Name      : Winhacker

Version   : 2.03

Editor    : Wedge Software

Target    : wh95.exe

s/n saved : HKEY_LOCAL_MACHINE\Software\Wedge Software\WinHacker95

Tools     : W32Dasm
	    Softice
	    Brain
	    
Cracker   : LW2000

Tutorial  : No.35

http://www.winhacker.com/


---
DISCLAIMER
For educational purposes only!
I hold no responsibility of the mis-used of this material!
---


Ok, last time we fixed the exe. This time we try to get the correct serial.


1.	Go to the regscreen and enter the details:

	Name: LW2000
	Company: tKC's Cracking Tutorial
	Serial Number: 1230099

	*BOOM* 'Invalid Serial Number!'
	Seems, that we found a bug ;)
	Let's fix it.
	Load W32Dasm with wh95.exe. Click on the SDR and search
        our message text. Doubleclick on it and close the SDR Window.

	
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00412D97(C)  <<-- We go there
|
:00412DD7 8D4DF0 lea ecx, dword ptr [ebp-10]
:00412DDA 895E6C mov dword ptr [esi+6C], ebx
:00412DDD 895E74 mov dword ptr [esi+74], ebx

* Reference To: MFC42.Ordinal:021C, Ord:021Ch
|
:00412DE0 E883A90000 Call 0041D768

* Possible StringData Ref from Data Obj ->"Invalid Serial Number!"


2.	Lets go to 00412D97:

* Reference To: MSVCRT._mbscmp, Ord:0159h
|
:00412D84 8B3D5C074300 mov edi, dword ptr [0043075C]
:00412D8A C645FC03 mov [ebp-04], 03
:00412D8E FF75EC push [ebp-14]
:00412D91 FFD7 call edi   <<-- KEY Check Routine
:00412D93 59 pop ecx
:00412D94 85C0 test eax, eax
:00412D96 59 pop ecx
:00412D97 753E jne 00412DD7    IF eax <> 0 then Error message
:00412D99 FF75EC push [ebp-14]
:00412D9C FF75E4 push [ebp-1C]


3.	So, we have found the correct part. Now we use Softice to get a correct serial number.
	Enter the details and switch to Sice. We bpx on GetWindowTextA. Press F5 to return to the 	app.

	When we press register Sice pops up. Now we set a breakpoint on the serial check routine.
	(Rember the Code from W32Dasm!)
	BPX 00412D84

4.	Press F5 to execute. Go with F10 to 00412D93 pop ecx.
	Our serial put off the stack. Press F10 once more and then enter d ecx to get the correct 	serial number. Note it. Clear the bpx and return to Win Hacker.
	Now try our code.


Congratulation! You are a registered user.


FINISH! Easy, or?

cu LW2000
Any comments? Mail me LW2000@gmx.net !!!
----
tKC, thx for your tutors!
I started with tutor 1 and i still read them... they are the best!