Task 3 Sandman Can you give me a couple pointers Sunday, 07-Feb-99 10:46:20
Hello Sandman, I am having a few problems with Question 3 and part in question 1, can you lend a tiny little hand (ha ha). Task 3 - Understanding The Serial Routine.. Question 1. Explain as best you can, what the above code fragment does. Comment all four lines. I'm looking for your comments that:- :0040B73A call 0040CCC0 ;<- This call compares our fake code with the ; real regcode if it matches it sets the eax ; register to zero, if not it remains with 1 :0040B73F add esp, 00000008 ; <- I am not to sure about this, but I think it ; points to something pushed unto the stack. :0040B742 test eax, eax ; <- This test the eax register to see if it ; contains 1 or 0. 1 is bad cracker 0 good cracker :0040B744 jne 0040B9BC ; <- bad cracker jump if eax contains 1. a. Show what values of importance are returned in the PC's internal registers after the CALL 0040CCC0 has been executed. EAX contains 1 if registration fails or 0 if it succeeds. ECX contains fake regcode. EDX contains real serial number. b. What is the reason for the ADD ESP, 00000008 instruction? BTW, register ESP is a STACK Register. c. The instruction TEST EAX,EAX is checking the eax register for two possible values, what are they and what do they signify? 1 for registration failed or 0 for registration succeeded. d. Where does the instruction JNE 0040B9BC take us to? This jump takes us to the code that tells us our registration failed. 0040B9BC push 0000EF3C 0040B9C1 lea ecx, [ebp-18] 0040B9C4 call 0041FF9F Question 2. Explain how this program compares our *fake* serial number against the *real* one. (hint, check the code between :0040CCC0 to :0040CCF9 ) 0040CCCE mov ecx, [esp+10] ;<- fake ergcode loaded in ecx 0040CCD2 mov edx, [esp+14] ;<- real regcode loaded in edx 0040CCD6 mov al, [ecx] ;<- first character in fake regcode ;<- loaded in al 0040CCD8 cmp al, [edx] ;<- first character in fake regcode ; compared to first character in real ; regcode. 0040CCDA jnz 0040CCFA ;<- jumps if characters don't match, ; skipping the xor instruction which ; sets eax to zero, thus failing ; registration. Looking at the above code we see that the registration routine compares our fake regocde one character at a time with the real regcode. If a character does not match the the jump is taken. If all character matches the jump is not taken and the xor eax, eax instruction at the end of the call is executed and setting the eax register to 0 thus successfully passing the registration routine. Question 3. Explain how our User Name: Pirate Copy is converted into a 16 character hex code. So far no luck here. I keep breaking in this piece of code but can't figure out what is happening here. 004093B2 movzx eax, dl 004093B5 cmp esi, eax 004093B7 jle 004093CB 004093B9 xor ebx, ebx 004093BB mov al, [eax+ecx] 004093BE mov bl, dl 004093C0 inc dl 004093C2 and ebx, 07 004093C5 xor [ebx+ebp-4a], al 004093C9 jmp 004093B2 Is this the right routine or am I lost. Sandman please help me. Punisher |
Punisher: My First Look (03-Feb-99 15:15:03) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.