Argoth
March 11th, 2002, 13:41
Hi all,
I have downloaded this program called WinHack 1.1. I uploaded it here:
[ http://home.wanadoo.nl/argoth/wh110.exe ] (542 K)
It is protected with a serial protection. It's actually a quite fun protection to crack. When you click the register button in the menu, it runs a file called trg.wlb. So we might as well rename it to trg.exe and work from here.
As a name I used Argoth
With a bpx hmemcpy I came on 0042D8AB, which I thought was a good starting point. Now if you trace into the call at 0042D8CF and you reach 0042D4D7, you'll see that the first character of our serial should be a 'G'. And if you take a look at the piece of code directly after this, you will see that two '-' characters are needed in our serial.
At 0042D619, our serial will be checked a little more specific. In my case, the characters after the G should be 54. And at 0042D62A there is another check for the last couple of characters, in my case they had to be 9576. So as a serial I now gave: G54-666-9576. But it didn't work. My guess is that there is another check for the characters in the middle of the serial (where I put 666). But I can't seem to find this check, or any other piece of code which would lead me to a working serial.
I already have it registered, because I reversed the jump at 0042D8D6. It worked, but I just want to know how to get to the correct serial. As you can see, I did most of the work myself, but I could really use some help.
Thanks in advance,
Argoth
I have downloaded this program called WinHack 1.1. I uploaded it here:
[ http://home.wanadoo.nl/argoth/wh110.exe ] (542 K)
It is protected with a serial protection. It's actually a quite fun protection to crack. When you click the register button in the menu, it runs a file called trg.wlb. So we might as well rename it to trg.exe and work from here.
As a name I used Argoth
With a bpx hmemcpy I came on 0042D8AB, which I thought was a good starting point. Now if you trace into the call at 0042D8CF and you reach 0042D4D7, you'll see that the first character of our serial should be a 'G'. And if you take a look at the piece of code directly after this, you will see that two '-' characters are needed in our serial.
At 0042D619, our serial will be checked a little more specific. In my case, the characters after the G should be 54. And at 0042D62A there is another check for the last couple of characters, in my case they had to be 9576. So as a serial I now gave: G54-666-9576. But it didn't work. My guess is that there is another check for the characters in the middle of the serial (where I put 666). But I can't seem to find this check, or any other piece of code which would lead me to a working serial.
I already have it registered, because I reversed the jump at 0042D8D6. It worked, but I just want to know how to get to the correct serial. As you can see, I did most of the work myself, but I could really use some help.
Thanks in advance,
Argoth
Instead of 'freezing' a memory location you can now actually kill the instruction that it changing it.