Introduction

Web Page Creator is an average quality HTML editor that allows you to create your own web pages.
 

About this protection system

After running you ragged through a large number of calls (the programmer must have had a very devilish grin on his face), the program calculates the Registration number based on the Name that you input. The program also checks the Name's length. If the Name is not greater than 7, then you must be a bad cracker.
 

The Essay

When you first start the program, you'll notice (how not!) a nag screen in the middle of your desktop that announces at the bottom that the program is unregistered. After about 30 seconds the nag disappears and the program window pops up.

To register you have to click on Options and then click on Register.

In the Registration Name textbox, put your name/handle.
In the Registration Number textbox, put a fake registration number.

I'll warn you ahead of time that your name has to contain more than 7 characters or the program will not register.

:0046BD02 83F807   CMP EAX, 07  <- Is Reg Name greater than 7 characters?
:0046BD05 7F1A     JG 0046BD21  <- Yes? Then jump!
:0046BD07 6A00     PUSH 00      <- Set up for Invalid Registration mesg box
At this point, press CTRL-D to go into Softice.

Now, there are a lot of different breakpoints that can be set, but after trying 4 of the most commonly used ones with no success, I finally decided on hmemcpy.

Type BPX HMEMCPY and then type X to return to the program.

Ready?

Click on "OK". Bang! We're back in Softice at the start of the HMEMCPY function.

Type BD * to disable the breakpoint(s).

Press F11 to step out of this function.

Now, between here and the routine that calculates and checks the Registration Number there are a LOT of calls. I can't prove it, but I KNOW that the programmer did this on purpose to cause bad crackers to fall asleep or climb the walls out of sheer frustration (after tracing through the 9th call, I stopped writing down the instructions that I found, and started all over again).

Press F10 and keep on pressing it (unless you want to trace through all of the calls, that is. *grin*) until you reach:

:0046BD41 8B45F8       MOV EAX, [EBP-08]  <- Name that you entered
:0046BD44 5A           POP EDX        <- Fake Reg number that you entered
:0046BD45 E8DE020000   CALL 0046C028

Press F8 to trace into this call.

Press F10 over the various calls (which you might one day want to trace through to see how the Registration Number is calculated) until you reach:

:0046C073 8B45F4       MOV EAX, [EBP-0C]   <- REAL registration number
:0046C076 8B55F8       MOV EDX, [EBP-08]   <- Fake number that you entered
:0046C079 E8A277F9FF   CALL 00403820       <- Is your fake number correct?
:0046C07E 7502         JNZ 0046C082        <- No? then jump

Now, at this point, if you type D EDX you'll see the fake registration number that you entered. If, on the other hand, you type D EAX you'll see the REAL registration number.

Write this number down and type X to return to the program.

Enter the Registration number that you fished from out of Softice. Program registered.
Note: for extra credit, you CAN trace through all of the calls...;)
 
 

The 'Crack'

None.
 

Final Notes

One good thing about this program is that it allows you to re-register it as many times as you like without having to delete anything from the registry or an .ini file.
 

My thanks and gratitude goes to:-

Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.

+ORC for showing me the light at the end of the tunnel.
 

Ob Duh

Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to  produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.

If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.

Essay by: KLee8084
Page Created: 11th August 1998