How to find the real serial number for WinAmp 2.08
+---------- ---------+
+ Project 2
Required:
* SoftICE for Windows
Because we aren't patching it, it won't be necessary to use an editor. First of all run WinAmp and go to the Registration screen. The registration-box will ask you for a name and a registration number. We also see that the [OK]-button is disabled. Type in your name and a random serial, I used "Cerberus" and "12345" It is very likely that the button will enable if you enter a valid serial number. It will have to check the text you entered. Go to SoftICE with [Ctrl+D] and set breakpoints on the common textbox-instructions. (GetWindowTextA and GetDlgItemTextA, the A says it is 32-bit). Go back to the program with [Ctrl+D]. Nothing happens, so change the serial. And the moment you pressed a button, SoftICE popped up. You are now in the "USER32!GetDlgItemTextA" function. Press [F12] once to exit it. You now see this:
Every program has one weak point, no matter how hard it is to crack it. A program has to compare something with something else. This is usually done by the TEST or by the CMP instruction, if the comparison is correct, the zero-flag will be set. In SoftICE you can see if the flag is set by looking at the line at the top row at the right. There you can see the line: "o d i s z a p c". If one of these flags are set, it is converted into a blue capital. The "z" is for zero flag. After the compare there is an instruction which is based upon the zero flag. Often an conditional jump (je/jz/jne/jnz (Jump if Equal / Jump if Zero-flag is set / Jump if Not Equal / Jump if Zero-flag is Not set)). We step through the program [F10] until we see one of the compare-instructions. We see this:
CS:00402AAD 51 PUSH ECX
CS:00402AAE E89DE30100 CALL 00420E50
CS:00402AB3 83C404 ADD ESP, 04
CS:00402AB6 3BC7 CMP EAX, EDI *
CS:00402AB8 750C JNZ 00402AC6
(The registers vary from version to version!!)
Before calling an address, the registers with important contents are pushed onto the stack. That doesn't mean the contents has anything to do with the check! In "EAX" you have most of the time the most important parameter, so type "? EAX" to see what the value is, and look at the result!!! Our serial. Then look at the marked line! Go to that line, using [F10] as the stepping-button. It is comparing a value to "EAX", at first sight it appears that "EDI" has the correct serial, but when you type "? EDI" you see our serial again, so probably you can find the correct one in "EAX". Type "? EAX" and look at the decimal value. Well it looks like a serial, so write it down. Mine was '22769847'. You will probably have an other. Disable the breakpoint ("BD *") and exit SoftICE (Ctrl+D). Enter the value you found in "EAX" as a serial, and you can press the [OK]-button!
If you want to E-Mail me, and you want to, mail to this address:
cerberus_x@hotmail.com
Cerberus
-----------------------------------[ Einde ]------------------------------------
