I'm new to cracking, but I've been reading every tut I can get my paws on. I am humbled by how much there is to learn. I have performed my first reversal, just got past the trial time limit on DePopper 2.04 (recording noise filter) It was, I think an easy one to do, and if anybody is interested, I have written up the instructions in very easy language.
Elated by my first reversal, I've moved on to Polderbits 1.6. Even the time reversal isn't so easy, but my preference would be to crack the registration. There is a 'program code' that is already there (tied to something in my registry?) and then an access key that I must supply. Using Softice, I break on Getwindowtexta, but then I'm getting lost.
I think I'm unclear on how to 'read' what is in the registers. Somewhere shouldn't I see the text I have entered, and what it is being compared to?
I know to use 'deax' etc. to display the contents of the registers, but how do I decipher it? Any nudges in the right direction would be appreciated.

I am using Softice, W32dasm, Hexworkshop, and Regmon.

One of the parameters to GetWindowText is a buffer that holds the text after the call. Scroll up after you F12 from the break and look at the parameters that get pushed onto the stack before the call. In one of them (I think it's the second one, but I don't remember offhand and I don't have my API reference handy) will be your text. You can do a bpm/w/d on your text and follow it along. Generally what will happen is your serial will be compared to the output of some function on that 'program code'. You can watch and see what the output is of that function and find your good serial (serial fishing) or if you feel up to it, you can try and reverse engineer that function and make yourself a keygen for the target.
If you have any more questions, feel free to ask

hiya,
If I'm not mistaken this prog uses getdlgitemtexta, try bpx getdlgitemtexta do "d *(esp+c) ; pret". Could be wrong though
regards

First off, I appreciate your help. I'm having a hard time because there are gaps in my knowledge. (Actually, more gaps than knowledge.) Reading all the tuts has been hit or miss. From each one, I gain some insight, but I'm missing the overview of what I am doing. So for instance, Kythen, you say "Scroll up after you F12 from the break and look at the parameters that get pushed onto the stack before the call. In one of them (I think it's the second one, but I don't remember offhand and I don't have my API reference handy) will be your text. You can do a bpm/w/d on your text and follow it along.
" Problem is, (my fault, not yours) that I understand in theory what you said, but am lost in the details of how to perform it.
Ok, so "one of the parameters will be pushed into the stack" (push-I get that). "In one of them will be your text." (where, or how do I see it? is it in code, or visible as I typed it?) "Do a bpm/w/d on your text and follow it along. " (bpm=breakpoint on memory. w=word, d=dword? or display? Exactly how do I execute this command?) (and how do I follow it along...F8?)
As you can see, one of the big problems I am running into is 'assumed knowledge'. Even the most basic tuts do this to some extent. I don't know if I should be asking for specific clarification to your suggestions, or direction to fill in my missing knowledge. (or both)
hz: I tried getdlgitemtexta, it breaks at the popup asking for the access code. I entered your command, don't know what I'm looking for tho.....

Yes, you do bring up a good point. Many of us do make assumptions on the knowledge of ppl reading our instructions. I'll try and answer your questions in order..
1. How to see the pushed parameters?
in the command prompt at the bottom of the SI window, enter d and then the register or address that was pushed as the parameter. This will show the contents of that memory address in the data window (if you don't see the data window, enter wd in the command prompt). I can't tell you exactly what to enter, as parameters and how they are pushed will vary. Read the SoftICE manual for details on all the different ways to enter the registers and memory addresses (they are similiar to C/C++)
2. BPM/W/D
You are correct in that bpm = breakpoint on byte access, bpmw = breakpoint on word access, and bpmd = breakpoint on doubleword access. You set one of these breakpoints on a memory address and SoftICE will break when that memory address is accessed (you can set it to break on read, write, read/write, or execute of the address)
Once the program breaks, you know it is doing something with your entered text. It can be making it uppercase, finding its length, or comparing it to something else, or any number of other things. Follow the code along in that area and try to make out what the program is doing to your text.

The biggest suggestion i can give you is to read over the SoftICE manual and become familiar with the basic instructions like breakpoints, windows, and evaluation (the "?" command). It will explain how to do things much better than I can (like how F12 returns from the current function, F8 single steps through instructions, etc.)

Hope this helps!

Kythen

Thanks, I'll chew on this a bit..........