Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Help a newby cracker
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-17-2005, 05:40
Spectrum
 
Posts: n/a
Help a newby cracker
Hi, im trying to crack a little scr.
i succeded in making it accept any serial and making it fully functionally but the problem is when i restart it, it is again unregistered.
i found it puts the serial in the registry, but i cant found where is the registry check.
i tried setting breakpoints at every Regqueryvalueexa, but its not showing.
Is there other API or something that checks the registry values when running the prog?
Thanks!
Reply With Quote
  #2  
Old 02-17-2005, 08:34
ilyacr
 
Posts: n/a
Spectrum
You use OllyDBg ?Then use a Alt+F1 -> bp RegQueryValueExA
(With observance of the register) !
or
RegCreateKey,RegDeleteKey,RegQueryValue,RegCloseKey,RegQueryValueEx,RegOpenKey
Reply With Quote
  #3  
Old 02-17-2005, 09:37
lilmeanman
 
Posts: n/a
I found that alot of programs call to the same part of the program (the serial check), many times and on program execution. This is like Local SMTP Relay Server by www.getfreefile.com.

right click and select Search For Command, then enter the serial call, and then make it accept all serials again with every find. Try it, hope it works for you
Reply With Quote
  #4  
Old 02-17-2005, 15:18
LaDidi LaDidi is offline
VIP
  
Join Date: Aug 2004
Posts: 222
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 64
Thanks Rcvd at 54 Times in 29 Posts
LaDidi Reputation: 11
An other idea
Are you sure that you don't have any call to CreateProcess ?
During the execution of the "original" proggy, some funny guys create a .exe in \TEMP (fo example) who do the the job so....
Maybe use FileMon to verify ?
To be sure of the win32 API used to check the registry, do you use RegMon ?
No, I do not work for SysInternals :-)

Maybe it will be a good idea to NOT BreakPoint at the begiginning of the Reg* API but at 3 or 4 ASM instructions after due to some stolen bytes by some proggy :-) YES, some proggy do not go at the beginning but step ahead. The begining is always the same boring : push ebp; mov ebp, esp; ....

Have fun !
Last edited by LaDidi; 02-17-2005 at 15:27.
Reply With Quote
  #5  
Old 02-17-2005, 18:01
iamritu
 
Posts: n/a
reg query
Maybe you should give "regmon" a try just to find out if its got anything to do with reg. This pro. is available for 98 and NT versions.Intially you may start with out any filter then you can set the filter to pro name as displayed in regmon.
Reply With Quote
  #6  
Old 02-17-2005, 18:50
codeX codeX is offline
{RES} Cracker
  
Join Date: Dec 2004
Location: C:\WINDOWS\SYSTEM32
Posts: 162
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
codeX Reputation: 0
Hi
Nice to see u.

Why don't you Try to find out the correct serial using bp's on GetDlgItemTextA or GetWindowTextA.

Or find out the exact reg verification CALL by looking up to the badboy message and patch the call to allways return the required value.

Also read a lot of tuts.
Reply With Quote
  #7  
Old 02-18-2005, 03:38
crkelbery
 
Posts: n/a
"i succeded in making it accept any serial and making it fully functionally but the problem is when i restart it, it is again unregistered."

Did you reversed a jnz to jz (or viceversa)?

Look at the call previous to that jump. 90% of times......the answer is inside it.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
CRC Cracker CodeCracker Community Tools 4 10-18-2017 12:18


All times are GMT +8. The time now is 17:56.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )