Cannot find text in files

Hello people. I am a quite newby
I have this program. It's installation procedure with 3 cab files. These file are beeing extractet in the temp directory ( i found all the files).
The extracted files are containing:
1. Some dll's
2. Some bitmaps (used in the inst procedure)
2. One exe (it has actually another extension, but it can be dissasembled)
3 And one ASCII file with all text string that are coming in the messageboxes in the inst procedure
When i open the SETUP.exe in Olly, i cannot use breakpoints because the setup is only for unpacking the cab files. When the installation procedure starts setup is terminated and the files from the temp dir are running.
I don't know how to continue in Olly, because the instal process is already running.
When i dissasemble any file, i could not find the text string "The serial number is incorrect".
The bad thing is when i delete the BITMAPS the are no longer in the messageboxes, but when i delete the ASCII file (that's) containing all the messages (including the "The serial number is incorrect)) the message still appears!!!
I tried to run the extractet files (by copying them to another dir), no succes.
If there is someone with same expirience, please help me.
THNX

Hi there im not too sure but maybe if you check the executable modules window in olly and check the one you are looking for then when you get to the serial not accepted box pause the program in olly with F12 then check the call stack alt+K for a lead back to the program where its checking for the serial.

Quote:

Originally Posted by Wa||acE

Hi there im not too sure but maybe if you check the executable modules window in olly and check the one you are looking for then when you get to the serial not accepted box pause the program in olly with F12 then check the call stack alt+K for a lead back to the program where its checking for the serial.

Hello Wallace,


Thank you for repyling,

I will try that. In the meanwhile i managed it to unpack the CAB files (i checked everyone with PEId). I found one DLL, that PEid cannot find any signature.
I loaded this DLL in OLLY, but no text string found.
i tried the same i win32dsam, i found some dialogs, and also the serial number text.

Maybe it's packed.

I will try what you wrote.

THNX again and greetings.
P.S Sorry for my english

[omidgl]

MAHMUT : Cracking can't be done by just deleting Text-Message files. You must change the executable codes that is responsible to check the serial and make that message. Or analyzing Serial-Generation routine(function) in the executable file and make it by your own like other KeyGens.

It's better for you to start reading some Tutorials about Analyzing,Debugging and Reverse Engineering tools befor starting to crack.

Regards
OMID

Maybe because of my poor english, you misunderstood me. I didn't expect to crack the program by deleting the text file. I just ment that the text strings (like "the serial number is incorrect") i only found in that text file, and not in any exeutable.
I know that i have to find the code that checks the serial number, but i cannot, because one DLL is 99% encrypted. (Dialog ref. in Win32dsam shows that there are some bytes about serial numbers, but no offsets.
Greetings

After reading the RCEarchive i decompiled the Setup.ins with ISdoc122. I found some text about serial, it's like that:

label101:
lString6 = SUPPORTDIR ^ "lcnsinfo.bmp";
DialogSetInfo(1, lString6, 0);
StrLoadString("", "TEXT_ENTER_SERIAL_TITLE", lString0);
StrLoadString("", "TEXT_ENTER_SERIAL", lString1);
lString2 = string4;
StrLoadString("", "TEXT_SERIAL", lString6);
function16(lString0, lString1, lString6, lString2);
lNumber0 = LAST_RESULT;
lNumber2 = lNumber0 = 12;
if (lNumber2 = 0) then
goto label103;
endif;
return(lNumber0);
StrLength(lString2);
lNumber1 = LAST_RESULT;
lNumber2 = lNumber1 != 17;
GetByte(lNumber3, lString2, 3);
lNumber3 = lNumber3 != 45;
lNumber2 = lNumber2 || lNumber3;
GetByte(lNumber3, lString2, 6);
lNumber3 = lNumber3 != 45;
lNumber2 = lNumber2 || lNumber3;
GetByte(lNumber3, lString2, 11);
lNumber3 = lNumber3 != 45;
lNumber2 = lNumber2 || lNumber3;
if (lNumber2 = 0) then
goto label104;
endif;
StrLoadString("", "ERROR_SERIAL_WRONG", lString6);
Sprintf(lString5, "%s (%#lx)", lString6, -534863864);
MessageBox(lString5, -65535);
return(0);

Can anyone help me furthe how to get to the serial?

Thanx in advance

Mahmut

Hello guys!

I opened the setup.ins in a hex editor, and found the string WRONG SERIAL NUMBER. Before that there was a conditional jump (in hex 95), i changed that in uncond. jump (96) and the progi accepted any serial number i have entered.

If someone wants more detailed descripiton, no pro.

Greetings

Make sure you search in unicode too. You can use stirngs -e l <filename> for example.