Re: Project 6; Task3 question 1,2 (ANY COMMENTS SANDMAN?) Monday, 08-Feb-99 07:10:22
Task 3 question 1 - Understanding The Serial Routine.. ======================================================= :0040B73A call 0040CCC0 Call to our serial compare routine.. :0040B73F add esp, 00000008 Add 8 bytes (2 dwords) to stack pointer, this instruction "destroys" our real and fake serial number from stack? :0040B742 test eax, eax Logical non desctructive and .. set flags... 1 and 1 = 1, 0 and 1 = 0, 0 and 0 =0 in case we have 1 in eax -> 1 (no zero flag set) and 0 in eax -> zero flag.. :0040B744 jne 0040B9BC jne means same as jnz (jump not zero)... in other words.. if function call returns 0 in eax -> thank for registering.., (no jump) other number -> jump to sorry.. nag box ;) function returns numbers to eax: FFFFFFFF = not valid serial number (-1) (signed long) 0 = valid serial number Task 3 question 2 - Understanding The Serial Routine.. ====================================================== This part was very hard.. because I am not assembler whiz ;) Comments and code looks very messy.. :0040B735 FF75E8 push [ebp-18] ; push pointer to our valid serial :0040B738 FF31 push dword ptr [ecx] ; push pointer to fake serial (Here we can fish our valid serial for Pirate Copy Serial: Arg02 = (LPSTR)"D06E1DA1260D6605" <- valid serial Name: Pirate Copy SN: D06E1DA1260D6605 ) translated to c: signed long check_is_serial_valid(char *fake, char *valid) (c-calling condition push valid push fake call.. eax=result (signed) ) :0040B73A E881150000 call 0040CCC0 --- call to our check serial routine: :0040CCC0 83EC04 sub esp, 00000004 ; sub dword from stackpointer.. why? :0040CCC3 833D24F1420000 cmp dword ptr [0042F124], 00000000 ; compare 00000000 to dword at address [0042f124] ; this set flags :0040CCCA 53 push ebx :0040CCCB 56 push esi ; push ebx and esi to stack :0040CCCC 7537 jne 0040CD05 ; if our comparation is not equal.. -> jump 1 :0040CCCE 8B4C2410 mov ecx, dword ptr [esp+10] :0040CCD2 8B542414 mov edx, dword ptr [esp+14] ; load fake and real serials to ecx,edx :0040CCD6 8A01 mov al, byte ptr [ecx] ; move byte from address at ecx to al :0040CCD8 3A02 cmp al, byte ptr [edx] ; compare byte from address edx to al :0040CCDA 751E jne 0040CCFA ; jump if not equal -> jump 2 :0040CCDC 0AC0 or al, al ; test if al is zero :0040CCDE 7412 je 0040CCF2 ; jump if al is zero -> jump3 :0040CCE0 8A4101 mov al, byte ptr [ecx+01] ; move next byte from [ecx+01] to al :0040CCE3 3A4201 cmp al, byte ptr [edx+01] ; compare again.. :0040CCE6 7512 jne 0040CCFA ; jump if al not equal to byte.. -> jump 2 :0040CCE8 83C102 add ecx, 00000002 ; add ecx,2 :0040CCEB 83C202 add edx, 00000002 ; add edx,2 :0040CCEE 0AC0 or al, al ; test if al is zero :0040CCF0 75E4 jne 0040CCD6 ; jump if not zero -> jump 5 :0040CCF2 33C0 xor eax, eax ; zero eax (valid serial..) :0040CCF4 5E pop esi ; restore esi :0040CCF5 5B pop ebx ; restore ebx :0040CCF6 83C404 add esp, 00000004 ; add stackpointer to 4 bytes :0040CCF9 C3 ret ; return from function jump1: --------------- :0040CD05 6A19 push 00000019 ; push 19 to stack :0040CD07 E804200000 call 0040ED10 ; call :0040CD0C 8B4C2414 mov ecx, dword ptr [esp+14] ; mov [esp+14] to ecx :0040CD10 8B542418 mov edx, dword ptr [esp+18] ; mov [esp+18] to edx :0040CD14 83C404 add esp, 00000004 ; add 4 bytes to stackpointer.. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040CD89(C) | :0040CD17 41 inc ecx ; +1 to ecx :0040CD18 33C0 xor eax, eax ; zero eax :0040CD1A 660FB659FF movzx bx, byte ptr [ecx-01] ; moves something ??? to bx :0040CD1F 8AC3 mov al, bl ; bl -> al :0040CD21 F68021F0420004 test byte ptr [eax+0042F021], 04 ; test [eax+..], 04 - ?? :0040CD28 7417 je 0040CD41 ; jump if equal.. :0040CD2A 8A01 mov al, byte ptr [ecx] ; [ecx] -> al :0040CD2C 84C0 test al, al ; test if al zero :0040CD2E 7505 jne 0040CD35 ; jump not zero... :0040CD30 6633DB xor bx, bx ; zero bx :0040CD33 EB0C jmp 0040CD41 ; jmp to ... jump2: :0040CCFA 1BC0 sbb eax, eax ; sbb?? :0040CCFC 5E pop esi ; restore esi :0040CCFD 83D8FF sbb eax, FFFFFFFF ; sbb?? :0040CD00 5B pop ebx ; restore ebx :0040CD01 83C404 add esp, 00000004 ; add dword to stackpointer :0040CD04 C3 ret ; return jump 5 |:0040CCF0(C) | :0040CCD6 8A01 mov al, byte ptr [ecx] ; [ecx] -> al :0040CCD8 3A02 cmp al, byte ptr [edx] ; compare.. :0040CCDA 751E jne 0040CCFA ; not equal jump to jump 2 :0040CCDC 0AC0 or al, al ; check if zero :0040CCDE 7412 je 0040CCF2 ; zero :0040CCE0 8A4101 mov al, byte ptr [ecx+01] :0040CCE3 3A4201 cmp al, byte ptr [edx+01] :0040CCE6 7512 jne 0040CCFA ; not equall.. jump to 2 :0040CCE8 83C102 add ecx, 00000002 :0040CCEB 83C202 add edx, 00000002 :0040CCEE 0AC0 or al, al :0040CCF0 75E4 jne 0040CCD6 ; al is not zero.. jump to jump 5 jump 3: * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040CCDE(C) | :0040CCF2 33C0 xor eax, eax :0040CCF4 5E pop esi :0040CCF5 5B pop ebx :0040CCF6 83C404 add esp, 00000004 :0040CCF9 C3 ret ; this it clear.. zero eax,eax.. return... etc ;) Let's analyse it a bit: First comparation: if [0042F124] it not zero jump1.. compare byte if not equal jump2 jump3 if eax = 0 compare next byte if not equal jump2 add ecx,edx +2 test if al = zero jump not zero jump 5 zero eax (valid serial) return :jump1 call some function? remove reg info from reg? load values ecx,edx ecx +1 zero eax movswz.. some mystic string opcode test if eax is 04 byte set? something missing ;) :jump2 eax -> -1 (FFFFFFF) return :jump3 eax = 0 (valid serial) return :jump5 compare bytes if not equal jump to jump2 else valid serial Task 3 - question 3. ===================== Not found.. not clear.. Shadow |
Shadow: Project 6; General (03-Feb-99 05:42:39) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.