WinAmp 2.0 by noName

Target: WinAmp 2.0 [*]
Tools : SoftICE [**]

Introduction and history of the program:

WinAmp is the most popular MP3 files player. Versions 1.x were free, but since programers saw, that WinAmp is so popular they want 10 bucks for the serial number. Ah! - commercion.

Let's begin: Start WinAmp, from menu choose "WinAmp...", go to the "Shareware" tab and click on "Enter Registration Info" btton. The window with two edit fields shows: "Name:" and "Reg#:". The "OK" button is inactive... Set breakpoints on standard getting-text-from-dialog-windows functions:

bpx getdlgitemtexta   (for getting text)
bpx getwindowtexta    (as above)
bpx getdlgitemint     (for getting integer numbers)

Enter your Name... Oops! - program checks typed text after every key. Temporary turn off breakpoints ("bd *") - for your psychical health, and finish entering data. Now turn on breakpoints ("be *") and enter any digit into "Reg#:" field - the SoftIce pops up. Press Ctrl+D (or F5) and you will be on the second breakpoint.

Hit F11 to get out from getdlgitemint API function. Now you are in code of WinAmp, wich looks like this (adresses may be diffrent):

0177:0040371E  53                  PUSH    EBX
0177:0040371F  688C040000          PUSH    0000048C
0177:00403724  FF7508              PUSH    DWORD PTR [EBP+08]
0177:00403727  FF15B0664400        CALL    [USER32!GetDlgItemInt]  <-- here we are
0177:0040372D  8BF0                MOV     ESI,EAX
0177:0040372F  8D4580              LEA     EAX,[EBP-80]
0177:00403732  50                  PUSH    EAX
0177:00403733  E8407C0000          CALL    0040B378                <-- calculating serial no.
0177:00403738  83C404              ADD     ESP,04
0177:0040373B  3BC6                CMP     EAX,ESI                 <-- comparing serial numbers.
0177:0040373D  7509                JNZ     00403748                <-- jump good/bad serial
0177:0040373F  385D80              CMP     [EBP-80],BL
0177:00403742  7404                JZ      00403748

Hit F10, until you get to "CMP EAX,ESI" line. Enter "? esi" - your serial. Enter "? eax" - right serial ?

:? esi
075BCD0C  0123456780  "? Ö         <-- s/n entered by me
:? eax
041EB42C  0069121068  "?d,"       <-- my right code

Write code on piece of paper, delete breakpoints ("bc *") and in appropiate field type your s/n - the "OK" button is enabled. Click on it - say to your mother, that you saved 10$!

Epilogue :)

If you still want to use WinAmp - pay for it. (I suggest choosing another MP3 player - this isn't the best)

(c) by: noname
Contact to me:76381@polbox.com
http://www.crackpl.site.pl

[*] http://www.winamp.com/
[**] You'll find it somewhere in http://home.cracking.ml.org/