Finds the following code; MOV EAX,1 // Not important MOV DWORD PTR SS:[EBP+xxxxxxxx],EAX // Not important MOV DWORD PTR SS:[EBP+xxxxxxxx], {Variable_1) // EBP+xxxxxxxx holds the dword
(The EBP+xxxxxxxx in the third line of the found code is the location of the first is_registered dword)
{Variable_1} is a random value, which WL checks for to see if it's not registered, however the correct value is not 2 here, but also random. If {Variable_1} equals the stored value then WL accepts the program as unregistered.
2) 00 00 00 00 00 00 00 00 81 BD
Finds the following code; CMP DWORD PTR SS:[EBP+xxxxxxxx],{Variable_2) (EBP+xxxxxxxx is the location of the second is_registered dword)
{Variable_2) is in this case, the value the second is_registered dword needs to be. If the stored second is_registered dword equals {Variable_2) then WL accepts the program as registered. (If of course the first dword is also valid.)
Put a hardware breakpoint on execute on the found addresses and restart the app. Next when you stop on these instructions you can read the memory locations which they compare to or write to. These are the locations were WL stores the is_registered dwords.
