its about entering serial and the software ask you to restart the program to see if its register, now my qeustion is what bpx do i set or any tip or hints any help please?

Regard
Nemesis]

Hello,

it's good to start FileMon or RegMon before entering the serial to see where the serial is stored (registry or some file).

Before starting the app you can set RegQueryValueExA breakpoint to access registry or ReadFile or CreateFileA breakpoint to access files (or start FileMon/RegMon to see which keys in registry or which files are accessed).

Regards,
sF

First of all you'll have to determine where the data you entered is stored. This will be most likely somewhere in the registry or in a separate keyfile, so the APIs to break are probably the CreateFile, GetPrivateProfileString (plaintext ini files) or RegQueryValue ones...


/edit: hey, beaten by one minute...


regards, Pyrae

The programs that make you quit before they make themselves registered are trying to avoid your BPX.

Perhaps the program only validates the serial at start up, so it is up to you to find where the serial is stored to be able to attack the validation routine(s).

As first approach I would use regmon and Filemon during the program startup and compare what happens before and after you enter a serial.

If you have a win98 system try using hmemcpy to find out the place and how your serial is stored. Does your program store the raw serial or a hash of the serial?

Does the program give you a nag screen telling you you are not registered? The serial evaluation may take place before the nag is shown but after the program starts.

A software called ultraedit used this technique to validate registration. There is a good tut in the fravia site about it. you may find some inspiration there.h**p://fravia.kilrathi.pl/reziedi1.htm

good luck

Thanks guys its realy help a lot.

best regard
Nemesis]