Flash v3.08

Written by anTiHerO


Released: January 2001

Protection: Time-limit and registration

About Flash32


*Flash 32 is a 32 bit software running under Windows 95, Windows 98, Windows NT 4 and 2000 used to capture and save Windows screens (or parts of screens), images from files,     images from Internet WebCams, images from the Internet Explorer cache.


*Flash 32 installs itself as a tray icon  in the tray bar of Windows.


*The captures can be saved with several graphic formats, modified, printed...


*Flash 32 also allows the creation of icons, cursors,  animations (ANI, AVI, FLI, FLC and GIF), wallpapers, logos...


*A screen capture can be saved or printed without interaction with the user.


*When you click on its icon, Flash 32 displays two menus:


*:right click: setup menu, help and about

*·left click: particular captures (clipboard, webcam, animations)

Tools required

Dissassembler eg. W32Dasm
Debugger eg Softice, TRW2000
Common Sense

Target's URL



Lets Get Started!


*Before we dive in, just a few things…….I am fairly new to code reversing, so my methods may not be the easiest or correct ones, but they work!!! Anyway, the first thing we need to  do is fire up Flash32. You will see a small camera-shaped icon, if we right click on this we can see a registration option, click this, and we see the reg box with three empty fields, I filled them in as follows:



Name: HerO

First Name: anTi

Serial: 123456789



*Right, press OK, and we get the expected  “invalid key” message box. Write this down. Fire up W32Dasm and disassemble Flash32. I’m assuming your familiar with W32Dasm, so open up the String Data References, double click on our string, scroll up a few lines and we should see:





*Hehe, this looks like it isn’t going to be too difficult. We look four lines up, an see a conditional jump, JE. This is preceeded by a compare instruction, which compares eax and ecx! Should we try something which could save us a lot of tracing through code?  What should we do?



*Our compare instruction at 00421E67, is comparing two values, and if they are equal it jumps ( we haven’t looked where to yet! ), if not, it carries on through to our “invalid key” portion of code. Ah-ha! Could the compare instruction be comparing our “fake” serial against the correct serial? Well, there is a quick and easy way to find out! Write down  the address of the compare instruction; 00421E67 ,and now we want to run our debugger , and load up Flash32.  Boomph! , up pops your softice window, but we know we want the program to brake at location 00421E67, so we type:



:bpx 421e67



*You should know this means that the program will break when it executes this line of code. Press ctrl+D ( or type x and hit enter if you are using TRW2000) to close your debugger window. We now go to our registration box again and type in again:



Name: HerO

First Name: anTi

Serial: 123456789



*Hit OK, and WALLOP!, up pops our debugger window bang on;



:00421E67        3BC1            cmp eax, ecx



*Right, hit F10 once, so that our jump command line is highlighted. We want to see what is being compared in the eax and ecx registers don’t we? So type;



? eax     , what do we see? OUR FAKE REG NUMBER! Contain your excitement! What if we type;


? ecx     , whats this? –610844068  ? Could this be our real reg number? Write it down!



*Now type bc* ( or just bc in TRW) to clear all breakpoints, and close our debugger. OK, the moment of truth! Go back to our registration box and type in our details with our new value from the ecx register;



Name: HerO

First Name: anTi

Serial: -610844068



*Hit OK, hmm , no “bugger off cracker” message! Right click on the taskbar icon and select About…. : WOOHOO!!! Registered to anTiHerO ! Job done!


We could have easily set about tracing through code with our debugger from the start, but this way cuts out all that. This method doesn’t always work, but when it does!!!!!!!!









Mail me....

email: antihero@engineer.com

Final Notes

When ever there is a door,
there is an entrance.
And behind an entrance can no secret hide,
when a cracker takes his knowledge for a ride


The information in this essay is for educational purpose only!
You are only allow to crack, reverse engineer, modify code and debugg programs that you legaly bought and then for personal use only!!
To ignore this warning is a criminell act and can result in lawful actions!

So please note!
I take no responebility for how you use the information in this essay, i take NO responebility for what might happen to you or your computer!
You use this information on your own risk!!

What i mean is: Please buy the software!

Essay written by anTiHerO ©TRES2000. All Rights Reserved.