

                     L                ZZZZZZ         RRRRR           SSSSS
                     L                    Z          R    R         S
                     L          aaa      Z      aaa  R    R  u   u  S
                     L            a     Z         a  RRRRR   u   u  SSSSS
               XX    L         aaaa    Z       aaaa  R    R  u   u       S
              XXXX   L        a   a   Z       a   a  R    R  u   u       S
             XXXXXX  LLLLLLL  aaaaa  ZZZZZZZ  aaaaa  R    R  uuuuu  SSSSSS
             XXXXXX       
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
       XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
             XXXXXX
             XXXXXX
              XXXX        proudly presents his 25.Cracking Tutorial (09.07.1999)
               XX      A quick and easy explanation why hmemcpy can fail *sometimes*

I.    Introduction
II.   The essay
III.  BTW
IV.   All Tutorials by LaZaRuS

I.   You surely know this, too. You enter a serial and a name, set a breakpoint on hmemcpy and
     push the "Register" button. You expect SICE to break, but nothing happens. Damn, how are
     the programmers able to get rid of the hmemcpy function???

II.  The essay
     It can be pretty easy. I will explain it in the syntax of a C++ Builder program. Delphi is
     nearly the same. As you might know there are two "important" events that can be used to
     get the serial of a edit field: When you have a button, then the OnClick event should be
     the one where our name and serial is read. When there's no (or a disabled) button - like 
     in WinAmp - and the serial is checked directly when you enter it the OnChange event of the
     edit field will do the job. Now there's an easy way to fool a cracker. Create two edit
     fields and a button. Store the name and the serial in  a variable when the OnChange event
     is taken, and calculate the serial from these variables, when the OnClick event is taken.
     
     Example source (I defined two global variables - name and ser above):

     void __fastcall TForm1::Edit1Change(TObject *Sender) // when the value of any of the edit
     {                                           // fields is changed, this code will be executed
       name=Edit1->Text; // save the name in name
       ser=Edit2->Text;  // save the serial in serial
     }
     //---------------------------------------------------------------------------
     void __fastcall TForm1::Button1Click(TObject *Sender)
     {
     if (name.Length()>3) // if length of name > 3 
     {
       int serial=0; // initialize serial;
       serial += name[1]; // add ASCII(first char) to serial
       serial += name[2]; // add ASCII(second char) to serial
       serial += name[3]; // add ASCII(third char) to serial
       serial *= serial;  // serial = serial * serial
       if (ser==serial) YouDidIt(); // if serial = the serial you entered, then "Good guy"
     }
     }
     
     eof
     
     I know what you'll say. SICE *will* break at hmemcpy inside the OnChange event. Perfectly
     right, but as you might have experienced. SICE will *always* break when you enter something
     to a edit field whether a OnChange event is defined, or not. And it won't break twice in
     the above source. So you will think: "Ah, the standard when-I-enter-something-hmemcpy-break"
     when you enter something. But that's obviously not true. In this section of the code, the
     text from the edit fields will be put to a variable, so it has not to be done at the OnClick
     event. This will disable hmemcpy in the OnClick event, as there are only calculations with
     values we have already loaded into the RAM. All the other standard breakpoints 
     (GetWindowTextA, GetDlgItemTextA...) will be disabled in this way, too :)
 
III. BTW
     
     Greets to: tKC, Ed!son, Moral Insanity, +Sandman, Fravia+ and everyone at #cracking4newbies,
     +Sandman's forum and Fravia+'s forum.

IV.  All tutorials by LaZaRuS
      
Since 4th of July I made 19034 left clicks, 739 right clicks, 3016 double clicks and 135526
key strokes. In this time my mouse moved 455,019 meters over the screen.
(reported by ToggleMouse; cracked by myself - of course ;)