halifax
February 6th, 2001, 01:32
Has anyone tried cracking Registry Drill V1.2.03. It can be had at:
http://www.easydesksoftware.com
Unfortunately, it is about 3.5MB. It is a 10 day trial. I loaded it onto my hard about a month ago, but have not been able to look at it till now. It is a VB5 program that is p-coded, so there is not much useful information from SmartCheck (that I could find anyway). The interesting registry key that I found with Regmon is:
\HKEY_USERS\.Default\Software\VB and VBA Program Settings\Registry Drill\Content\Registration
The key value is blank when the program is installed. If you load a string value into it, it responds right after reading that key (and followed with a BAD_KEY) with:
"It appears that you are a registered user. With this update the unlock code has change. Please contact IDRequest for another unlock code....."
I put a bp on RegQueryValueEx if *((esp->8)== 'Regi' do "d esp->14", let it pop three times and followed the code. I put some bpr on the fake unlock code, but could not find where it was being compared or what manipulation was being used. It just changed it to Wide Char and then back (unless I missed something in between) and was not looked at again. Just seems to be a lot of p-code woods.
Any suggestions?
http://www.easydesksoftware.com
Unfortunately, it is about 3.5MB. It is a 10 day trial. I loaded it onto my hard about a month ago, but have not been able to look at it till now. It is a VB5 program that is p-coded, so there is not much useful information from SmartCheck (that I could find anyway). The interesting registry key that I found with Regmon is:
\HKEY_USERS\.Default\Software\VB and VBA Program Settings\Registry Drill\Content\Registration
The key value is blank when the program is installed. If you load a string value into it, it responds right after reading that key (and followed with a BAD_KEY) with:
"It appears that you are a registered user. With this update the unlock code has change. Please contact IDRequest for another unlock code....."
I put a bp on RegQueryValueEx if *((esp->8)== 'Regi' do "d esp->14", let it pop three times and followed the code. I put some bpr on the fake unlock code, but could not find where it was being compared or what manipulation was being used. It just changed it to Wide Char and then back (unless I missed something in between) and was not looked at again. Just seems to be a lot of p-code woods.
Any suggestions?