Hi and thanks for this learning opportunity,

I think I managed to register the prog, but I'm not sure. Sounds strange, I know, but this is what happened:
1. Entering wrong code does not result in any message (like wrong registration number etc. - the program just continues unregistered)
2. Bpx at GetVolumeInformationA as suggested earlier.
3. F11 and I'm in the "moving" code, probably in the routine for calculating the correct serial (lot of math expresions).
4. Cmp and then setnz seems like verification routine to me. I checked what is in eax and it was a number in hex. Converted it to decimal and put as a registration number. Again no message (no "thank you" or anything), but next time I started the prog, "Register" option in Help menu was inactive, so I guess it's registered.

Pure luck, I guess. Waiting for posts explaining the registration process from someone who understands it - unfortunatly I don't.

JaneK

Hi JaneK,
Congratulations you managed to register the program. Not showing a messagebox wether it's "Wrong serial" or "Thank you" is something that you will see alot now adays since those messages could be used as search strings and the key algorithm located in seconds.

The GetVolumeInformation API (when setting a BPX on it) will drop you at the beginning of the key generation algorithm. After more people get a chance to look at the program I will post a complete explanation and a keygen to study.

When you get to the CMP code you can see the numbers being compared (in HEX) and the SETNZ sets EAX to 01 if the two strings compared a Not Equal and sets EAX to 00 if they are equal. It's just a flag to tell the program wether you entered a good serial or not later on.

disassemble the program and look at the code below GetVolumeInformation, it's only about 5 lines long and try to understand it.

Keep learning

goatass

Hi goatass and others,
Being sort of encoureged by your reply I decided to have closer look at this routine. This is what I found:

:0040C3FF mov eax, dword ptr [ebp-08]
- serial No. of my volume is put in eax.
:0040C402 xor edx, edx
- edx=0
:0040C404 mov ecx, 05F5E100
- 100.000.000 decimal is put in ecx
:0040C409 div ecx
- divide volume’s serial no. by content of ecx, in my case (in decimal) 994.188.286 : 100.000.000=9,94188286. From this result 9 goes to eax and 94188286 goes to edx (in sice corresponding hex values can be seen inside the registers).
:0040C40B mov dword ptr [ebp-08], edx
- put edx to where volume’s serial no. was before.
:0040C40E mov eax, dword ptr [ebp-08]
- and move this value to eax.
:0040C411 cdq
- convert dword in eax to signed quadword in edx:eax. As a result this instruction assigns dividend for idiv instruction below (eax=94188286 d) and brings edx to zero (because eax is positive).
:0040C412 mov ecx, 00000003
- move 3 to ecx (assign divisor to ecx)
:0040C417 idiv ecx
- divide two signed values so divide eax by ecx (94188286:3=31396095,33)
From this result the quotient (31396095) goes to eax and the remainder to edx)
:0040C419 add eax, 00001E35
- add 31396095+7733 (that is 1E35 hex) = 31403828= GOOD SERIAL in eax
:0040C41E mov edx, dword ptr [ebp-0C]
:0040C421 xor ecx, ecx
- ecx=0
:0040C423 cmp dword ptr [edx+00000420], eax
- compare my serial with the good one.

Well, that’s what I managed to find out. I had to use asm book a lot to see what each instruction does but at the end everything started to make sense. Will be nice if you (or another reverser) can comment on this.

Thanks
JaneK

JaneK, I'm glad that you found my comments encoureging and spent the time figuring out the algorithm and in the process you learned some assembly

One thing tho, in this case don't convert the values to decimal leave them in hex only the last and final value needs to be converted to decimal so you can type it into the registration box.

I have no other comments you did a great job, you found exactly what the algorithm does and you understand it.

great job
p.s. stay tuned for my post of a keygen.

goatass