View Full Version : Concept of reversing a dialog-free, serial protection with greyed out OK button?

January 19th, 2013, 07:06
I'm trying to reverse a software program that relies on an external program which is solely for licensing the first program. I realize there is probably a way to change JMP's around in the first program to make it think that the second program is verified from the get go, but I'm trying to do it the way where I create valid serials so it looks legit if someone looks over my shoulder.

The problem is that there are no "this is the wrong renew code" dialogs (or any pop ups or feedback to search for in a disassembler at all) when you input the renew code to test it, the OK button is simply greyed out until you get the right renew code - and I don't have a correct renew code to make the OK button not grey out and test things. There must be some routine in the assembly instructions that automatically checks when you input a full renew code against a certain math operation that uses the Session code, Serial Number, or both somehow, but I don't know how to go about locating this set of instructions in a disassembler, or how to figure out a correct renew code once I locate it. Can anyone give some pointers?


January 20th, 2013, 05:34
you could try to breakpoint certain win32 apis such as


If you`re out of luck, the developer saw that one coming and decided to send messages manually.
In that case you will have to find the message loop of the dialog and go from there.
You can identify the message loop by monitoring RegisterClass() or by creating some action in the dialog, then examining the call stack.

January 21st, 2013, 07:25
there are lots of areas to try
find some window spying utils (like spyxx from old vc6) and trap the messages sent
use procman and view call stacks of threads and isolate the message loop
set random bps on all system calls and set conditions on breaks
use the windows window in ollydbg to set message breakpoints

and so on and so forth

January 21st, 2013, 10:34
First, you should try this:


(Hey, look on the LEFT hand side at the menu too, if you want depth!)

Breakpoint on BN_DISABLE and take it from there.

Let us know how it goes.

Have Phun