Lord SothQuestions and Answers for 4-6...Wed Dec 9 14:33:32 1998 Hi all, hi Sandman.Well, this time I don't have any kind of hard facts on what is going on in the program.Lemme tell you what I did.As we all knew that this program checks the value in the RegKey 4D, for our serial, I made 1 up and ran the program with PopIce .. hehe oops.. SoftIce.So, I bpx on RegOpenKeyExA, and guess what.After a bit of tracing and seeing where the program is going, I saw it push the value 0040C6F8, before a call to that API.So I checked what's there after the call, and it was indeed my reg key.. (1st attempt I used my NOOP string hehe 90909090, 2nd attempt, I use 41h , which is the ASCII for A)I traced inside what seemed to be a routine that checks this code. I could only figure out a bit out of the routine's operation. 1st thing was that it checks the length of the code, and CMPs it with 8, and follows by a JAE.. I would think that this was done to make certain the code is at least 8 numbers or chars.here's a problem tho, we gave a DW value, so in memory, that takes 4 bytes, and that jump will never occur, and the RET after it will continue execution as usual, which is not what we want, so how come the program knows if my # is false???Ok , afterwards, after a few manipulations (again, could'nt figure them out..), I have reached this line of code:00403B00 MOV AL,[EAX+0040C6F8](the line address could be diff in your case of course..)That line puts in AL 1 of the bytes out of the DW value. I found this out with a BPR on that area.Then all sorts of checks are being made on it. it is compared to several values that represent the letter Z, and the digit 9, etc..I think this checks that the char is actually a valid 1 for the protection.Other than that, I could'nt find anything that checks the number.I noticed several times that EAX is having the value of 1, but it was all after API calls to either MFC dll or MSVCRT (the C runtime lib).So, I'm stuck :(1st time this happened to me, but then again, this is the 1st time I'm trying to go deeper than what is needed for the 'crack'.Thats why I joined the forum actually :)So, any enlightments??Maybe I shoulda used a key which is an ASCII of a number???weird. heheheCya all, hope u had better luck, I'm gonna read what u guys posted now.Lord SothS/N generation in RC by Joseph , Wed Dec 9 18:10 Re: S/N generation in RC by The Sandman , Wed Dec 9 18:54 Goofed!!! by Joseph , Thu Dec 10 04:12 4D Key by Joseph , Thu Dec 10 04:06 To view the serial number in this 256 byte key. by Eternal Bliss , Thu Dec 10 06:02 Re: To view the serial number in this 256 byte key. by The Sandman , Thu Dec 10 12:36 Re: Questions and Answers for 4-6... by The Sandman , Wed Dec 9 15:49 To Sandman by Pedro , Thu Dec 10 04:13 .... by Lord Soth , Wed Dec 9 17:22