---------------------------------------------------------
How to find a serial in QuickDial v1.1
---------------------------------------------------------
Cracker: stealthFIGHTER
Target: QuickDial v1.1
Tools: SoftIce
Brain
Where: http://www.ics.uci.edu/~dmyers/software/
Sorry for my english, its not my mother language.
-------
Step 1:
-------
Run QuickDial, enter name and fake s/n. Ctrl+D to SI and
set breakpoint on getwindowtexta and go back.
Press "F5" (two inputo boxess), "F11" to a caller and you´ll be here:
* Reference To: USER32.GetWindowTextA, Ord:013Fh
|
:00402A02 FF1508C34000 Call dword ptr [0040C308]
:00402A08 8D85F0F7FFFF lea eax, dword ptr [ebp+FFFFF7F0]
:00402A0E 50 push eax <------ d eax our s/n and name
:00402A0F E88C010000 call 00402BA0 and some horrible #
:00402A14 83C404 add esp, 00000004
:00402A17 83F803 cmp eax, 00000003
:00402A1A 7723 ja 00402A3F
Nothinth interesting, yet. Go through the code by pressing "F10" (many times):
You´ll be here:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402AC3(C)
|
:00402AEC 8D95F0F7FFFF lea edx, dword ptr [ebp+FFFFF7F0]
:00402AF2 52 push edx
:00402AF3 8D8518F8FFFF lea eax, dword ptr [ebp+FFFFF818]
:00402AF9 50 push eax <----- real s/n:
:00402AFA E8D1010000 call 00402CD0
:00402AFF 83C408 add esp, 00000008
:00402B02 898534F8FFFF mov dword ptr [ebp+FFFFF834], eax
:00402B08 83BD34F8FFFF00 cmp dword ptr [ebp+FFFFF834], 00000000
:00402B0F 753F jne 00402B50 <---- bad boy
Type bc * to clear bpx.
Enter new s/n - wov, we are a registered user.
---------------------------------------
If i make a mistake, please e-mail
me to: stealthfighter@another.com
---------------------------------------04047F9 B94BC64700 mov ecx, 0047C64B