Dedication

Intoduction & Protection

iNTROdUCTION :

hi there and wellcome to another tutorial ...
People who study computer think that if i just memorized all the material then i will pass any exam , and the bad thing that it is true !! , phd holders don't give a shit to what u can do on a pc , they only give a shit for what's on the papper and by this they judge u if u can program or not , will i have one thing to say to those ppl , don't blame us the F average ppl for cracking ur program , cuz we sure can raise HELL ...

pROTEcTION :

this program needs a Registration key to register , but in this tutorial we will make the program to register by itself ... how ... read it and see !!

The Essay

o.k install the prog , it will put a shortcut on the desktop , click it to take a look at it , now after the program is opened , click on help/about , then click on the About registration , and then click on Enter registration key , and enter any key u like in my case i wrote like this:

Registration key : 1234-5678-9012-3456

now before u click the o.k button , fire softice and set a breakpoint like this :

bpx hmemcpy

then press the F5 button to quit , then press the o.k button , and softice will break , press F11 once , then press F12 for 10 times , and u should be at this code :

:004179B4 53                      push ebx
:004179B5 8D86F2030000            lea eax, dword ptr [esi+000003F2]
:004179BB 53                      push ebx
:004179BC 50                      push eax
:004179BD FF7508                  push [ebp+08]
:004179C0 FF157C434300            Call dword ptr [0043437C]
:004179C6 668907                  mov word ptr [edi], ax <-- we land here
:004179C9 46                      inc esi
:004179CA 47                      inc edi
:004179CB 47                      inc edi
:004179CC 83FE04                  cmp esi, 00000004
:004179CF 7CE3                    jl 004179B4

o.k now the above code , is reading our registration key ... now trace with the F10 button until u reach this code :

:004179D5 E8F5FEFFFF              call 004178CF <-- we step into this call
:004179DA 3BC3                    cmp eax, ebx

o.k when u are at address 004179D5 press the F8 button , then trace with the F10 command until u reach this code :

:004178D7 0FB706                  movzx eax, word ptr [esi] <-- eax has our first cell from our key
:004178DA 99                      cdq
:004178DB 59                      pop ecx <-- ecx has 0Ah = 10
:004178DC F7F9                    idiv ecx <-- divide it
:004178DE 3DAB000000              cmp eax, 000000AB <-- compare the result with ABh = 171
:004178E3 7405                    je 004178EA <-- jump if equal (we must jump this)

o.k now , remeber that i put in my first cell of the key = 1234 , now as u can see it will take the 1234 and put them in eax u can see that by writing '? eax' , now it puts 0Ah = 10 in to ecx , and divided it , 1234/10 , and check if the result is ABh = 171 , now this is easy , 1234/10 <> 171 , but if we say like this X / 10 = 171 , then 171 * 10 = X , which is 1710 , now press F5 to exit and rewrite ur key and put in the firs cell 1701 , then do the whole thing again u will see that the jump at address 004178E3 will be executed , and we will land at this code :

:004178EA 668B7E06                mov di, word ptr [esi+06]
:004178EE 56                      push esi
:004178EF E834FFFFFF              call 00417828 <-- calcualte the rest of our key, put result in eax
:004178F4 85C0                    test eax, eax
:004178F6 7507                    jne 004178FF <-- jump if not equal to error ( mu fav. jump)

o.k now this is the fun part !!
now at address 004178EF is the call to calculate the rest of our key , just bypass it with the F10 command , now when u are at address 004178F6 , u will see that it will not make the jump , now write like this :

Note : the address of the jump maybe diff. at ur machine
a    [enter]
jz 004178FF    [enter]
[enter]

o.k now clear all the breakpoints and then press the F5 to exit ...
Wow !!! it gives us the thank message , now press the o.k button , then check the about screen (help/about) it will say it is registerd , now close the program and tun it again , then check the about screen it will still say registered !!! hehehe !!

Q : So what is going on here ?
A : i don't know ask the ppl who programmed it !! , i'm just an F student !!! , but all i know that ...

NOTE

if u want to try it again ur registration key is saved at this location in the registry :

[HKEY_LOCAL_MACHINE\SOFTWARE\EmSoft\Regist]
"EmEditor-2-tm"=hex:40,8c,fd,e9,15,19,c1,01
"EmEditor-2"=hex:ae,06,61,04,a4,08,55,22

just delete these 2 keys and the prog is back to unregistered

by the way this tut. is made with EmEditor v3 v3.12 ... and it is ReGIsTeRED !!!

Final WordZ