I'm trying to get a valid serial for "TZ-Strip Poker 2" for hours, now! I just can't find the correct position. I don't want a complete walkthrough (i suppose i even won't get it here), just a hint. you can download the program from here: http://www.tz.to/download/spiizip.exe

thank you very much!

nop

what a nice way for a crack request ;p

Hey,
If you really gave it a try, come on and give more details..
Where did you get stuck?
What all did you try???

cheers...
doGG

hey, this is NO crack request, really. here are the details, and everything I tried. (btw: I'm still a newbie)

First I tried to disassemble it with Win32dasm. I couldn't find anything useful. Of course, the next tool is used was SICE. at the very beginning i first tried how the serial has to look like, it has this format: (x for a number, l for letter) xxxx-xxxx-xxxx-llllllll(as much letters as you want). I typed in a fake serial like 1111-2222-3333-noppy and nothing happened after pressing "ok". So I set a breakpoint on hmemcpy before pressing ok the next time. I pressed F12 till i was in the program code and searched for my serial: "s 0 l ffffff "1111-2222-3333-noppy". I found it once, deleted all the other breakpoints, and set a bpm on the address. After some tracing i found out, that the serial is changed into this: "111122223333noppy". So I searched for the memory location of this serial and also set a breakpoint on it. I pressed, i think it was 3 times, F5 to halt on the code where this new serial is being changed. The only interesting location i found was 017F:4114ED. There was a loop where something was done with the characters, but I didn't understand what exactly. After this loop and some lines of code, i return from a call and just don't know where to go on. I think i'm on the completely wrong way, am I?

looking forward to get some hints now...

noppy

Hey man, it's good to see that you atleast tried reversing it yourself before asking for help.

Some things to try, normally I start with BPX GetWindowTextA and GetDlgItemTextA they usually drop you near the serial routines. Using hmemcpy is another good BPX but it requires more backtracing in many cases and if you are not very knowledgeable about assembly it makes life more difficult.
Next you said you found a place where the serial you entered was cleaned up and the dashes where removed, so what you should do is write down the RVA where you found that and look it up in wdasm32 so you could have a broader view of the routine and look what calls this routine and follow it from there.

keep us posted on your findings and we will try to help more.

goatass

hi nop-erator

jo, du bist schon an den richtigen Addressen 8)
schau dir einfach die folgenden Codezeilen genauer an. besonders die Vergleichsoperationen.

ps: patchen ist noch leichter, nach dem Prinzip: eine Null im Speicher=Vollversion, eine 1 = shareware; Ansatzpunkt: wähl mal die 2. Dame zum spielen


Ciao
SilberFuchs

Und auf english, bitte?

Regards.

@goatass: I tried GetWindowTexta, too, but that didn't help me much. I just used bpx hmemcpy, to jump into sice to find my serial in memory. looking up the RVA address and looking at the code in win32dasm had the same effect. it just doesn't help me. i don't know how to go on.

@JMI: Translation: "hi nop-erator, yeah, you've found the correct adresses already 8) just look more intensively at the following lines of code. especially the comparison stuff. ps: patching is much easier, with the princip (?): zero in memory=full version, 1 = shareware; helping point: choose the second woman."

@Silberfuchs and the rest: The problem is, that I can't find interesting comparinsons after this loop at 4114ED! After some tracing I return two times, then there is a comparison like this "test eax,eax" (i think it was at: 4111EA), and i jump a little further, till i can see three calls. how to go on? in the calls, there are a lot of other calls. i can't find any interesting comparison routines in them. Perhaps I "übersehe" (oversee ) something?

Noppy

The link to the english version of that site doesn't seem to point to the right page. I don't suppose that someone who actually reads german (I think?) would know if there is an english version of that software?

hi nop-erator

nach deinen Beschreibungen dürftest du auch an diesen Stellen gewesen, nachdem die "-" aus der Serial entfernt worden sind. Mach mal einen bpx auf eine dieser folgenden Codezeilen und starte das Programm NEU; Si breakt.

Durchtrace einfach mal diese codezeilen und gib am Ende drauf acht, was mit eax passiert, ob eax=null oder ob eine 1 nach eax kopiert wird. Geh dann raus aus dieser Routine und schau was mit dem Wert in eax gemacht wird; den Rest dürftest selber auch hin kriegen


:004113EE 8BCE mov ecx, esi ;..................hier stehst du
:004113F0 E82B000000 call 00411420;...........Serialcheck?
:004113F5 85C0 test eax, eax
:004113F7 7414 je 0041140D
:004113F9 8B4604 mov eax, dword ptr [esi+04]
:004113FC 85C0 test eax, eax
:004113FE 7407 je 00411407
:00411400 8BCE mov ecx, esi
:00411402 E829010000 call 00411530


:00411407 33C0 xor eax, eax ;..........Vollversion
:00411409 5E pop esi
:0041140A C20C00 ret 000C


:0041140D B801000000 mov eax, 00000001 ;............Shareware
:00411412 5E pop esi
:00411413 C20C00 ret 000C


i must write in german, my english is to bad, sorry

Ciao
SilberFuchs

Please tell me if i got it wrong
i know i got some errors ohwell

Hey Viper,

your translation program is really bad . Actually Silberfuchs (btw: the entire german youth does that) speaks in slang. That's why your program had a lot of problems.

here is the correct translation:
"After your descriptions you should have been at the places, where the "-" where removed from the serial. Set a breakpoint on one of the following code lines and restart the programm. SICE will break.

Trace throught the lines of code and look what happens to eax, if eax==null or if there is a 1 copied to it. Then leave this routine and look what happens to the value in eax; the rest shouldn't be hard for you."

I'll do that this afternoon silberfuchs, thank you!

noppy

hey silberfuchs,

danke, ich habs geschafft. ich glaub ich wär nie von selbst draufgekommen, dass ich das programm neu starten muss. trotzdem: eigentlich war mein ziel eine gültige serial zu bekommen, allerdings hab ich auch in dem call da nix sinnvolles gefunden. kannst mir vielleicht da weiterhelfen?

btw: ich würd noch gern einen trainer programmieren, wo man immer gewinnt . Wie würdest du vorgehen, um da ranzukommen?

cya,

nop

translation:
"hey silberfuchs,

thank you, i managed to crack it. i think i would have never found out to restart the program, and break at the same location. anyways: originally my target was to get a valid serial. but although i had a look at his call there, i couldn't find any thing that looks like a serial comparison routine. can you help me with that please?

btw: i would like to code a trainer, so that you win always . how would you start to find the correct addresses?

cya"