Project 6 - Possible solution Friday, 05-Feb-99 15:41:22
Hi This is my first time posting to this group. Soory I took so long but I decided I'd better have something substantial to say when I posted. The forum is really good and is getting a lot busier now, I'd like to thank Sandman (and the unnamed others) for setting this up as its very instructive being involved in a group effort like this. I managed to register Memo95 a couple of nights ago using Softice by putting a breakpoint on ADVAPI32!RegQueryValueExA in order to track when the program read in values from the registry when it starts up. By analysing these calls I found the memory locations where the 'User Name' and 'Registration Code' are stored. I then put a BPM on the 'Registration Code' and landed in the piece of code below. By looking around I found that ECX contained the address of the correct registration code and EDX the address of the reg code in the registry. You can then read the correct reg code by DB'ing ECX. :0040CCD6 8A01 mov al, byte ptr [ecx] :0040CCD8 3A02 cmp al, byte ptr [edx] :0040CCDA 751E jne 0040CCFA :0040CCDC 0AC0 or al, al :0040CCDE 7412 je 0040CCF2 :0040CCE0 8A4101 mov al, byte ptr [ecx+01] :0040CCE3 3A4201 cmp al, byte ptr [edx+01] :0040CCE6 7512 jne 0040CCFA :0040CCE8 83C102 add ecx, 00000002 :0040CCEB 83C202 add edx, 00000002 :0040CCEE 0AC0 or al, al :0040CCF0 75E4 jne 0040CCD6 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040CCDE(C) | :0040CCF2 33C0 xor eax, eax Alternatively if you want to modify the code you can patch it here..... The code is quite simple with two characters being checked per loop of the code. If the code in the registry is correct the the result of the cmp al, bp [edx] instructions should always be equal (Z set). If however the letters do not match the code goes to location 004CCFA where the 'bad' dialog box is displayed. If you patch 0040CCDA and replace it with 'jmp 0040CCF2' the loop finishes immediately as if the codes had matched and the program is fully registered. There is a multitude of ways to crack this program (as illustrated by other posts in this group) so if you haven't cracked it yet it's definitely best to find your own solution and get that feeling of satisfaction. I haven't noticed any problems yet but post if you find any. Thanks Snowmannn PS. Is anybody else working on a serial generator ?. I've completed some of it but it hard going with about 400 lines of code to be analysed, edited and rewritten, not to mention debugged. The serial gen in the program is quite good (I think) as its long and fidddly and it takes a bit of effort to understand it. snowmannn |
snowmannn: Project 6 - Possible solution (05-Feb-99 15:41:22) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.