I am a newbie trying to crack a programme
( 606kb zip) whose author and webside is untraceble. further the programme is useless without registration file or serial by which the programme is operational for 2 weeks. Hence I disassembled it with win32dasm. The first error message is "no registration file". Hence i got the details of the string. unable to understand details in win32dasm i need help from experienced and expert people to start with. I have put down string details at below as starting point. Kindly guide me to proceed further so that i can use the programme. preferably how to write the registration file or diable the checking of registration file. help will be highly appreciated.

* Possible StringData Ref from Data Obj ->"No registration file"
|
:00409079 BAC5B14600 mov edx, 0046B1C5
:0040907E A1A8AC4800 mov eax, dword ptr [0048ACA8]
:00409083 E804F70400 call 0045878C
:00409088 E9F6020000 jmp 00409383


* Referenced by a CALL at Addresses:
|:00404AE8 , :00408F4A , :00409083 , :00413582 , :00413681
|
:0045878C E97FFDFDFF jmp 00438510
:00458791 90 nop
:00458792 90 nop
:00458793 90 nop
:00458794 E94FCFFDFF jmp 004356E8
:00458799 90 nop
:0045879A 90 nop
:0045879B 90 nop

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045878C(U)
|
:00438510 55 push ebp
:00438511 8BEC mov ebp, esp
:00438513 83C4F4 add esp, FFFFFFF4
:00438516 53 push ebx
:00438517 56 push esi
:00438518 57 push edi
:00438519 8BF9 mov edi, ecx
:0043851B 8BF2 mov esi, edx
:0043851D 8BD8 mov ebx, eax

for jmp call

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00408F4F(U), :00409088(U), :004090A2(C), :004090C7(C)
|
:00409383 8B4DCC mov ecx, dword ptr [ebp-34]
:00409386 64890D00000000 mov dword ptr fs:[00000000], ecx
:0040938D 8B45FC mov eax, dword ptr [ebp-04]
:00409390 807DCB00 cmp byte ptr [ebp-35], 00
:00409394 7405 je 0040939B
:00409396 E8AE2C0100 call 0041C049

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00409394(C)
|
:0040939B 5F pop edi
:0040939C 5E pop esi
:0040939D 5B pop ebx
:0040939E 8BE5 mov esp, ebp
:004093A0 5D pop ebp
:004093A1 C3 ret

:0041C049 50 push eax
:0041C04A 8B10 mov edx, dword ptr [eax]
:0041C04C FF52E4 call [edx-1C]
:0041C04F 58 pop eax
:0041C050 C3 ret

Most likely, by the time you reach this part of the code, it's too late....scroll up a bit to see how you get the "No Registration File...." MessageBox.

Try utilities such as RegMon & FileMon to see what the proggie is checking for...

Just a few hints to point you in the right direction....dig around a bit & if you get hung up again, ask another question ;-)

Thank u very much. As suggested by u, scrolled up a bit & found that there is a reference string about rfcalc.dll This file is not in the program folder & also not on my computer anywhere. I think this must be the .reg file. Now look at the followings & please guide further in the matter.

* Reference To: KERNEL32.GetVolumeInformationA, Ord:0000h
|
:00408FAD E834020600 Call 004691E6
:00408FB2 8B8D60FFFFFF mov ecx, dword ptr [ebp+FFFFFF60]
:00408FB8 8D8554FEFFFF lea eax, dword ptr [ebp+FFFFFE54]
:00408FBE 51 push ecx

* Possible StringData Ref from Data Obj ->"%ld"
|
:00408FBF 68B3B14600 push 0046B1B3
:00408FC4 50 push eax
:00408FC5 E8765F0500 call 0045EF40
:00408FCA 83C40C add esp, 0000000C
:00408FCD E822D00400 call 00455FF4
:00408FD2 DD9D50FFFFFF fstp qword ptr [ebp+FFFFFF50]
:00408FD8 DD8550FFFFFF fld qword ptr [ebp+FFFFFF50]
:00408FDE DD5DA4 fstp qword ptr [ebp-5C]

* Possible StringData Ref from Data Obj ->"r+"
|
:00408FE1 68C2B14600 push 0046B1C2

* Possible StringData Ref from Data Obj ->"rfcalc.dll"
|
:00408FE6 68B7B14600 push 0046B1B7
:00408FEB E8684E0500 call 0045DE58
:00408FF0 83C408 add esp, 00000008
:00408FF3 894590 mov dword ptr [ebp-70], eax
:00408FF6 837D9000 cmp dword ptr [ebp-70], 00000000
:00408FFA 7476 je 00409072 This jump is just above the old string below
:00408FFC 8D558C lea edx, dword ptr [ebp-74]
:00408FFF 52 push edx
:00409000 8B4D90 mov ecx, dword ptr [ebp-70]
:00409003 51 push ecx
:00409004 E8CF4A0500 call 0045DAD8
:00409009 83C408 add esp, 00000008
:0040900C 8B4590 mov eax, dword ptr [ebp-70]
:0040900F 50 push eax
:00409010 6A31 push 00000031
:00409012 8D9588FEFFFF lea edx, dword ptr [ebp+FFFFFE88]
:00409018 52 push edx
:00409019 E8DA4A0500 call 0045DAF8
:0040901E 83C40C add esp, 0000000C
:00409021 8B4D90 mov ecx, dword ptr [ebp-70]
:00409024 51 push ecx
:00409025 6A31 push 00000031
:00409027 8D85ECFDFFFF lea eax, dword ptr [ebp+FFFFFDEC]
:0040902D 50 push eax
:0040902E E8C54A0500 call 0045DAF8
:00409033 83C40C add esp, 0000000C
:00409036 8B5590 mov edx, dword ptr [ebp-70]
:00409039 52 push edx
:0040903A 6A31 push 00000031
:0040903C 8D8DECFDFFFF lea ecx, dword ptr [ebp+FFFFFDEC]
:00409042 51 push ecx
:00409043 E8B04A0500 call 0045DAF8
:00409048 83C40C add esp, 0000000C
:0040904B 8B4590 mov eax, dword ptr [ebp-70]
:0040904E 50 push eax
:0040904F 6A31 push 00000031
:00409051 8D95B8FDFFFF lea edx, dword ptr [ebp+FFFFFDB8]
:00409057 52 push edx
:00409058 E89B4A0500 call 0045DAF8
:0040905D 83C40C add esp, 0000000C
:00409060 8D8DB8FDFFFF lea ecx, dword ptr [ebp+FFFFFDB8]
:00409066 51 push ecx
:00409067 E820C40500 call 0046548C
:0040906C 59 pop ecx
:0040906D DD5D9C fstp qword ptr [ebp-64]
:00409070 EB1B jmp 0040908D

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00408FFA(C)
|
:00409072 6A00 push 00000000

* Possible StringData Ref from Data Obj ->" "
|
:00409074 B9DAB14600 mov ecx, 0046B1DA

* Possible StringData Ref from Data Obj ->"No registration file"

Hiya,
No offence meant. But you should learn to read more tutorials and know more asm. Then use a little bit of thinking and analyse what the piece of code you pasted mean. There is no point in getting people to tell you what to do when in the end, you still have no clue what is happening. The piece of code you pasted is very simple to understand.

Regards
Bliss