Tutorial created: 6th November 1998
Version 1.1, last updated: 25th December 1998
Finding the serial number of Photo Gallery Compiler v2.01
| Version 1.1 | Download [tutorial 4] and read it offline |
Photo Gallery Compiler allows you to create screen savers that run on Windows 95 and NT systems. You can use any JPEG or Windows Bitmap to compose a new screen saver. Your final result wil be a *.scr file or a self installing executable.
However, there is a less nice feature: while running the screen saver there is an annoying message showing everybody who is watching the following: "DEMO - Not for Sale or Distribution". In other words: you didn't pay to get a serial number in order to remove this message. Just a minute, don't pay yet, but read this tutorial first!
[Photo Gallery Compiler v2.01].
The only cracking program you'll need is W32Dasm.
W32Dasm v8.93 is available by following one of these great links:
Install the program, make some screen savers, install them and take a look at the About window untill you're close with this piece of software.
The first thing you see when you start the program is the About window. You have to fill in an owner name and a key. Just give it a try, you never know if you are a lucky dog!
Are you? Me neither, so let's go on.
Keep the Warning message "Invalid Owner/Key Pair" in your mind.
You should also have noticed that your key can't be longer than 5 characters.
Now close Photo Gallery Compiler and start your disassembler program W32Dasm. Let's disassemble the Photo Gallery executable: Disassembler, Open File to Disassemble.. and select Compiler.exe in the Photo Gallery Compiler directory.
The file should be disassembled after a certain period of time.
We still have the message "Invalid Owner/Key Pair" in our mind, so let's do something with it. Select Refs, String Data References and double-click on "Invalid Owner/Key Pair". Close the W32Dasm List of String Data Items.
Press a few times arrow-up until you see the following code:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044DC43(C)
|
:0044DC6E E84DB1FEFF call 00438DC0
:0044DC73 84C0 test al, al
:0044DC75 7530 jne 0044DCA7
:0044DC77 6A30 push 00000030
* Possible StringData Ref from Code Obj ->"Warning"
|
:0044DC79 68F4DC4400 push 0044DCF4
* Possible StringData Ref from Code Obj ->"Invalid Owner/Key Pair"
|
:0044DC7E 68FCDC4400 push 0044DCFC
:0044DC83 8BC3 mov eax, ebx
:0044DC85 E80619FDFF call 0041F590
:0044DC8A 50 push eax
Take a look at the first part. Before the test and the "jump if not equal" (jne) there is an address call. Let's see what can be found there: Search, Find Text and fill in :00438DC0. Attention! Search in the right direction. You should see this:
:00438DC0 53 push ebx
:00438DC1 A198274500 mov eax, dword ptr [00452798]
* Possible StringData Ref from Code Obj ->"62571"
|
:00438DC6 BA008E4300 mov edx, 00438E00
...
What's there between quotation marks? A five digit number! Who knows ?????????!!!!!!!!
Let's try. Launch Photo Gallery Compiler 2.01 and fill in your name and the key. It works!
Just now you found the right key inside the program, but this tutorial isn't a blueprint to find the right registration key in other programs too. Many of them are protected in a much smarter way.
The Photo Gallery Compiler key will work with any name you fill in. If I could create such a nice piece of software, I think I would spend more time in a solid protection scheme! Have fun with it!
| SNOWCAT | |
Tutorial created by Snowcat Tutorial created: 6th November 1998 Version 1.1, last updated: 25th December 1998 |