L ZZZZZZ RRRRR SSSSS L Z R R S L aaa Z aaa R R u u S L a Z a RRRRR u u SSSSS XX L aaaa Z aaaa R R u u S XXXX L a a Z a a R R u u S XXXXXX LLLLLLL aaaaa ZZZZZZZ aaaaa R R uuuuu SSSSSS XXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXX XXXXXX XXXX proudly presents his 25.Cracking Tutorial (09.07.1999) XX A quick and easy explanation why hmemcpy can fail *sometimes* I. Introduction II. The essay III. BTW IV. All Tutorials by LaZaRuS I. You surely know this, too. You enter a serial and a name, set a breakpoint on hmemcpy and push the "Register" button. You expect SICE to break, but nothing happens. Damn, how are the programmers able to get rid of the hmemcpy function??? II. The essay It can be pretty easy. I will explain it in the syntax of a C++ Builder program. Delphi is nearly the same. As you might know there are two "important" events that can be used to get the serial of a edit field: When you have a button, then the OnClick event should be the one where our name and serial is read. When there's no (or a disabled) button - like in WinAmp - and the serial is checked directly when you enter it the OnChange event of the edit field will do the job. Now there's an easy way to fool a cracker. Create two edit fields and a button. Store the name and the serial in a variable when the OnChange event is taken, and calculate the serial from these variables, when the OnClick event is taken. Example source (I defined two global variables - name and ser above): void __fastcall TForm1::Edit1Change(TObject *Sender) // when the value of any of the edit { // fields is changed, this code will be executed name=Edit1->Text; // save the name in name ser=Edit2->Text; // save the serial in serial } //--------------------------------------------------------------------------- void __fastcall TForm1::Button1Click(TObject *Sender) { if (name.Length()>3) // if length of name > 3 { int serial=0; // initialize serial; serial += name[1]; // add ASCII(first char) to serial serial += name[2]; // add ASCII(second char) to serial serial += name[3]; // add ASCII(third char) to serial serial *= serial; // serial = serial * serial if (ser==serial) YouDidIt(); // if serial = the serial you entered, then "Good guy" } } eof I know what you'll say. SICE *will* break at hmemcpy inside the OnChange event. Perfectly right, but as you might have experienced. SICE will *always* break when you enter something to a edit field whether a OnChange event is defined, or not. And it won't break twice in the above source. So you will think: "Ah, the standard when-I-enter-something-hmemcpy-break" when you enter something. But that's obviously not true. In this section of the code, the text from the edit fields will be put to a variable, so it has not to be done at the OnClick event. This will disable hmemcpy in the OnClick event, as there are only calculations with values we have already loaded into the RAM. All the other standard breakpoints (GetWindowTextA, GetDlgItemTextA...) will be disabled in this way, too :) III. BTW Greets to: tKC, Ed!son, Moral Insanity, +Sandman, Fravia+ and everyone at #cracking4newbies, +Sandman's forum and Fravia+'s forum. IV. All tutorials by LaZaRuS Since 4th of July I made 19034 left clicks, 739 right clicks, 3016 double clicks and 135526 key strokes. In this time my mouse moved 455,019 meters over the screen. (reported by ToggleMouse; cracked by myself - of course ;)