Log in

View Full Version : WinHack 1.1, missing finishing touch


Argoth
March 11th, 2002, 13:41
Hi all,

I have downloaded this program called WinHack 1.1. I uploaded it here:

[ http://home.wanadoo.nl/argoth/wh110.exe ] (542 K)


It is protected with a serial protection. It's actually a quite fun protection to crack. When you click the register button in the menu, it runs a file called trg.wlb. So we might as well rename it to trg.exe and work from here.

As a name I used Argoth

With a bpx hmemcpy I came on 0042D8AB, which I thought was a good starting point. Now if you trace into the call at 0042D8CF and you reach 0042D4D7, you'll see that the first character of our serial should be a 'G'. And if you take a look at the piece of code directly after this, you will see that two '-' characters are needed in our serial.

At 0042D619, our serial will be checked a little more specific. In my case, the characters after the G should be 54. And at 0042D62A there is another check for the last couple of characters, in my case they had to be 9576. So as a serial I now gave: G54-666-9576. But it didn't work. My guess is that there is another check for the characters in the middle of the serial (where I put 666). But I can't seem to find this check, or any other piece of code which would lead me to a working serial.

I already have it registered, because I reversed the jump at 0042D8D6. It worked, but I just want to know how to get to the correct serial. As you can see, I did most of the work myself, but I could really use some help.

Thanks in advance,

Argoth

SilberFuchs
March 11th, 2002, 21:54
look better on 0042d601

ciao
SilberFuchs

RenHoek
March 12th, 2002, 00:36
Isn't Winhack that cheat finding program? I remember cracking 2.0 I believe. It was funny, first unpacked and then patched the program. Turned out it just killed itself after a second or two.

Turned out it does a ReadProcess on itself and CRC's.. don't know if it does the same in version 1.1, so if it does, be sure to keep an eye out..

Oh btw, if you are looking into cheat finding program, google for Tsearch. Not only does it do what Winhack does, but it's free and it includes a debugger Instead of 'freezing' a memory location you can now actually kill the instruction that it changing it.

It's also a nice exotic tool when reversing