The first thing that you notice with this crackme is that it gives you a message and a beep after you have entered an incorrect serial number. This usually means a messagebox, so enter the breakpoint
bpx messageboxa
Now enter your name and serial number.
Sanhedrin
12344321
Press Validate and you will land at:
* Referenced by a CALL at Address:
|:00441B21
|
:004417B4 6A00 push 00000000
* Possible StringData Ref from Code Obj ->"Reg.Error"
|
:004417B6 68D4174400 push 004417D4
* Possible StringData Ref from Code Obj ->"Invalid Serial - Use the Serial "
Re-enter you name and serial number and press validate. Once you have broken into Softice type
D EAX <-----the number that we entered (12344321)
D EDX <-----the real serial number (IRE-1639033)
--Reversing the code--
The other method of cracking is changing the code. In this case, changing
00441B18 7507 jne 00441B21 (found at 00040F18h)
to
00441B18 7407 je 00441B21
and the program will be cracked.
--Final notes--
Sometimes it is just as easy to start at the end (error message) and work your way backwards to find that magic compare code, as it is from the beginning.
Thanks to all of those coders that make these crackmes.