WorkStation Lock v2.6 - Tutorial - Webpage.
WorkStation Lock v2.6 - Local Download (103k).

Welcome to another tutorial specifically aimed at very new reversers. WorkStation Lock is a small application which is ideal for those looking to get some practice with SoftICE. v2.6 is also an old version and thus will not damage the authors (the latest version has an improved scheme). Without further ado, launch the file wrkset.exe and locate the Register option accessible from the Help menu. You'll be confronted with a single dialog box asking for a registration number.

So just enter any number in the box (there's no set length), don't push O.K yet, you'll need to set some breakpoints on likely Windows functions used to read a value from this dialog box. You'll find that GetDlgItemTextA works well (trial and error). So set a >bpx GetDlgItemTextA in SoftICE, as soon as you click O.K and then F11 you should be looking at this code (push F10 a few times if you aren't).

:0040226A LEA EAX,[EBP-68]
:0040226D PUSH EAX
:0040226E CALL 004018EC <-- Retrieves single user license number.
:00402273 POP ECX <-- Pop single user license number.
:00402274 LEA EAX,[EBP+FFFFFF64]
:0040227A PUSH EAX
:0040227B CALL 004020B3 <-- Retrieve site license number.
:00402280 POP ECX <-- Pop site license number.

:00402289 CALL 00403490 <-- Compare user number with single user.
:0040228E POP ECX <-- Code entered.
:0040228F TEST EAX,EAX <-- Test EAX=0.
:00402291 POP ECX <-- Good code.
:00402292 JNZ 004022A2 <-- Jump_not_single_user.

:004022AD CALL 00403490 <-- Compare user number with site license.
:004022B2 POP ECX <-- Code entered.
:004022B3 TEST EAX,EAX <-- Test EAX=0.
:004022B5 POP ECX <-- Good code.
:004022B6 JNZ 004022E3 <-- Jump_bad_code_else_continue_site_license.

This code fragment should be fairly simple to understand, the program contains 2 hard coded registration numbers and will firstly compare your entered code to the single user license before comparing it against a site license, should you fail those checks then your code is obviously incorrect. There are several opportunities to snatch the respective good codes from the ECX register as it is popped from the stack, just type >d ecx to view them in the SoftICE data window. The registration information appears to be stored in the file kclkrw10.reg which is stored in the /WINDOWS directory.

WorkStation Lock v2.6

Single User License: 2465535864435543654
Site License: 5735435434154321554

You have finished reading another tutorial courtesy of CrackZ's Reverse Engineering Page.
Find a quick way back to more documents with this link.

Return to Main Index, New Reversers.

© 1999 CrackZ. Revised 13th March 1999.
<--- jump to 00401D0D