MemoryAnalyst v1.01 - Tutorial

http://www.epsoft.com - Webpage.
ma101.zip - (165k).

Another day and another tutorial. I found this small application at the same site as TimeWizard 95 and I just thought I'd analyse its serial # mechanism just to see if the authors were lazy. In fact, there are remarkable similarities between the 2 algorithms although this one is a little weaker in calculation but stronger in its location.

Lets take a look and try the register option, insert some details into the dialog boxes and set some Softice breakpoints, >bpx GetWindowTextA does it for me, now step a little to this code:

:00401BD9 PUSH 0043B298 <-- Pushes MA to stack.
:00401BDE LEA ECX,[EBP-08]
:00401BE1 CALL 0041AAC3 <-- Junk.
:00401BE6 XOR ECX,ECX <-- Clean up ECX.
:00401BE8 MOV EAX,[ESI+5C] <-- Name entered.
:00401BEB MOV BYTE PTR [EBP-04],01
:00401BEF MOV EDX,[EAX-08] <-- Length of name in EDX.
:00401BF2 CMP ECX,EDX <-- Compare length of name with 0.
:00401BF4 JGE 00401BFF <-- Loop. Jump when ECX = the name length.
:00401BF6 MOVSX EBX,BYTE PTR [ECX+EAX] <-- Load first letter of name value in EBX.
:00401BFA ADD EDI,EBX <-- Store in EDI.
:00401BFC INC ECX <-- Increment ECX to next letter.
:00401BFD JMP 00401BF2 <-- Repeat_loop.

So the first part of this code adds together all of the name's ASCII characters and places the result in EDI. CrackZ = 574. Then we proceed to multiply that value by 3 and that forms the numeric part of the code.

:00401BFF LEA EDI,[EDI*2+EDI] <-- EDI = 3 x 574 = 1722.
.....
:00401C38 CALL 0041AD2B <-- Add MA prefix and create good serial #.
:00401C3D MOV EAX,[EBP-14] <-- Serial # entered in EAX.
:00401C40 MOV ECX,[EBP-18] <-- Good serial # in ECX.
:00401C43 PUSH EAX
:00401C44 PUSH ECX <-- Save them to the stack.
:00401C45 CALL 00407920 <-- Compare them.
:00401C4A ADD ESP,08 <-- Stack tidy.
:00401C4D TEST EAX,EAX <-- Test EAX=0.
:00401C4F JZ 00401C9F <-- Jump_nice_buyer.

So, all this program actually does is add together the ASCII values of the name, multiply by 3 and then prefix that value with MA (Memory Analyst maybe). Creating a key generator for this application should be pretty simple and I've included my C Source Code as an attachment for your information.

I have taken the decision to remove the registration information that was here after a request by the program author, if you use his software don't be a lamer, pay him the modest registration fee.

© 1998 CrackZ. 12th May 1998.