Capeze.exe – That Was Easy

Scouring the Internet for reverse engineering tutorials for beginners that are both high quality, and use available targets can be a daunting task.  Its for this reason that when I found a tutorial that used CaptureEze97 I jumped at the opportunity to learn some new tricks in my reverse engineering journey.

For whatever reason, after spending a good thirty minutes to locate the target capeze.exe, I lost the tutorial’s link and found myself with a target and no guidance.  As I wasn’t about to let 30 minutes of my life go to waste, I opened up CaptureEze and attempted to register it.  Unfortunately for me, the makers of the software don’t have the best sense of humor and my request was denied. LOLCODE

Who doesn’t appreciate a good LOLCODE?  I asked myself, as it became clear that it was time to bring out the big guns.  I opened up SoftIce and set a breakpoint on GetWindowTextA, because I expected that api call was going to be called right before my information was going to be compared to the valid registration code.

After stepping back and forth between softice and the caller a few times, I finally reached the entrance to the promised land My input

If you remember from not too long ago, “world” is what I inputed for my company name, and it(or the address to it, I’m not quite sure on that yet) is being pushed in the stack at 00573FAD.  Only a few instructions further down, we find our LOLCODE LOLCODE in Memory

LEA(Load Effective Address) is an instruction that loads the address given on the right into the register given on the left.  In this case it seems the address to LOLCODE is being put into EAX, perhaps in preparation for the comparison to the valid registration code.  Just one instruction down we can see that our suspicions are correct, as we find that a long string of digits is being placed into ECX .

Continuing execution leads us to the expected place, and we can see the string telling us that we have entered an incorrect key loaded in memory. Capeze Incorrect Code

It all seemed to be going well, but you just never know until you test it, so I inputed the key I found before and the expected “thank you” screen poped upThank you for purchasing

All in all it seems reverse engineering unprotected binaries isn’t all that hard.  I will be focusing now on more complicated protection schemes as I attempt to expand my skills and level up.

Thats it for now!

Leave a Reply

Your email address will not be published. Required fields are marked *