Help a newby cracker

Hi, im trying to crack a little scr.
i succeded in making it accept any serial and making it fully functionally but the problem is when i restart it, it is again unregistered.
i found it puts the serial in the registry, but i cant found where is the registry check.
i tried setting breakpoints at every Regqueryvalueexa, but its not showing.
Is there other API or something that checks the registry values when running the prog?
Thanks!

Spectrum
You use OllyDBg ?Then use a Alt+F1 -> bp RegQueryValueExA
(With observance of the register) !
or
RegCreateKey,RegDeleteKey,RegQueryValue,RegCloseKey,RegQueryValueEx,RegOpenKey

I found that alot of programs call to the same part of the program (the serial check), many times and on program execution. This is like Local SMTP Relay Server by www.getfreefile.com.

right click and select Search For Command, then enter the serial call, and then make it accept all serials again with every find. Try it, hope it works for you

[LaDidi]

Are you sure that you don't have any call to CreateProcess ?
During the execution of the "original" proggy, some funny guys create a .exe in \TEMP (fo example) who do the the job so....
Maybe use FileMon to verify ?
To be sure of the win32 API used to check the registry, do you use RegMon ?
No, I do not work for SysInternals :-)

Maybe it will be a good idea to NOT BreakPoint at the begiginning of the Reg* API but at 3 or 4 ASM instructions after due to some stolen bytes by some proggy :-) YES, some proggy do not go at the beginning but step ahead. The begining is always the same boring : push ebp; mov ebp, esp; ....

Have fun !

Maybe you should give "regmon" a try just to find out if its got anything to do with reg. This pro. is available for 98 and NT versions.Intially you may start with out any filter then you can set the filter to pro name as displayed in regmon.

[codeX]

Nice to see u.

Why don't you Try to find out the correct serial using bp's on GetDlgItemTextA or GetWindowTextA.

Or find out the exact reg verification CALL by looking up to the badboy message and patch the call to allways return the required value.

Also read a lot of tuts.

"i succeded in making it accept any serial and making it fully functionally but the problem is when i restart it, it is again unregistered."

Did you reversed a jnz to jz (or viceversa)?

Look at the call previous to that jump. 90% of times......the answer is inside it.

Hi !
You wrote :
"i succeded in making it accept any serial and making it fully functionally but the problem is when i restart it, it is again unregistered."

Yes, but to do so, you probably had to modify code itself.
So what about self-verifying code ? If your scr checks its own integrity (by generating a checksum for example) or in another way, it could decide to reset password validity each time. Try looking for any memory read access in a short range near your modification using BPM xxxxxxxx R in SI.
If SI popups, then, you're in the checksum routine.

Another possibility for this proggy is to use multiple serial check routines. At startup, if it randomly use one that you've not changed yet....


So, there is too many possibilities... I suggest you to reverse the serial check routine in order to find a working serial or making a keygen instead of patching.

Hope this could help.
bye.