Cracking Projects For Newbies

Re: Re: Project6 - Task3:repost
Sunday, 07-Feb-99 17:40:15
    203.57.68.10 writes:

    repost: Princess thanks hope this is ok like you
    it's a little difficult to tell in this small window

    Project 6
    Task:3

    File:Memory 95
    Date:7/2/99



    Task 3....
    My thoughts
    ??*!#$*% !!!!!! **** ??????#$%^&&..........deep breath

    one step at a time....

    I prefer to use W32dasm for this bit perhaps cause SoftIce is still a little to daunting for me. So with my breakpoint and local function details enabled.

    0040B73A call 0040ccc0

    The call would seem to be some kind of string compare.
    Passing my ser# and the Realser# on the stack to the local function and returning the result in AX
    On return ECX contains the Dword in my ser# at which comparison failed.EDX contains the equivalant Dword in the Realser#.
    Both contain nothing if the comparison was successful.
    AX contains contains '00000000' if the comparison was successful.'FFFFFFFF' if unsuccessful.


    0040B73F add esp,00000008

    Please could someone explain BTW to me in Sandmans Q1.b
    The purpose of this is a little vague to me at this momment. The instruction obviously moves the stack pointer up two Dwords posistioning it just below the two ser#'s at the value 00000111. Prehaps this will become clearer when I look more closely at the function. (Q3)

    0040B742 test eax,eax

    This tests the value in EAX for a value. If not found '00000000' then the zero flag is set to '1'. Otherwise the zero flag is '0'

    0040B73A jne 0040B9BC

    A jne instruction check the zero flag and jumps if it's value is '0'. So in this case it is checking the results of the comparison function.
    This jump takes us to the 'Sorry registration codes do not match.............' string

    Question 2:

    :0040CCC0>>>> :0040CCCC <<:0040CCCE mov ecx, dword ptr [esp+10] <<:0040CCD2 mov edx, dword ptr [esp+14] <<
    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040CCF0(C) <<< a loop
    |
    :0040CCD6 mov al, byte ptr [ecx] <<:0040CCD8 cmp al, byte ptr [edx] <<:0040CCDA jne 0040CCFA <<:0040CCDC or al, al <<:0040CCDE je 0040CCF2 <<:0040CCE0 mov al, byte ptr [ecx+01] <<:0040CCE3 cmp al, byte ptr [edx+01] <<:0040CCE6 jne 0040CCFA <<:0040CCE8 add ecx, 00000002 <<:0040CCEBadd edx, 00000002 <<:0040CCEE or al, al <<:0040CCF0 jne 0040CCD6 <<
    Please Help:: As I mentioned at the start of this project I am just now learning assembler. Could someone please tell me:
    Are lines 0040ccdc >0040cce6 not redundant code, would it not be better to omit these lines and just add 00000001 to ECX & EDX in 40cce8 & EB?????


    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040CCDE(C) <<|
    :0040CCF2 xor eax, eax <<:0040CCF4 pop esi <<:0040CCF5 pop ebx <<:0040CCF6add esp, 00000004 <<:0040CCF9 ret <<

    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:0040CCDA(C), :0040CCE6(C) <<|
    :0040CCFA sbb eax, eax <<:0040CCFC pop esi <<:0040CCFD sbb eax, FFFFFFFF <<:0040CD00 pop ebx <<:0040CD01 add esp, 00000004 <<:0040CD04 ret <<
    Please Help: I know what this function is doing in principal, ie moving -1 into EAX but I do not really understand the relevance of the individual instructions. I have included my best guess, but if any one has the time to explain to me I would be grateful. (especially the relevance of ESI and EBX)



    Question 3:


    Phew panic!!!

    I'll take a stab at it

    Still using W32dasm I set bkpts on all GetWindowTextA occurrances.
    Run till API returns 'Pirate copy'
    Step.

    0041c0ee push ESI

    No! I don't even know where to start here, take a break try again later.







    ShADe


Message thread:

ShADe: Project6 - Task1 (04-Feb-99 02:13:20)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.