In the Name textbox, put in your name. I put in KLee8084. Notice that the program automatically capitalizes all of the letters that you enter. In the Number textbox, put in a fake registration number. I put in 76543.
 
Now we want to set a breakpoint in Softice.
 
Press CTRL-D to go into Softice. Once there, type BPX GetDlgItemTextA (I first used GetWindowTextA, but that was not the function that was called.).
 
Type X to get out of SoftIce and back to the program.  Ready? Click on OK.
 
Back in SoftIce, notice that we are at the start of USER32!GetDlgItemTextA. Press F11 to step out of the function.
 
Here is what we have:
 
:00402558 CALL [USER32!GetDlgItemTextA]
:0040255E PUSH 00
:00402560 MOV EDI, 00410B30           <- the name that you entered
:00402565 PUSH 00
:00402567 PUSH 000003FC
:0040256C PUSH ESI
:0040256D CALL [USER32!GetDlgItemInt] <- get the reg # that you entered
:00402573 MOV ECX, FFFFFFFF <- Set up for getting the length of user name

*NOTE: if you look at the value of EAX, you'll see that it already holds the length of the name that you entered.

:00402578    MOV [0040A554], EAX
 
If you scroll down, you'll see the routine that calculates the registration number based on the name that you entered.

:00402584    MOVSX EAX, BYTE PTR [00410B30] <- first letter of name you
                                            <- entered
:0040258B    IMUL ECX, EAX
:0040258E    SHL ECX, 0A
:00402591    ADD ECX, 002F8CC
:00402597    MOV [0040A550], ECX          <- Real registration number
:0040259D    CMP [0040A554], ECX
:004025A3    JZ 004025D6                  <- Same? Then jump to good code.
:004025A5    CMP DWORD PTR [0040A554], 0361DECA   <- Well!!! A MASTER REG
                                                  <- NUMBER
:004025AF    JZ 004025D6                  <- Same? Then jump to good code.
:004025B1    PUSH 30               <- Start of REGISTRATION ERROR routine.

Press F10 until you reach :0040259D.

If you type ? ECX in Softice, you'll see the hex, decimal, and ascii values of ECX. The decimal value is the registration number.
 
If you type ? 0361DECA in Softice (from the CMP instruction in :004025A5), you'll see that the decimal value is 56745674. This is the Master Registration Number. No matter what name you put in, 56745674 will register the program.

Program cracked.

The 'Crack'

 
There is no crack, per se. We have found, though, that if we put in 56745674 in the Number textbox, we can put in any name that we choose and the program will become registered.
 

Final Notes

 
CLine97 is a small program that had me scratching my head for a time, trying to reverse the calculations, until I thought to look at the decimal values of EAX and ECX. *grin*

My thanks and gratitude goes to:-
 
Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.
 
+ORC for showing me the light at the end of the tunnel.
 

Ob Duh

 
 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to  produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
 
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.