WebGenie Site Sponsor Program (SSP) offers you a cost-effective way to increase the number of your advertisement banners, by giving an incentive to small to medium web site operators to display your banner on their sites.It lets you create the tools needed to manage sponsors and click throughs to your site.

The term, sponsor, refers to web site operators displaying your banner or icon, not those advertising on your site.  You have, therefore, the obligation to reward these sponsors for their effort. This reward is normally not an up-front cost and can be in any form that will entice webmasters to display your banner. For example, you can state that for every click through to your site you will give a certain amount, or for every sale that results from a click through you will give a commission to your sponsor."
 

About this protection system

 
The protection system in this program is loosely based on the fact that you have to 'buy' a license every month that will then cover you for 30 days of use from this program. It also uses an innocent looking called ESVIATLE.ENT (just 13 bytes long) which is stored in your C:\Windows directory to hold your 'credits'.  Credits are the total number of days you can use this program before it expires. Each time you buy a 30 day license the program then 'adds' 30 days of unlimited use to the current number of days you have left and stores these 'credits' in the file ESVIATLE.ENT file.
 
When you first run this program the program automatically gives you 30 days free use and creates the ESVIATLE.ENT file with the following information:

907349483

Now this number directly controls the number of days this program will expire, which as mentioned above, you can 'top up' by buying extensions to your user license.

I've checked the information this program uses in the System Registry File and can say that it does not use it for storing these 'credits' so don't waste your time looking in here.
 

The Essay

     
In response to a posting in the Cracker's Forum requesting more information on this program I decided to have a look at this program and after discovering it's hidden secrets I knew right away that this would make a great Essay.. In fact it would make a great program for newbies to practice on, since it will required the use of Softice and FileMon together in order that you will understand it's inner workings..
 
Let's begin..

Fire up WebGenie Site Sponser, you will be greeted with a message box informing you that the program and any CGI scripts will expire in 30 days.. This is the program's nag screen.. Click on the 'OK' to clear this nag screen.
 
Now click on the 'Register' button, the Registration Screen now appears and your asked to enter a Registration number.

OK, now type in some numbers, I used: 5555555555 but you can use any sequence of numbers you like.
 
At this point we need to set a Softice breakpoint, so press the Ctrl & D keys together.

I originally tried to get Softice to break on the MessageBoxa system function but it seems this program doesn't use this system function. No problem-o, we will use another bpx breakpoint, one which turns out to be the BEST one we could possible use!.
 
While still in Softice type: bpx getwindowtexta followed by x to leave softice

GetWindowTexta is a 32-bit system function provided by Windoze that many programs use to grab the text you type into the program itself, which in this case it will use GetWindowtexta to grab our our *fake* serial number. One of the BIG advantages to using Softice to break on the GetWindowtexta system function is that we can break in the program exactly when the program grabs our *fake* serial number, this then allows us to then track what the program does with our *fake* serial, step-by-step.
 
Right, we've setup Softice and it's ready go, so click once on the 'Record Code' button an Softice will now break... Press the 'F11' key once and you should see the following code snippet...
 
It's worth pointing out here that this program ALSO uses the GetWindowTexta to display it's "Tool tips" as the mouse cursor rests over the buttons, so IF you DON'T see the code snippet shown below then Press the 'F11' key AGAIN.

 
:0040C2A2 E86B220300   Call USER32.GetWindowTextA ;grab Fake Serial
:0040C2A7 33DB         xor ebx, ebx               ;clear ebx register
:0040C2A9 EB11         jmp 0040C2BC               ;jump to serial # loop

* Referenced by (C)onditional Jump at Address: :0040C2C6(C)
;This section of the code simply loops through our *fake* serial number
;and checks to see if their are any invalid characters used.
 
:0040C2AB 0FBE441DC4   movsx eax, byte ptr [ebp+ebx-3C] ;get byte from our
                                                        ;fake serial #

:0040C2B0 50           push eax                         ;save it
:0040C2B1 E8B6DD0000   call 0041A06C                    ;check if valid Num
:0040C2B6 59           pop ecx
:0040C2B7 88441DC4     mov byte ptr [ebp+ebx-3C], al    ;place byte back in
                                                        ;our fake serial #
:0040C2BB 43           inc ebx                          ;get next number in
                                                        ;in our fake serial

* Referenced by a (C)onditional Jump at Address: :0040C2A9(U)
;Start of our Serial number loop
|
:0040C2BC 807C1DC400   cmp byte ptr [ebp+ebx-3C], 00 ;Check if we are at
                                                     ;the end of the serial
                                                     ;number!
 
:0040C2C1 7405         je 0040C2C8                   ;Finished? then exit
                                                     ;this loop

:0040C2C3 83FB1F       cmp ebx, 0000001F             ;The program now
                                                     ;checks to see if we
                                                     ;have reached the max
                                                     ;number of letters
                                                     ;allowed by this
                                                     ;program. Max = 31

:0040C2C6 7EE3         jle 0040C2AB                  ;If there are still
                                                     ;some more letters of
                                                     ;letters/nums then
                                                     ;keep checking them.

* Referenced by a or (C)onditional Jump at Address: :0040C2C1(C)
;Come when finished checking and validating our *fake* serial #
 
:0040C2C8 8D571F       lea edx, dword ptr [edi+1F] ;edx = REAL SERIAL!
:0040C2CB 52           push edx                    ;Save edx register
:0040C2CC 8D4DC4       lea ecx, dword ptr [ebp-3C] ;ecx= FAKE SERIAL!
:0040C2CF 51           push ecx                    ;Save ecx register

;If you type: d edx then softice will show you your 1st valid serial
;number which is: TR17357C00

:0040C2D0 E805210300     Call KERNEL32.lstrcmpA ;Compare BOTH serials
:0040C2D5 85C0           test eax, eax
:0040C2D7 7560           jne 0040C339 ;Serial not correct? then check to
                                      ;see if its one of two other serials

At this point if your *fake* serial does NOT = the *real* serial number then the above jne 0040C339 will take you to the NEXT serial number comparison routine which now checks to see if your *fake* serial = TR17357CN1.

If that fails then the program will automatically take you to the next and final serial number comparison routine,  which it then checks to see if your *fake* serial number = TR17357CN2.
 
So there you have it, three possible serial numbers to choose from.

Still want MORE!!...
Well OK, here's perhaps something better..

Remember I mentioned earlier about this program creating a 13 byte file called ESVIATLE.ENT in your C:\Windows directory?, well if you edit it using NotePad and CHANGE the numbers you see in this file :-

907349483 CHANGE TO >>>>>>> 9999999999

That's TEN 9's not nine 9's.

Now save it..

Now when you restart this program you will see that you have OVER 14,000 days to use this program BEFORE it expires!!
 
Job Done...
 

The Crack

     
None required.
 

Once you've made a list of these 'unknown' files then open all of them up (try using NotePad ) and see what's inside them. Nine times out of a hundred the best files to pay close attention to are those that are around 2K or less in size since these will usually contain our User details, or serial numbers in them. If your lucky as I was in this case, the file we're interested in is not encrypted and in plain ascii.
 
My thanks and gratitude goes to:-
 
Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.
 
+ORC for showing me the light at the end of the tunnel.
 

Ob Duh

 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will be encouraged to producing even *better* software for us to use and enjoy.

Ripping off software through serials and cracks is for lamers..
 
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.