http://www.teleport.com/~mmc/strip_it.htm - Webpage.
istrip_it.exe - (761k).
Welcome once again. This program and tutorial is ideal for beginners, although more experienced reversers may like to look elsewhere or produce a key generator. As you might guess I write these tutorials some time after examining a protection scheme, after only 15 seconds inside SoftICE I was able to register this program. So quickly start the program and locate a purchase option accessible from Help.
So lets enter some details. I'm using CrackZ and 12345678, now >bpx Hmemcpy in SoftICE and perform the necessary returns. I think in most of my other tutorials I've advocated using F10 to step so as not to miss any key code, however in this case you can just use F12 instead, you'll need to push it around 10 times to get at the necessary code, which looks like this:
:0047518C MOV EDX,[EBP-0178] <-- Code entered.
:00475192 POP EAX <-- Good code.
:00475193 CALL 00403F04 <-- Compare_the_codes.
:00475198 JNZ 004751FF <-- Jump_bad_guy.
Needless to say I will resist the temptation to label this scheme as
totally incompetent. If you are just interested like I am in investigating
key generation methods, I advise allowing one break on Hmemcpy and then setting
a breakpoint on the memory address of the name with >bpm.
Ironically the actual code calculation routine (CALL 004632BC) isn't particularly weak,
there's some early XOR-ing of the name values as well as some fairly long
mathematics, note the value of EAX at the end of the function.
The good code for this program is written out to the registry, a word of advice though, after you have registered be careful unregistering (deleting the name key is not a good idea). I'll leave it as usual to your customary discretion as to whether you wish to patch this program or register it personally for your own evaluation usage, as none of the actual help files seem to have been made available in this release I would advise against purchasing just yet.