------------------------------------------
How to make a keygen for E-Forms EZ Wizard
------------------------------------------

Cracker: stealthFIGHTER

Target: E-Forms EZ Wizard v2.0

Tools:  Soft-Ice
        Delphi
        Brain

Where: http://http://www.azwebpages.com/e-forms/

Protection: Name/serial

--------------------------------------------------
Sorry for my English, it's not my mother language.
--------------------------------------------------

----------------
===[ Step 1 ]===
----------------

=======================================================================
Run E-Forms and go to registration window >> Fill input boxes and push
check button >> ..bad serial.. >> Go to Soft-Ice and create a breakpoint
using hmemcpy >> go back and push check button again >> Soft-Ice breaks
two times, because we have 2 input boxes (name and serial) >> In Soft-Ice
press F5 and F11, then F12 about 11 times until you are in the E-Forms
code >> Now keep tracing until you are here:
=======================================================================

:0045C33D E8CE8CFFFF              call 00455010   ;Main calculation routine
:0045C342 84C0                    test al, al
:0045C344 7455                    je 0045C39B     ;If serial=bad then jump

=======================================================================
Now enter the call 00455010 with F8 key and then trace until you came here:
=======================================================================

:0045514C call 00403B58                 ;Get length of the name
:00455151 imul eax, 00000521            ;Mulitply it with (EAX=EAX*1313) 
:00455157 add eax, 0003790A             ;EAX=EAX + 227594
:0045515C push eax
:0045515D mov eax, dword ptr [edi+5C]
:00455160 call 00403B58                 ;EAX=length of the name
:00455165 mov ecx, 00000003             ;ECX=3
:0045516A cdq                           ;ECX=3, EDX=0
:0045516B idiv ecx                      ;EAX=EAX div ECX, EDX=EAX mod ECX
:0045516D imul eax, edx, 0000A179       ;EAX=EDX * 41337
:00455173 pop edx
:00455174 add edx, eax                  ;EDX=EDX + EAX
:00455176 imul eax, esi, 00001BDE       ;EAX=[2nd char of name] * 7134
:0045517C add edx, eax                  ;EDX=EDX + EAX
:0045517E imul eax, dword ptr [ebp-04], 23E3   ;EAX=[3rd char] * 9187
:00455185 add edx, eax                         ;EDX=EDX + EAX
:00455187 imul eax, dword ptr [ebp-08], 2B25   ;EAX=[4th char] * 11045
:0045518E add edx, eax                  ;EDX=EDX + EAX
:00455190 mov esi, edx
:00455192 cmp esi, ebx                  ;Compare our serials
:00455194 jne 004551A7                  ;If bad then jump

=======================================================================
At line 'cmp esi, ebx' type '? esi' - right serial and '? ebx' - fake
serial. If you ask where I get these numbers (1313, 227594,..) they are
decimal values of these numbers (521, 3790A,...)
=======================================================================

--------------------------
===[ Source of keygen ]===
--------------------------

=======================================================================
Procedure TForm1.Keygen;
Var temp, serial : LongInt;
    temp1 : byte;
    temp2, temp3, temp4, temp5 : Integer;
begin
if length(Edit1.Text) <> 0 then
 begin
  temp := length(Edit1.Text) * 1313;     ;EAX=EAX*1313
  temp := temp + 227594;                 ;EAX=EAX + 227594
  temp1 := length(Edit1.Text) mod 3;     ;EDX=EAX mod ECX
  temp2 := temp1 * 41337;                ;EAX=EDX * 41337
  temp3 := Ord(Edit1.text[2]) * 7134;    ;EAX=[2nd char of name] * 7134
  temp4 := Ord(Edit1.text[3]) * 9187;    ;EAX=[3rd char] * 9187
  temp5 := Ord(Edit1.Text[4]) * 11045;   ;EAX=[4th char] * 11045
  serial := temp + temp2 + temp3 + temp4 + temp5;	;Result
  Edit2.Text := IntToStr(serial);
 end;
end;
=======================================================================
Any comments or mistakes are welcome at: stealthfighter@another.com
=======================================================================