Hi again.
Yes, reversing register.exe is a piece of cake.

Load it in IDA and take few seconds to look at what it does.
What about those loops you talked about ? Explain in what way it's a problemn please.
Just take a look at offset 403b91, you'll find the final check
Mov EAX, computed number
CMP EAX, entered number. (425 or 936 in my lower example)
ok ... try these :
email : *put here just what you want*
serial : 1234567=425

or this
email : *still not important*
serial : whatyouwant=936

So ... it works fine with register.exe but *NOT* with the game... you can break into the game just to watch hwo it computes these 2 created registry values.

Frequency was right ! It's an EXEcryptor's work. This prog can pack and cipher very well.

Reversing it is quite hard... because of the IAT destroying, AND because it replaces (yes, recompiles) some routines in the original program. These routines are doing the same thing than original compiled code, but is replaced by an incredible piece of crap, very long and very obfuscated when only 2 or 3 bytes are really doing something hidden in a huge amount of horrible (and no-use and unreadable) code.


I'm sorry, but if you can't reverse properly the 'not protected' register.exe written in delphi, you will have some difficulties to break this really good packer called EXEcryptor.

So, just tell us what you want to do : crack the little game or break down EXECryptor.
have fun.
bye