Kali
My solution
Fri Dec 18 20:59:54 1998


Greetings All, it's Kali

First of all thanx to Latigo for his useful help :)))
I used a mixed approach
° in WDASM i searched all strange strings like 'Registered', but i didn't
able to backtrace the calls. So i searched in the Import table for
a good bpx to set in SICE
° I tried to break at the -Sorry- window, but i only found that it was a
ShowWindow call. Usual bpx for windows didn't work. So i tried to trace
my strings in memory with Hmemcpy. Strange how i was able to sniff out
my right code, but nothing 'bout the -right JMP-
° I asked 4 help 2 Latigo. He had finished Task 3.
Nice clues!!!
I tried again with bpx Hmemcpy, but this time I looked inside the calls.
Here's my nice piece of code:
0137:0043f9fb e8b4d6fdff call 0041d0b4
0137:0043fa00 8b55f8 mov edx,[ebp-08]
0137:0043fa03 58 pop eax
0137:0043fa04 e8fb41fcff call 00403c04 <-- I traced this call
0137:0043fa09 752e jnz 0043fa39
0137:0043fa0b a1209b4400 mov eax,[00449b20]
0137:0043fa10 8b00 mov eax,[eax]
0137:0043fa12 e8dfaffeff call 0042a9ec
0137:0043fa17 a1109d4400 mov eax,[00449010]
0137:0043fa1c 803800 cmp byte ptr [eax],00
0137:0043fa1f 750c jnz 0043fa2d

If My serial and the Right serial weren't equal, the Zero flag = true, and
then i saw the -SORRY- window.
I changed the status of the flag and the proggie accepted the wrong serial!

In Wdasm searched for e8b4d6fdff (the first call above) and looked at the
offset I needed.
In my HexEd at offset 3ee09 changed the byte 75 in 74, or if you prefer two
bytes in 9090.
Thanx all!

Kali