Please Read The Disclaimer Before Continuing.

I shouldn't be writing an essay on this program, but it still serves for KNOWLEDGE PURPOSES.

I wrote up an essay on how to crack this program, before I visited the author's homepage, and saw what he had to say.  Here's what he says:

"A good reason to register - The registration charges will be given to SOS Children’s Villages organisation.  SOS Children’s Villages is a non-political and non-denominational welfare organisation. SOS Children’s Villages offer abandoned, orphaned and destitute children - regardless of race, nationality or creed - a new and permanent home, and prepare them for an independent life."

What a way to make a cracker feel bad!  Nonetheless, I still published the essay for its knowledge purposes.  If you keep this program (I really don't know why you would) without paying for it, you should burn in hell.  Normally, I post the user name and serial I got for the program, but I'm not going to do that here, so lamers don't use it.

Prepare To Crack: 

After starting WinEye up, right click on the eyes in your system tray, and choose "Properties", then choose the "Registration" tab.  We need to enter a name and code. 

Our favorite methods for trapping serial numbers in Soft-Ice are GetWindowTextA and GetDlgItemTextA, so let's try those first.  To save you time, we need GetWindowTextA.

Making The Crack: 

Enter your user name and some dummy data for the code.  Press Cntrl+D to enter Soft-Ice.  Set a breakpoint on GetWindowTextA (BPX GETWINDOWTEXTA).  Press Cntrl+D again to exit back to the program.  Click on "OK".  Soft-Ice will pop up.

Now, if we think about it, the function will be called twice -- once for the user name, and once for the code.  So, the first time Soft-Ice pops.  Press Cntrl+D once, and you'll be back in Soft-Ice.  Press F11 once to exit the code, and you should be here:
 

0137:0041ED7C  FF15A0A94300             CALL    [USER32!GetWindowTextA] 0137:0041ED82  8B4D10                   MOV     ECX,[EBP+10]       :ECX will hold your user name 0137:0041ED85  6AFF                     PUSH    FF 0137:0041ED87  E8B37EFFFF               CALL    00416C3F           :call routine to process your user name 0137:0041ED8C  EB0B                     JMP     0041ED99 0137:0041ED8E  8B4510                   MOV     EAX,[EBP+10] 0137:0041ED91  FF30                     PUSH    DWORD PTR [EAX] 0137:0041ED93  56                       PUSH    ESI

You could now display the user name you entered by pressing F10 to step through the line "CALL    00416C3F", and typing d ecx.

This part of the code isn't interesting though, so we need to keep stepping until we find something that does look useful, like a compare (CMP, TEST) and jump (JE, JNE, JZ, JNZ etc).  You'll find it here:
 

0137:004048FA  8D8D8C000000     LEA     ECX,[EBP+0000008C] :ECX will hold the code 0137:00404800  E88B190000       CALL    00406290           :call function to calculate code 0137:00404805  84C0             TEST    AL,AL              :compare your code to valid one 0137:00404807  0F8584000000     JNZ     00404991           :jump to unregistered if no good 0137:0040480D  6A00             PUSH    00 0137:0040480F  6A00             PUSH    00 0137:00404811  8D542418         LEA     EDX,[ESP+18] 0137:00404815  682D010000       PUSH    0000012D

Now, to display your code, just step through the line "CALL    00406290", and display ECX by typing d ecx.