sorry i didnt follow the rules the last post anyhow here is a program that annoyed me as a newbie taking my first steps anyhow here is the code

i bpx getwindowtexta i landed here in code line 0043099E


i thought this call to 004309E3 is the checking rotuine so i nooped the lines after it and i tried reversing the je 00430A10 after it to jne but all this not working

if u guys need any more info to help pls tell me i can get it for u
ur help r appreicated alot

p.s. ama newbie so dont mind if i make mistakes big ones try to help
as +orc said:

Hi

Definitely better, rather than just posting a link and questioning how to crack it, you are now questioning the code.

> call 0042DAC0 (checking rotuine ??)

You might be on track here, you'll have to explore this call closer. The return value (test eax, eax) may mean very little, few protections nowadays are this simple that changing a jump after an obvious call will defeat the protection. You'll need to find where the Name is being handled and try to understand what is happening to the characters, which are undoubtedly undergoing some algorithm in order to compare with the serial number. You'll also need to follow any manipulation of the serial number itself in case it is being modified, then you need to find where the comparison is actually being made.

While tracing every bit of possible code is always instructive, the actual checking may be much deeper than even within this one call. Generally what you'd want to do is set 'BPM R' breakpoints on the address locations that your name and s/n are copied into by the GetWindowText calls, and carefully note where they may be being transferred into other memory locations (either whole or in pieces). Then you need to reset your BPM R bp's to these new locations to continue following their path.


Notice that the same buffer (dword ptr [ebp-24]) is being used for both of the GetWindowText calls. Well, after the first one the program must be transferring the name into another buffer for storage and further processing else it would be overwritten. It seems to me like this would be in the call 00426000 that you call bogus (why so?). Notice the offset pattern of PUSHes here, from the looks of the code, the ones I capitalized are the PUSHes for the CALL 00426000, the middle 'push eax' is for lstrlen. Nested or offset push-es like this are not uncommon.

:004309B3 lea edx, dword ptr [ebp-24]
:004309B6 PUSH EDX ; PUSH USERNAME

:004309B7 lea eax, dword ptr [ebp-24]
:004309BA push eax ; push username
:004309BB call esi (lstrlen) ; only takes 1 param

:004309BD PUSH EAX ; PUSH STRING LENGTH
:004309BE lea ecx, dword ptr [ebx+24] ; ?
:004309C1 CALL 00426000 ; username and stringlength are what's pushed for this call

I would guess that within this call is a check of each letter in the Name to see if they are valid ascii characters (a common check), as well as copying the entire buffer to another memory location. This is a guess mind you, but the code seems to imply that. Not sure what the dword ptr [ebx+24] might be. [ebx+1C] and [ebx+20] contain the hwnd's of the two edit controls that are used with GetWindowText, [ebx+24] could be anything I suppose but will be used in the CALL 00426000.


What I'd do first is examine these calls closer and post any code you're unsure of.

Kayaker

thx alot man will examine this call and tell u what i have found

well at last i managed it but not a perfect keygen or somethign just a newbie crack well mr Kayaker

i found after tons of memory jumping the serial number
here is the real compare happens



i manged to figure 2 solutions one is to push my bad serial twice so it check itself
or after the call of the cmp it returns eax=ffffffff
so u can xor eax,eax (make it =0 i.e. good guy) and continue working ok but the strange thing is that this program uses this rotuine on startup so after applying my patch u dont hav to enter a serial adn click ok and get registerd using any serial no!!
it just starts now registered to nobody and working perfectly
hmm kind statisfacting to me now as a newbie next step is a keygen but i have to follow tons of code iam so tired right now so later maybe

Welcome to RCE.
This shit is addictive, You have been warned.

yeah addictive i can c but good learning man