Posted by +Sandman on 1/14/2000, 9:09 pm
, in reply to "Help Request!!!!!!!!!!!!!!!!!"
212.139.131.131
Greetings, Be careful not to adance too quickly.. Lets see,,
You have noticed in Regmon that Accoutica reads/creates entries within our System Registry file. You should at this point have jotted down this entries.. They should look like this:-
HKEY_CURRENT_USER\Software\Acon AS\Acoustica\2.0\RegisterInfo\Name
HKEY_CURRENT_USER\Software\Acon AS\Acoustica\2.0\RegisterInfo\Company
HKEY_CURRENT_USER\Software\Acon AS\Acoustica\2.0\RegisterInfo\KeyUsing W32Dasm, create a deadlisting of acoustica.exe and see if you can -find- within the text strings anything that -looks- like any of the above registry items..
Bingo!. We see:-
004139f3 HKEY_CURRENT_USER\Software\Acon AS\Acoustica\2.0
So even if we didn't use Regmon, we can -still- find out where this program uses/stores it's settings/registrations..So what else can we find out from our deadlisting?..
Well, if we have run this program a few times before hand then we would know the order of the messageboxes as they appear as we -try- and register this program using fake information. Using this knowledge it is quite easy to -locate- these error messages (often known as the Bad Cracker & Good Cracker messages and we can visualise the way where the program jumps around as it executes these messages in turn.
A typical Bad Cracker message might be: "Sorry, invalid serial entered bla bla bla"
A typical Good Cracker messagebox might be: "Your License is registered. Thank You"..
We might also look to see if the serial number is hard-coded into the program's code itself.. In this case it isn't, but we should still check for this..
Remember, we are -looking- for information at this point, rather like building a jigsaw puzzle. We don't yet know where all the pieces will fit but as we contiune on collecting them they will gradually sort themselves out.
Regards
+Sandman