Jan 17th 2000

Tutorial #3


Win Code Reversing



by NchantA



Code Reversing For Beginners 





Program Details

Program Name: Neatpad v2.00

Program Type: HTML editor.

Program Location:  http://neatpad.hypermart.net

Program Size: 847,872 bytes





Tools Used:

Softice (I use v3.25)





Easy ( X )  Medium ( )  Hard (    )  Pro (    )  

"Violence is the last refuge of the incompetent" - Asimov




"Research is vital to success..."



  A HTML and multi purpose editor that sits in the system tray and can run programs and FTP site. A well designed interface makes this tool better than most.


About this protection system

Serial number based on the user name that you put in when you install windows...located under,


under the string value of


Where XXXX is your name.

The Essay 

Hi Again from the australian cracker. Summer's here again and its a scorcher down under :)

Its damn hot, and programs are getting easier to crack (or is that just me?).......

Today I am cracking a program called NeatPad...I dont/wont use it, I reckon its pretty crap. 

This tutorial is being written mainly to warn Delphi users about the dangers of comparing codes.

I personally like the idea of the reg number being based upon the user name in the registry ( you can change this!), but i feel he has let the rest of his routine down by doing a straight compare, right after the break in softice. Anyway im getting ahead of myself (its soooo hot).

OK, load up the program (what no nag screens?) and check all the usual places for registration forms...I found it under the preferences (goodness knows why).

Look at the user name, yes, its the one that M$ windows uses so much. you cant change this in the program, but you can change it in the registry if you want. put in some fake reg number in the edit box and quickly duck into softice and do a bpx hmemcpy (Delphi bow before my attack!!!), hehe, and press OK.

good it breaks, press F11 to goto caller and disable your breakpoints (bd *). press F12, 6 times to get to neatpad and another 5 times to get to this part of the code:

:0047D220 E80F2EFAFF........ call 00420034

:0047D225 8B45EC ..................mov eax, dword ptr [ebp-14] <<<<<<<<<You land here.

:0047D228 8B1540BD4900.... mov edx, dword ptr [0049BD40] <<<<<<A pointer to memory

:0047D22E E8216CF8FF ........call 00403E54 <<<<<<<<<<<<<<<<<<<Comparing codes?

:0047D233 750C........................ jne 0047D241<<<<<<<<<<<<<<<<<<<Jump to Bad Reg Code??

You see it do you?? Good...step past the mov edx instruction and do a 'd edx'. BOOM. Thats all there was to it.

my User Name was: 'NchantA'

my serial was 'NP-116183966400101618R'

Easy huh.

Why oh Why do programmers goto all the trouble of getting the user name from registry and then creating a big long code based on that name when its in plain sight for everyone( with softice :)) to see?

They must be morons.

Delphi shareware programmers (I like Delphi), please realize the stoopidity of what u are doing. At least make an effort to change the user input and the check against the code...There are lots of ways to hinder the average cracker, :).

Im getting too hot sitting here typing...So i will stop now..i hope you learnt something wether u be a cracker or programmer.

Shoutz to all the evc members, Dead-Mike and R!SC especially. Greetz to nitrus-, Muad`Dib and every other smart ass in #Cracking4Newbies on EFnet IRC.

Iím out..............................NchantA................................tuo m`I

E-mail with any questions, comments, idle talk, general chitchat, gossip, news, or crap to:



Ob Duh 

Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will continue to  produce even *better* software for us to use and more importantly, to continue offering even more challenges to breaking their often weak protection systems.
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.

push edi