How To Generate Valid Serials For Hex Workshop 2.52 (c) 1998 Dynamite For this tutorial, you will need SoftICE 3.0+ and Hex Workshop 2.52 (www.bpsoft.com). When we start Hex Workshop and enter a serial, we notice, that there is a long break, until it shows the Wrong_Serial_Message. So let's set a BPX on KERNEL32!Sleep. When SoftICE poped up, just press F11. Now scroll up in the Codewindow, until you reach the following code. * Possible StringData Ref from Data Obj ->"JN11mARQ" | :0041EDC1 6844354800 push 00483544 ; PUSH "JN11mARQ" :0041EDC6 8D45DC lea eax, [ebp+DC] ; Load input in EAX :0041EDC9 50 push eax ; PUSH input :0041EDCA E851F80100 call 0043E620 ; CALL Reg_Check Mhm? The "JN11mARQ" looks like an valid serial, which is compared with our input serial. Let's check this. Leave SoftICE and enter in the registration window "JN11mARQ". Shit! Doesn't work! So go back to :0041EDC1 and step into the CALL to 0043E620. :0043E620 55 push ebp :0043E621 8BEC mov ebp, esp :0043E623 57 push edi :0043E624 56 push esi :0043E625 53 push ebx :0043E626 8B750C mov esi, [ebp+0C] :0043E629 8B7D08 mov edi, [ebp+08] :0043E62C 8D0578784800 lea eax, [00487878] ; Load Input to EAX :0043E632 83780800 cmp [eax+08], 00000000 :0043E636 753B jne 0043E673 :0043E638 B0FF mov al, FF ; AL = FF :0043E63A 8BC0 mov eax, eax :0043E63C 0AC0 or al , al :0043E63E 742E je 0043E66E ; JMP Exit_Procedure :0043E640 8A06 mov al , [esi] ; Move char of key to AL :0043E642 46 inc esi ; Increase pointer to key :0043E643 8A27 mov ah, [edi] ; Move char of Input to AH :0043E645 47 inc edi ; Increase pointer to input :0043E646 38C4 cmp ah, al ; Compare char of the key with the char of the input :0043E648 74F2 je 0043E63C ; Loop, if they match :0043E64A 2C41 sub al, 41 ; \ :0043E64C 3C1A cmp al, 1A ; \ :0043E64E 1AC9 sbb cl , cl ; \ :0043E650 80E120 and cl, 20 ; \ :0043E653 02C1 add al , cl ; \ :0043E655 0441 add al, 41 ; | Some calculations are done :0043E657 86E0 xchg al , ah ; | :0043E659 2C41 sub al, 41 ; / :0043E65B 3C1A cmp al, 1A ; / :0043E65D 1AC9 sbb cl , cl ; / :0043E65F 80E120 and cl, 20 ; / :0043E662 02C1 add al , cl ; / :0043E664 0441 add al, 41 ; / :0043E666 38E0 cmp al , ah ; Compare char of the key with the char of the input :0043E668 74D2 je 0043E63C ; Loop, if they match Now you saw the main part of the procedure, that compares the string "JN11mARQ" with our input string. Mhm? Let's think a minute. If the entered string is exactly the same string as "JN11mARQ", it shows the Error_Screen. But if only one char in the enterd string, is not the same, it will jump to the code, that manipulates the strings a little bit. So try to modify the entered string a little bit. Just enter "JN11NARQ". Yes! It worked! It seems to be, that the first 4 chars have to be "JN11", the 5. char can be anything, except for number, and the last 3 chars can be anything you want. Hexworkshop is good for trying many serials, because you can unregister it very easy. You just have to delete HEXWORKS.REG. Now you can try some serials like "JN11+HCU" or "JN11HACK". A very primitive way to generate SNs, isn't it? That was it. I hope you enjoyed this short essay. I will thank +ORC for his wonderful tutorial, all +HCUkers for the good essays and fravia+ for managing this cool site :) (c) 1998 Dynamite