMI_SW LKWPETER A.M.I. CONDO
PHOENIX BIOS backdoor passwords:
phoenix, PHOENIX, CMOS, BIOS
MISC. COMMON PASSWORDS
ALFAROME BIOSTAR biostar biosstar CMOS cmos LKWPETER lkwpeter setup SETUP Syxz Wodj
OTHER BIOS PASSWORDS BY MANUFACTURER
Manufacturer Password
VOBIS & IBM merlin
Dell Dell
Biostar Biostar
Compaq Compaq
Enox xo11nE
Epox central
Freetech Posterie
IWill iwill
Jetway spooml
Packard Bell bell9
QDI QDI
Siemens SKY_FOX
TMC BIGO
Toshiba Toshiba
TOSHIBA BIOS
Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot
IBM APTIVA BIOS
Press both mouse buttons repeatedly during the boot
--------------------------------------------------------------------------------
Password cracking software
The following software can be used to either Cr*ck or reset the BIOS on many chipsets. If your PC is locked with a BIOS administrator password that will not allow access to the floppy drive, these utilities may not work. Also, since these utilities do not come from the manufacturer, use them cautiously and at your own risk.
Cmos password recovery tools 3.1
!BIOS (get the how-to article)
RemPass
KILLCMOS
--------------------------------------------------------------------------------
Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings
Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS passwords. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturers documentation. If the documentation is unavailable, the jumpers/dipswitches can sometimes be found along the edge of the motherboard, next to the CMOS battery, or near the processor. Some manufacturers may label the jumper / dipswitch CLEAR - CLEAR CMOS - CLR - CLRPWD - PASSWD - PASSWORD - PWD. On laptop computers, the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop.
Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. Once you locate and rest the jumper switches, turn the computer on and check if the password has been cleared. If it has, turn the computer off and return the jumpers or dipswitches to its original position.
--------------------------------------------------------------------------------
Removing the CMOS Battery
The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. (It looks like a small watch battery). If you unplug the PC and remove the battery for 10-15 minutes, the CMOS may reset itself and the password should be blank. (Along with any other machine specific settings, so be sure you are familiar with manually reconfiguring the BIOS settings before you do this.) Some manufacturers backup the power to the CMOS chipset by using a capacitor, so if your first attempt fails, leave the battery out (with the system unplugged) for at least 24 hours. Some batteries are actually soldered onto the motherboard making this task more difficult. Unsoldering the battery incorrectly may damage your motherboard and other components, so please don't attempt this if you are inexperienced. Another option may be to remove the CMOS chip from the motherboard for a period of time.
Note: Removing the battery to reset the CMOS will not work for all PC's, and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power, so removing the CMOS battery may not work at all. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. If you reset the BIOS password, but cannot reset the hard drive password, you may not be able to access the drive and it will remain locked, even if you place it in a new laptop. IBM Thinkpads have special jumper switches on the motherboard, and these should be used to reset the system.
--------------------------------------------------------------------------------
Overloading the KeyBoard Buffer
On some older computer systems, you can force the CMOS to enter its setup screen on boot by overloading the keyboard buffer. This can be done by booting with the keyboard or mouse unattached to the systems, or on some systems by hitting the ESC key over 100 times in rapid succession.
--------------------------------------------------------------------------------
Jumping the Solder Beads on the CMOS
It is also possible to reset the CMOS by connecting or "jumping" specific solder beads on the chipset. There are too many chipsets to do a breakdown of which points to jump on individual chipsets, and the location of these solder beads can vary by manufacturer, so please check your computer and motherboard documentation for details. This technique is not recommended for the inexperienced and should be only be used as a "last ditch" effort.
--------------------------------------------------------------------------------
Using a professional service
If the manufacturer of the laptop or desktop PC can't or won't reset the BIOS password, you still have the option of using a professional service. Password Crackers, Inc., offers a variety of services for desktop and laptop computers for between $100 and $400. For most of these services, you'll need to provide some type of legitimate proof of ownership. This may be difficult if you've acquired the computer second hand or from an online auction.
BIOS Master Passwörter:
Award:
master
PASSWORT
setup
?award
admin
alfarome
aLLy
aPAf
award
award_?
award.sw
AWARD SW
AWARD_SW
AWARD_PW
award_ps
AWARD?SW
awkward
BIOS
bios*
biostar
biosstar
CONCAT
CONDO
condo
g6PJ
h6BB
HELGA-S
HEWITT RAND
HLT
j09F
j256
j262
j322
j64
lkw peter
key
master key
SER
SKY_FOX
SWITCHES_SW
Sxyz
TTPTHA
TzqF
wodj
ZAAADA
zbaaaca
zjaaadc
AMI:
ami
amidecod
amipswd
AMIPSWD
AMI
A.M.I.
aammii
AMI~
amiami
AMI.KEY
AMISETUP
AMI_SW
bios310
BIOSPASS
CMOSPWD
KILLCMOS
master
589589
ami.kez
ami°
Advantace Integration:
Advance
Biostar:
Biostar
Q54arwms
Concord:
last
CTX International:
CTX_123
Daewoo:
Daytec
Daewuu
DELL:
DELL
Digital Equipment:
komprie
Freetech:
Posterie
HP Vextra Serie:
hewlpack
IBM:
IBM
MBIUO
sertafu
Mach Speed:
sp99dd
Megastar:
Star
Toshiba:
24Banc81
Toshiba
toshy99
WIMBIOS BIOS:
Compleri
Zenith:
3098z
Zenith
Micron:
sldkj754
xyzall
Miconics
QDI:
QDI
Quantex:
teX1
Research:
Col2ogro2
Shuttle:
Spaceve
Siemens Nixdorf:
SKY_FOX
Super Micro:
ksdjfg934t
TMC:
BIGO
dn_04rjc
M Technology:
mMmM
Packard Bell:
Bell9
All Windows Shortcuts
Run Commands:
compmgmt.msc - Computer management
devmgmt.msc - Device manager
diskmgmt.msc - Disk management
dfrg.msc - Disk defrag
eventvwr.msc - Event viewer
fsmgmt.msc - Shared folders
gpedit.msc - Group policies
lusrmgr.msc - Local users and groups
perfmon.msc - Performance monitor
rsop.msc - Resultant set of policies
secpol.msc - Local security settings
services.msc - Various Services
msconfig - System Configuration Utility
regedit - Registry Editor
msinfo32 _ System Information
sysedit _ System Edit
win.ini _ windows loading information(also system.ini)
winver _ Shows current version of windows
mailto: _ Opens default email client
command _ Opens command prompt
Run Commands to access the control panel:
Add/Remove Programs control appwiz.cpl
Date/Time Properties control timedate.cpl
Display Properties control desk.cpl
FindFast control findfast.cpl
Fonts Folder control fonts
Internet Properties control inetcpl.cpl
Keyboard Properties control main.cpl keyboard
Mouse Properties control main.cpl
Multimedia Properties control mmsys.cpl
Network Properties control netcpl.cpl
Password Properties control password.cpl
Printers Folder control printers
Sound Properties control mmsys.cpl sounds
System Properties control sysdm.cpl
Command Prompt:
ANSI.SYS Defines functions that change display graphics, control cursor movement, and reassign keys.
APPEND Causes MS-DOS to look in other directories when editing a file or running a command.
ARP Displays, adds, and removes arp information from network devices.
ASSIGN Assign a drive letter to an alternate letter.
ASSOC View the file associations.
AT Schedule a time to execute commands or programs.
ATMADM Lists connections and addresses seen by Windows ATM call manager.
ATTRIB Display and change file attributes.
BATCH Recovery console command that executes a series of commands in a file.
BOOTCFG Recovery console command that allows a user to view, modify, and rebuild the boot.ini
BREAK Enable / disable CTRL + C feature.
CACLS View and modify file ACL's.
CALL Calls a batch file from another batch file.
CD Changes directories.
CHCP Supplement the International keyboard and character set information.
CHDIR Changes directories.
CHKDSK Check the hard disk drive running FAT for errors.
CHKNTFS Check the hard disk drive running NTFS for errors.
CHOICE Specify a listing of multiple options within a batch file.
CLS Clears the screen.
CMD Opens the command interpreter.
COLOR Easily change the foreground and background color of the MS-DOS window.
COMP Compares files.
COMPACT Compresses and uncompress files.
CONTROL Open control panel icons from the MS-DOS prompt.
CONVERT Convert FAT to NTFS.
COPY Copy one or more files to an alternate location.
CTTY Change the computers input/output devices.
DATE View or change the systems date.
DEBUG Debug utility to create assembly programs to modify hardware settings.
DEFRAG Re-arrange the hard disk drive to help with loading programs.
DEL Deletes one or more files.
DELETE Recovery console command that deletes a file.
DELTREE Deletes one or more files and/or directories.
DIR List the contents of one or more directory.
DISABLE Recovery console command that disables Windows system services or drivers.
DISKCOMP Compare a disk with another disk.
DISKCOPY Copy the contents of one disk and place them on another disk.
DOSKEY Command to view and execute commands that have been run in the past.
DOSSHELL A GUI to help with early MS-DOS users.
DRIVPARM Enables overwrite of original device drivers.
ECHO Displays messages and enables and disables echo.
EDIT View and edit files.
EDLIN View and edit files.
EMM386 Load extended Memory Manager.
ENABLE Recovery console command to enable a disable service or driver.
ENDLOCAL Stops the localization of the environment changes enabled by the setlocal command.
ERASE Erase files from computer.
EXIT Exit from the command interpreter.
EXPAND Expand a M*cros*ft Windows file back to it's original format.
EXTRACT Extract files from the M*cros*ft Windows cabinets.
FASTHELP Displays a listing of MS-DOS commands and information about them.
FC Compare files.
FDISK Utility used to create partitions on the hard disk drive.
FIND Search for text within a file.
FINDSTR Searches for a string of text within a file.
FIXBOOT Writes a new boot sector.
FIXMBR Writes a new boot record to a disk drive.
FOR Boolean used in batch files.
FORMAT Command to erase and prepare a disk drive.
FTP Command to connect and operate on a FTP server.
FTYPE Displays or modifies file types used in file extension associations.
GOTO Moves a batch file to a specific label or location.
GRAFTABL Show extended characters in graphics mode.
HELP Display a listing of commands and brief explanation.
IF Allows for batch files to perform conditional processing.
IFSHLP.SYS 32-bit file manager.
IPCONFIG Network command to view network adapter settings and assigned values.
KEYB Change layout of keyboard.
LABEL Change the label of a disk drive.
LH Load a device driver in to high memory.
LISTSVC Recovery console command that displays the services and drivers.
LOADFIX Load a program above the first 64k.
LOADHIGH Load a device driver in to high memory.
LOCK Lock the hard disk drive.
LOGON Recovery console command to list installations and enable administrator login.
MAP Displays the device name of a drive.
MD Command to create a new directory.
MEM Display memory on system.
MKDIR Command to create a new directory.
MODE Modify the port or display settings.
MORE Display one page at a time.
MOVE Move one or more files from one directory to another directory.
MSAV Early M*cros*ft Virus scanner.
MSD Diagnostics utility.
MSCDEX Utility used to load and provide access to the CD-ROM.
NBTSTAT Displays protocol statistics and current TCP/IP connections using NBT
NET Update, fix, or view the network or network settings
NETSH Configure dynamic and static network information from MS-DOS.
NETSTAT Display the TCP/IP network protocol statistics and information.
NLSFUNC Load country specific information.
NSLOOKUP Look up an IP address of a domain or host on a network.
PATH View and modify the computers path location.
PATHPING View and locate locations of network latency.
PAUSE Command used in batch files to stop the processing of a command.
PING Test / send information to another network computer or network device.
POPD Changes to the directory or network path stored by the pushd command.
POWER Conserve power with computer portables.
PRINT Prints data to a printer port.
PROMPT View and change the MS-DOS prompt.
PUSHD Stores a directory or network path in memory so it can be returned to at any time.
QBASIC Open the QBasic.
RD Removes an empty directory.
REN Renames a file or directory.
RENAME Renames a file or directory.
RMDIR Removes an empty directory.
ROUTE View and configure windows network route tables.
RUNAS Enables a user to execute a program on another computer.
SCANDISK Run the scandisk utility.
SCANREG Scan registry and recover registry from errors.
SET Change one variable or string to another.
SETLOCAL Enables local environments to be changed without affecting anything else.
SETVER Change MS-DOS version to trick older MS-DOS programs.
SHARE Installs support for file sharing and locking capabilities.
SHIFT Changes the position of replaceable parameters in a batch program.
SHUTDOWN Shutdown the computer from the MS-DOS prompt.
SMARTDRV Create a disk cache in conventional memory or extended memory.
SORT Sorts the input and displays the output to the screen.
START Start a separate window in Windows from the MS-DOS prompt.
SUBST Substitute a folder on your computer for another drive letter.
SWITCHES Remove add functions from MS-DOS.
SYS Transfer system files to disk drive.
TELNET Telnet to another computer / device from the prompt.
TIME View or modify the system time.
TITLE Change the title of their MS-DOS window.
TRACERT Visually view a network packets route across a network.
TREE View a visual tree of the hard disk drive.
TYPE Display the contents of a file.
UNDELETE Undelete a file that has been deleted.
UNFORMAT Unformat a hard disk drive.
UNLOCK Unlock a disk drive.
VER Display the version information.
VERIFY Enables or disables the feature to determine if files have been written properly.
VOL Displays the volume information about the designated drive.
XCOPY Copy multiple files, directories, and/or drives from one location to another.
TRUENAME When placed before a file, will display the whole directory in which it exists
TASKKILL It allows you to kill those unneeded or locked up applications
Windows XP Shortcuts:
ALT+- (ALT+hyphen) Displays the Multiple Document Interface (MDI) child window's System menu
ALT+ENTER View properties for the selected item
ALT+ESC Cycle through items in the order they were opened
ALT+F4 Close the active item, or quit the active program
ALT+SPACEBAR Display the System menu for the active window
ALT+TAB Switch between open items
ALT+Underlined letter Display the corresponding menu
BACKSPACE View the folder one level up in My Computer or Windows Explorer
CTRL+A Select all
CTRL+B Bold
CTRL+C Copy
CTRL+I Italics
CTRL+O Open an item
CTRL+U Underline
CTRL+V Paste
CTRL+X Cut
CTRL+Z Undo
CTRL+F4 Close the active document
CTRL while dragging Copy selected item
CTRL+SHIFT while dragging Create shortcut to selected iteM
CTRL+RIGHT ARROW Move the insertion point to the beginning of the next word
CTRL+LEFT ARROW Move the insertion point to the beginning of the previous word
CTRL+DOWN ARROW Move the insertion point to the beginning of the next paragraph
CTRL+UP ARROW Move the insertion point to the beginning of the previous paragraph
SHIFT+DELETE Delete selected item permanently without placing the item in the Recycle Bin
ESC Cancel the current task
F1 Displays Help
F2 Rename selected item
F3 Search for a file or folder
F4 Display the Address bar list in My Computer or Windows Explorer
F5 Refresh the active window
F6 Cycle through screen elements in a window or on the desktop
F10 Activate the menu bar in the active program
SHIFT+F10 Display the shortcut menu for the selected item
CTRL+ESC Display the Start menu
SHIFT+CTRL+ESC Launches Task Manager
SHIFT when you insert a CD Prevent the CD from automatically playing
WIN Display or hide the Start menu
WIN+BREAK Display the System Properties dialog box
WIN+D Minimizes all Windows and shows the Desktop
WIN+E Open Windows Explorer
WIN+F Search for a file or folder
WIN+F+CTRL Search for computers
WIN+L Locks the desktop
WIN+M Minimize or restore all windows
WIN+R Open the Run dialog box
WIN+TAB Switch between open items
Windows Explorer Shortcuts:
ALT+SPACEBAR - Display the current window's system menu
SHIFT+F10 - Display the item's context menu
CTRL+ESC - Display the Start menu
ALT+TAB - Switch to the window you last used
ALT+F4 - Close the current window or quit
CTRL+A - Select all items
CTRL+X - Cut selected item(s)
CTRL+C - Copy selected item(s)
CTRL+V - Paste item(s)
CTRL+Z - Undo last action
CTRL+(+) - Automatically resize the columns in the right hand pane
TAB - Move forward through options
ALT+RIGHT ARROW - Move forward to a previous view
ALT+LEFT ARROW - Move backward to a previous view
SHIFT+DELETE - Delete an item immediately
BACKSPACE - View the folder one level up
ALT+ENTER - View an item's properties
F10 - Activate the menu bar in programs
F6 - Switch between left and right panes
F5 - Refresh window contents
F3 - Display Find application
F2 - Rename selected item
Internet Explorer Shortcuts:
CTRL+A - Select all items on the current page
CTRL+D - Add the current page to your Favorites
CTRL+E - Open the Search bar
CTRL+F - Find on this page
CTRL+H - Open the History bar
CTRL+I - Open the Favorites bar
CTRL+N - Open a new window
CTRL+O - Go to a new location
CTRL+P - Print the current page or active frame
CTRL+S - Save the current page
CTRL+W - Close current browser window
CTRL+ENTER - Adds the http://www. (url) .com
SHIFT+CLICK - Open link in new window
BACKSPACE - Go to the previous page
ALT+HOME - Go to your Home page
HOME - Move to the beginning of a document
TAB - Move forward through items on a page
END - Move to the end of a document
ESC - Stop downloading a page
F11 - Toggle full-screen view
F5 - Refresh the current page
F4 - Display list of typed addresses
F6 - Change Address bar and page focus
ALT+RIGHT ARROW - Go to the next page
SHIFT+CTRL+TAB - Move back between frames
SHIFT+F10 - Display a shortcut menu for a link
SHIFT+TAB - Move back through the items on a page
CTRL+TAB - Move forward between frames
CTRL+C - Copy selected items to the clipboard
CTRL+V - Insert contents of the clipboard
ENTER - Activate a selected link
HOME - Move to the beginning of a document
END - Move to the end of a document
F1 - Display Internet Explorer Help
Recover A Quick Erased Cd-rw
Procedure used to recover data from a quick-erased CD-RW disc
1. Make a file of exactly the size of the cdrw disc's capacity (650MB in my case).
(this step may not be needed)
2. With Nero I created a new project and added the file to it so that I have the disc filled. I gues you can also fill up the disc with other files.
The reason why I fill the disc is because I want Nero to make a session that uses the entire disc. Like I wrote earlier in this thread I experienced that my CD-Drive refuses to read off the disc beyond the session's boundaries. When you quick-erase a disc there is no session anymore so the drive will not read at all. Burning a new session will overwrite the data and burning only a small session will NOT make the drive read the other data that is still on the disc.
The reason why I used the one big file is so that I could later on recognize which part of the disc was overwritten by this file because this file contained all zeros (0x00).
3. I pressed burn and selected disc-at-once. Then while Nero was burning the leadin I pressed cancel. My CD-Drive finished writing the lead-in and Nero reported an error.
This is what was accomplished however: Now the disc contains a session that says that the used disc size is the complete disc. Nero did not get to writing file because I cancelled it. Good thing because I don't want Nero to write any files because my old data will get overwritten!
I gues it works the same with different writing software. Another method that I used during a test was simply press the reset button of the computer when the burning software was done with writing the lead-in and started with the files.
4. I had to restart the computer after cancelling burning.
With the cdrw disc inserted I saw in "my computer" that windows recognized that the disc was 650MB, clicking on it gave an error. Good so far!
Now with IsoBuster you can extract the sectors from a disc to a file. This is what I did.
I gues that if you have data-recovery software at this point it will be usefull because now (if all went well;)) the CD-Drive WILL read data from the entire disc. Anyway, I used ISO-Buster because the files that I needed to recover where a bit odd for nowadays (.XM, .S3M, .MP3):
In IsoBuster I had to do several steps:
Step 1: Find out from and to which sector the drive will read
By choosing "Sector View" you can look at any given sector.
Here I found out what the first and the last sectors where that are readable. (Hint I used the method for the old game: "Gues a number below 100, I'll tell if it is higher or lower than what you gues")
Step 2: Extract the actual sectors
By choosing "Extract From-To" you can extract any given range of sectors to a file. My disc was a data-disc so I choose the first extraction type "User data, 2048 bytes/block...".
In the end I got a .tao file which was about 650MB. I ran several programs on it to look for files inside a file by searching for file-header-paterns:
1. Multi Ripper 2.80 (for DOS, for the .XM files. It does many other file formats as well (jpg,png, bmp,wav,etc,etc +100). Try google with this query: Multi Ripper 2.80. I still had the file from good old days but I saw several good search results)
2. Winamp for mp3.
Winamp will scan any file when you give it the extension .mp3 and play it as one big song (so I renamed the .tao file to .mp3). I used the discwriter to get a .wav and the Adobe Audition to manually cut and save my songs. I looked at the MP3 file format and it is hard to find an mp3 file in a big file because it has no clear header just a bunch of mpeg-frames in most cases for me . A lot of my files had no ID3v2 or ID3v1 tags... But after a couple of hours I recovered everything.
Finally a list of used stuff:
Software:
- IsoBuster v1.5
- Nero 6.3.0.3
- Multi Ripper 2.80
- WinAmp v5.02
- Windows XP Pro NL (patched up)
Hardware:
- NEC DVDRW ND1300A 1.06
Disc:
- some old 4 speed cdrw
The "X-Ray" Effect
Odds are if you surf in the celebrity circles you've come across images that some pervert, like myself, has "X-Rayed." Some are good, some are really bad. Personally i consider it artistic, and it can be quite fun... but it's still perverted.
Your Personal "X-Ray" Tutorial: (procedure was written for Photoshop users)
Step 1 - selecting your photo
- You will need a decent photo. Sheer is not the only characteristic the photo must posses, but it is an important one. Black sheer, in my experience, will not work, at least not nearly as good, but some people have been able to get some decent results.
- The material itself doesn't really matter as you can see from the examples below, as long as it's sheer and a light colored material, you should be fine. Remember, you are exposing the darker/lighter tones from the flesh underneath the material... so make sure you have something to work with.
- One more thing; You will notice that most people,(like myself), have prominently "x-rayed" the chest area, this is because the clothing is pressed tight against the flesh. Areas like folds or empty spaces will have much less to zero results.
Step 2 - selecting the area to "X-Ray"
- Try to only select the area in which you are editing, don't do the entire image or it will look terrible. For this you will need to use the "Magnetic Lasso" tool and outline the specified area. IE; if you're "x-raying" the chest area, select the entire top with the magnetic lasso... not just the tits.
- Once the area has been selected, right click within the outlined area and choose "Layer Via Copy." This will make a new layer from the selected portion. You may also choose to "Feather" the outline... but it's not necessary.
Step 3 - Obtaining "X-Ray" effect
- Next, go to "Image" --> "Adjustments" --> "Levels." From there you can play with the slide bar to achieve the best effect. I can't really explain this part further as every photo is different, especially light and/or dark clothing.
- From here you can start to get artistic, play with other levels like, colour, contrast, brightness, and most importantly the "Dodge" and "Burn" tools to perfect it. But be fore-warned!... do not become dependent on the dodge and burn tools... you will ultimately ruin the image by "drawing" on it. Only use it to gently darken the shadows that are already there.
That's pretty much it. As i said, some photo's will work better than others. It has a lot to do the the lighting within the photo itself as well. Yellow lights or natural light will create different outcomes, as will the clothing... Here are some examples that i've done:
