Why don't we get started on a new project. The project I tried to start before the old forum was shutdown was StageTools Moving Picture Standalone version.
This program requires a valid serial number to be registered, but this serial differs on every machine. This is really not as hard as you might think.
To get started all you need is to download the program from ht*p://www.stagetools.com and get SoftIce and maybe if you want get W32Dasm or IDA. After installing the program try to register it and see what happens what messages you are getting back.
some BPXs to try: MessageBoxA, GetWindowTextA, GetDlgItemTextA. I promise atleast one of these will work. Once inside the program trace around and see what you can find.

Post any questions, findings, whatever, but don't give out the answer so others can have a chance to try it for themselves.

p.s. +Sandman I e-mailed the madorator about this project but got no answer back. Feel free to remove this post if you think it's not a good project. I just wanted to get something started.

goatass

Greetings Goatass...

Thanks for dropping by.. I won't remove your posting as it's start in the right direction.

I would 'suggest' however, that you make your objectectives both clearer and in easy (yes, even spoon fed) steps for those less experienced than ourselves.

Not all newbies are aware that most win programs create registry enteries when first executed, and that some go as far as to create hidden files in the Windows directory as well. But if we don't mention this then people won't know what, or where to look for the program's Registration settings etc. What utility might we use to make a 'snapshot' of our system registry file that will show up these changes?. Would RegMon & FileMon help us in our endevours in understanding more about this program?.

It's not easy I know, to try and always 'think' like a newbie in circumstances like this but it helps..)

Regards
+Sandman

+Sandman thanks for your suggestion, I assumed certain things were known but that was my mistake, here is some clarefication.

After running this application a couple of times and seeing what kind of error messages pop up, how does the registration works do you need to restart the program for it to take affect ? It's always a good idea to run the program a couple of times and see how it works, then run FileMonitor and run the program again and check the listing for some out of the ordinary files such as license.key or something similar to that. After that run RegMonitor and run the program again and see what registry keys are being accessed and see wether the program found the key or not this should give you some idea of what to expect the program to be doing once you register it.

When dealing with serial protections there are some break points that are often used to try to follow the serial generation algorithm. These are GetWindowTextA and GetDlgItemTextA, in 90% of the time either one of these APIs would cause SoftIce to break and put you near the serial algorithm code.

Some hints about our target:
BPX GetVolumeInformationA - this will put you right at the biginning of the key generation algorithm. This algo is very simple only a couple lines of code.
After SoftIce breaks continue tracing (F10) until the RET and go past it once you return from that function start tracing (F10) slowly and look at memory addresses that are stored in the registers. do a: d eax to see what's in eax or: d *eax to see what eax points to.

I hope that give you a starting point, feel free to post any questions if you don't understand something or don't know where to start.

all tools are available at ht*p://protools.cjb.net

goatass

Greetings and salutations. Many thanks to goatass and +Sandman for the learning opportunity. As far as newbies go, I'm as green as you'll ever see but I'll try not to test your patience too much

I've got Win32Dasm and Moving Picture stand alone but I'm having a little trouble with SoftIce. What's the difference between SoftIce 4.0 and SoftIce Suite ? Is the suite a plug-in ?

CrackDoode

Hi CrackDoode,
I'm not very familiar with the SoftIce suite but I think that's SoftIce and driver studio and some other stuff...As long as it includes a full version of SoftIce it doesn't matter what you get.

goatass