Target: NoteBook for Windows 95/NT

Link: http://www.execpc.com/~sbd

Protection: Name/Serial

Author: KcB

Level: From a newbie to a newbie.

Tools: Softice.

Disclaimer: This document is for educational purposes only.


Introduction: This tutorial has been written stepwise so that it will be easier for people to understand. 

1. Start the program and goto the registration screen. Enter any registration information and click ok. You get a nag screen.

2. Goto softice (ctrl+d) and set breakpoints on getwindowtexta and getdlgitemtexta. These two breakpoints are most widely used to get information from edit boxes.

3. Return to the program (in sice press F5) and press the "ok" button. Keep pressing F5 but count the number of times. You should have pressed it 3 times and then returned to windows.

4. Press "Ok" agian  to enter sice (softice) but this time press F5 only twice. Then press F11 to get to the caller. You should have landed here:


///////////Code Snippet\\\\\\\\\\\\\\\\\\\


:O040EA55 6A67                    push OOOOO067
:OO40EA57 57                      push edi
:0040EA58 FFD5                    call ebp
:0040EA5A 8D442410                lea eax, dword ptr [esp+l0]<-- You should be here
:OO40EA5E 50                      push eax<---- eax now contains your reg code
:0040EA5F E87C850000              call 00416FEO
:OO4OEA64 83C404                  add esp, 00000004
:004OEA67 8BE8                    mov ebp, eax
:0040EA69 684C2D4200              push O0422D4C
:O040EA6E 56                      push esi
:004OEA6F FFl558E54200            Call dword ptr [0042E558]
:004OEA75 85CO                    test eax, eax
:004OEA77 7524                    jnz 004OEA9D

///////////Code Snippet\\\\\\\\\\\\\\\\\\\


5. Keep tracing down with F10 till you reach 0040EA77, which is the jnz instruction. Press F10 to take the jump. You'll end up here.

///////////Code Snippet\\\\\\\\\\\\\\\\\\\

:O040EA9D 53                      push ebx<---- the jump puts you here
:O040EA9E 56                      push esi
:O040EA9F E8EC650000              call 00415090<--- the call to calculating your code
:OO4OEAA4 83C408                  add esp, OOOOOOO8
:0040EAA7 3BC5                    cmp eax, ebp<---- the compare between the good and bad code
:OO40EAA9 741E                    jz OO40EAC9<---- is it good, then jump to good message, else 							   get lost

///////////Code Snippet\\\\\\\\\\\\\\\\\\\

6. Keep tracing down till the cmp instruction.

7. Type '? ebp ' and you'll see your code. Now what can be in eax?? Go ahead and type '? eax' and you'll see your very own registration code.

8. Type 'bd *' to disable all your breakpoints and then enter your registration name and correct registration code and voila.. you are now a registered owner of NoteBook.

That's it for now.

Oh! and one last thing, if you really do like the software then buy it. Do not keep illegal versions and let the other's suffer the privelage of getting softwares at lower prices. The more people register softwares, the cheaper they may turn out to be. 


KcB@cool.com