Posted by Bonkers on 1/21/2000, 10:36 pm
, in reply to "Bonkers - Task III Unveiled"
216.41.31.116
Here it is, the second half:
III.2
URL is posted at the end for this program.
III.2a
Here comes a big long deadlisting from IDA of the IsAppRegged function with lots of renamings:
.text:00446A74 IsAppRegged proc near ; CODE XREF: sub_0_44675C+18p
.text:00446A74 ; .text:00446E54p ...
.text:00446A74
.text:00446A74 GoodKey = byte ptr -160h
.text:00446A74 CompanyTable = byte ptr -110h
.text:00446A74 NameTable = byte ptr -100h
.text:00446A74 Key = byte ptr -0F0h
.text:00446A74 Company = byte ptr -0A0h
.text:00446A74 Name = byte ptr -50h
.text:00446A74
.text:00446A74 push ebp
.text:00446A75 mov ebp, esp
.text:00446A77 add esp, 0FFFFFEA0h
.text:00446A7D push ebx
.text:00446A7E push esi
.text:00446A7F push edi
.text:00446A80 mov esi, offset NameTable
.text:00446A85 lea edi, [ebp+NameTable]
.text:00446A8B mov ecx, 4
.text:00446A90 repe movsd ;Load NameTable onto stack
.text:00446A92 mov esi, offset CompanyTable
.text:00446A97 lea edi, [ebp+CompanyTable]
.text:00446A9D mov ecx, 4
.text:00446AA2 repe movsd ;Load CompanyTable onto stack
.text:00446AA4 xor esi, esi
.text:00446AA6 push 50h
.text:00446AA8 push offset unk_0_499F7A
.text:00446AAD lea eax, [ebp+Name]
.text:00446AB0 push eax
.text:00446AB1 push offset aName_1 ; "Name"
.text:00446AB6 push offset aRegisterinfo_4 ; "RegisterInfo"
.text:00446ABB mov edx, dword_0_4A8BE6
.text:00446AC1 push edx
.text:00446AC2 call GetRegistryKey ;Get Name from registry where it was previously put
.text:00446AC7 add esp, 18h
.text:00446ACA lea ecx, [ebp+Company]
.text:00446AD0 mov eax, dword_0_4A8BE6
.text:00446AD5 push 50h
.text:00446AD7 push offset unk_0_499F90
.text:00446ADC push ecx
.text:00446ADD push offset aCompany_1 ; "Company"
.text:00446AE2 push offset aRegisterinfo_5 ; "RegisterInfo"
.text:00446AE7 push eax
.text:00446AE8 call GetRegistryKey ;Get Company from registry where it was previously put
.text:00446AED add esp, 18h
.text:00446AF0 lea edx, [ebp+Key]
.text:00446AF6 mov ecx, dword_0_4A8BE6
.text:00446AFC push 50h
.text:00446AFE push offset unk_0_499FA2
.text:00446B03 push edx
.text:00446B04 push offset aKey_0 ; "Key"
.text:00446B09 push offset aRegisterinfo_6 ; "RegisterInfo"
.text:00446B0E push ecx
.text:00446B0F call GetRegistryKey Get Key from registry where it was previously put
.text:00446B14 add esp, 18h
.text:00446B17 mov ebx, 1
.text:00446B1C lea edi, [ebp+Name]
.text:00446B1F jmp short loc_0_446B37 Jump to start of Name multiplication by a table and addition to esi
.text:00446B21 ; -------------------------------------------------------------------
.text:00446B21
.text:00446B21 loc_0_446B21: ; CODE XREF: IsAppRegged+CFj
.text:00446B21 movsx eax, byte ptr [edi]
.text:00446B24 mov edx, ebx
.text:00446B26 and edx, 0Fh
.text:00446B29 movsx ecx, [ebp+edx+NameTable]
.text:00446B31 imul ecx
.text:00446B33 add esi, eax
.text:00446B35 inc ebx
.text:00446B36 inc edi
.text:00446B37
.text:00446B37 loc_0_446B37: ; CODE XREF: IsAppRegged+ABj
.text:00446B37 lea eax, [ebp+Name]
.text:00446B3A push eax
.text:00446B3B call _strlen
.text:00446B40 pop ecx
.text:00446B41 cmp ebx, eax
.text:00446B43 jbe short loc_0_446B21 Go to multiplication and addition section if ebx is <= strlen of Name
.text:00446B45 mov ebx, 1
.text:00446B4A lea edi, [ebp+Company]
.text:00446B50 jmp short loc_0_446B68 Jump to start of Company multiplication by a table and addition to esi
.text:00446B52 ; --------------------------------------------------------------------
.text:00446B52
.text:00446B52 loc_0_446B52: ; CODE XREF: IsAppRegged+103j
.text:00446B52 movsx eax, byte ptr [edi]
.text:00446B55 mov edx, ebx
.text:00446B57 and edx, 0Fh
.text:00446B5A movsx ecx, [ebp+edx+CompanyTable]
.text:00446B62 imul ecx
.text:00446B64 add esi, eax
.text:00446B66 inc ebx
.text:00446B67 inc edi
.text:00446B68
.text:00446B68 loc_0_446B68: ; CODE XREF: IsAppRegged+DCj
.text:00446B68 lea eax, [ebp+Company]
.text:00446B6E push eax
.text:00446B6F call _strlen
.text:00446B74 pop ecx
.text:00446B75 cmp ebx, eax
.text:00446B77 jbe short loc_0_446B52 Go to multiplication and addition section if ebx is <= strlen of Company
.text:00446B79 mov eax, esi
.text:00446B7B mov ecx, 186A0h
.text:00446B80 xor edx, edx
.text:00446B82 div ecx
.text:00446B84 push edx
.text:00446B85 push offset aAc200D ; "AC200-%d"
.text:00446B8A lea eax, [ebp+GoodKey]
.text:00446B90 push eax
.text:00446B91 call _sprintf Combine the number in edx(The remainder of the division) with AC200-
.text:00446B96 add esp, 0Ch
.text:00446B99 lea edx, [ebp+Key]
.text:00446B9F push edx
.text:00446BA0 lea ecx, [ebp+GoodKey]
.text:00446BA6 push ecx
.text:00446BA7 call j_lstrcmpA Compare the two strings the one you entered and the good one
.text:00446BAC test eax, eax
.text:00446BAE setz al al = 1 if good
.text:00446BB1 and eax, 1
.text:00446BB4 pop edi
.text:00446BB5 pop esi
.text:00446BB6 pop ebx
.text:00446BB7 mov esp, ebp
.text:00446BB9 pop ebp
.text:00446BBA retn
.text:00446BBA IsAppRegged endp
NameTable = 2A EB 0C BD 7C 7D 3D C5 C9 01 7C FA D4 68 A2 7D
CompanyTable = EA 14 2B 3F 57 9C F0 7C 0D 0E FF 02 36 4A 19 0E
These are the tables that are used for the mult/add routine. The two blocks at 446B21 and 446B52 are the same basically, except the first is for the Name and the second is for the Company. This is how it goes basically, take signed byte from Name, stick count on edx from ebx, and edx with 0xF so you never go over 0xF and this will never exceed the mult tables, take the nth byte from the Table where n is edx, and then multiply eax by ecx, and then just add eax to esi. edi and ebx are incremented at the end. This continues for each character of the Name and the Company each using their respective table, and ebx is reset back to 1 when it switches from Name to Company. The rest should be relativly easy to understand with my comments.Here is the link for my: MSVC++ 5.0 Source and Compiled Program
Note: This program is both Task III.1 and Task.2 all in one.