Numega Softice 4.05

Some asm knowlege

PE Identifer

Author: hEYWIRE

About:

The purpose of this Tutorial is to offer help to anyone wishing to study the art of Reverse Code Engineering. Breaking protection systems in programs is an intellectual challenge, it should NOT be used to steal software. REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! . Peace hEYWIRE

Program Info:

Welcome to CoolSpeech, the text-to-speech player for Windows! It empowers users to experience the wonderful text-to-speech technologies in many ways:

* Listen to online news from any URL you specified!
* Convert your text into spoken WAV files easily!
* Listen to your new messages from your email accounts!
* Listen to every word or sentence you've just typed!
* Listen to the text copied to the Clipboard immediately!
* Schedule files, URLs and emails to be read aloud!
* Tell the time and the date in different styles!
* Support almost all computer voices nowadays!
* Many more funny and useful features!

Registering :

Ok run the target program, and enter in you registering details. Don’t hit ok yet, you should know what to do by now. Scan the program with your favorite PE identifier. We know it’s not packed/encrypted and it’s written in Delphi. We also know what API to break on. (If not read last tutorial)

Break into SoftICE and set the breakpoint ‘bpx hmemcpy’. Hit F5 and then click on Enter Details. SoftICE should break. As there is two textboxes hit F5 again and then hit F11 to return to the call. This should be all basic stuff. Lets do a search for the user Name you entered.

S 0 L FFFFFFFFF "heywire"

At the code location where your user name is found, set a breakpoint on it. Hit F5 and keep traceing. You will come to a call where it changes all lowercase characters of you user name to uppercase. Keep traceing till you land here:

Follow the program with SoftICE and you will understand it quicker all the above loop does is this:

Ok so we got a number for our name, might be the serial number but let’s keep traceing. Hit F12 a few times to go to the next return (RET) and trace a bit till you land here:

0167:00404A33 TEST EDI,EDI

0167:00404A35 JZ 00404AA2

0167:00404A37 MOV EAX,[ESI-04]

0167:00404A3A MOV EDX,[EDI-04]

0167:00404A3D SUB EAX,EDX

0167:00404A3F JA 00404A43

0167:00404A41 ADD EDX,EAX

0167:00404A43 PUSH EDX

0167:00404A44 SHR EDX,02

0167:00404A47 JZ 00404A6F

0167:00404A49 MOV ECX,[ESI]

0167:00404A4B MOV EBX,[EDI]

0167:00404A4D CMP ECX,EBX ;compare the number got for our name to dummy serial number

0167:00404A4F JNZ 00404AA9 ; good cracker/ bad cracker

0167:00404A51 DEC EDX

0167:00404A52 JZ 00404A69

0167:00404A54 MOV ECX,[ESI+04]

0167:00404A57 MOV EBX,[EDI+04]

Ok we see at code location 00404A4D the program is comparing the number we got for our name to our dummy serial number. When on the JZ below reverse the flag ‘R FL Z’ and Hit F5 a few times. We land out of SoftICE and back at the program. No messagebox? Lest got to about, the BUY menu is grayed out, looking good. Restart the program and your not asked to enter any registration number. Great the program is registered. The next thing to do is make a Keygen for this Program with you Favorite programming Language any would do.

Final Notes :

That’s it for this Tutorial, hope you learned something, if there is any spelling mistake or grammar errors then forgive me, IM only human. Just a short note, REMEMBER, I do my cracks/keygens as a hobby and challenge, so please, if you like the utility you crack and keep using it, support the author and pay for it! Peace hEYWIRE