FTPSearch : tekfct95.zip.
A definite tool of the trade, TechFacts also houses a protection scheme which enables me to illustrate a very useful reversing trick. Lets launch the program and take a look, just a shareware nag screen, if you look at Help / About / Use Reg Key you'll be confronted with the following screen.
So lets try some information and select Register, note the precise text of the failure message "Registration Key Failed!". Lets take out W32Dasm and locate that String Reference, you should find it at this code (note this is the deciding jump).
:00485D95 INC ECX
:00485D96 CALL 00402CD4 <-- Deciding function call.
:00485D9B JNZ 00478C1F <-- Jump_to_msg_Registration_Key_Failed.
Now that we can see the address of the deciding jump, we can trace
using SoftICE. However, if you try this you'll be heading for some fairly
tedious stepping, so lets use a different tactic. Lets patch the instruction
(say the INC ECX just before the critical jump) to an int 3 (opcode CC) which we can then break on using
SoftICE's >bpint command. So, in hiew search for the following:
41 E8 B1 CF F7 FF 0F 85
CC E8 B1 CF F7 FF 0F 85 <-- Patched INC ECX to INT 3.
Now lets launch TechFacts again and reach our registration dialog, now set the SoftICE breakpoint >bpint 3. When you click register you'll be returned to SoftICE, now you should assemble back in the INC ECX instruction using the >a command. Then you can simply reverse the jump or modify the zero flag to make the program believe your code is good (and in this instance the program will be permanently registered).
Be sure (once you have registered) to use Hiew and repatch the INT 3 just in case of problems. You might also like to examine the protection scheme itself (a registered code of some description (not the actual code) is written out to the registry - use a monitoring tool to locate it).