We will be using everyone's favorite debugger, OllyDbg!
Available from here: http://ollydbg.de/

And the wonder tool, PeID!
Available here: http://www.peid.info/

Also, Olly works best for me on XP and things like bbLean mess with it do this in the default shell.

We know that mIRC likes to protect its executable from being edited with a CRC32 checksum test. But we dont feel like digging for that shit so you'll have to trust me that we bypass it. For now and for reference and people who really want to dig:

Fire up PeID and load mirc.exe into to see where all the CRC32 fun happens.

1) Click the ... button and open C:\Program Files\mIRC\mirc.exe
2) Notice that PeID reports that the executable is not packed (protected). ((Nothing found [Overlay]*))

This is all we need to see to know that we aren't up against any commercial protectors and that the exe isn't compressed which could be annoying.

For those interested in finding where the CRC32 crap is:

3) Click the -> button and go to plugins -> Krypto ANALyzer. (KANAL, It's a lovely plugin)
4) Open the subsection in KANAL's report for CRC32.
5) Check each address that's listed as a reference and breakpoint (Press F2 with them selected in the disassembler.) them so you can intercept the check and work backwards to their to where the cool guys who skipped this ans read the next section are. :]

Now if I wasn't almost out of bourbon I would tell you how to find out why we know the following places are where mIRC checks for license shit, but I am. So go back to Olly and load mirc.exe. After it's loaded and Olly has analyzed it:

1) The Top Left section of the series of frames that comes up is the disassembler. Make friends with it. Then right click anywhere in its open area and go to view -> mirc.
2) Now right click again in the open area and go to Search For -> Sequence of commands.
3) Enter the following into the box:
ADD ESP,20
TEST EAX,EAX
ANY
POP EDI
XOR EAX,EAX
POP ESI
ANY
XOR ECX,ESP

Then press Find
4) This should drop you at one of the critical check points. In the section now higlighted right click on the command the starts with JE SHORT. Go to Binary -> Fill with NOP's.

This will remove it's existence by replacing it with the NOP command. NOP = NO OP = NO OPERATION = Do nothing.

Now do the same to the XOR EAX,EAX command a little further down.

This patch takes care of the part where mIRC checks to see if the serial we give it is real.

Now to fix another annoyance.

1) Following what you've learned so far do another search for a sequence of commands and search for:
PUSH ECX
ANY
ADD ESP,14
CMP EAX,1
ANY
ANY
MOV EDX,EAX

2) Double click the JNZ SHORT ####### command and change it to JMP #######. Don't touch the ###### part. Press assemble or enter and the command will be switched in the disassembler. Close that box now.

Notice the NOP command that shows up under your newly placed JMP? JNZ takes more space than JMP so the extra room is replaced with a NOP.

Now for the final patch that prevents mIRC from checking if the serial it has on file is valid and where we bypass the CRC32 check if I remember right.

1)Search for this sequence of commands:
CMP EAX,2
ANY
CMP EAX,3
ANY
PUSH 0
ANY
ADD ESP,4

2) See the "CMP EAX,2" and "CMP EAX,3" commands? Change both of them to "CMP EAX,-1". Don't try be fancy with it and just double click each one and set the -1 and hit assemble.

Now to save all out hard work.

1) Right click in the disassembler's area and go to Copy to Executable -> All modifications.
2) Click Copy All
3) Right click in the open area and hit Save File.

Run your new mIRC and when it says you need to register hit the link that says to enter your registration here. Put your name and type anything you want into the serial section. Just type something small like "BourbonIsMyFriend".

It'll say Please Hold while I check your serial then you'll get your gold star and have a fully registered, no nag, mIRC.

Writing this sober would have fixed some slightly confusing sentence structure and maybe I wouldn't have misspelled Third. Either way, enjoy.

###Disclaimer:
Pay for your software or deal with the nag. mIRC's EULA prevents modification of the file mentioned and this lesson was just to show how incredibly easy it is to defeat serial based license schemes.

Hi
Anybody Cans Crack This Software For me?
Please
Thanks