Cracking Projects For Newbies

Re: Re: Re: Re: Project6 - Task3:repost Final
Sunday, 07-Feb-99 17:54:12
    203.57.68.10 writes:

    Ok sorted it would appear that the less than symbol which i was using has some special format meaning on this message board. This time it should be ok.


    Project 6
    Task:3

    File:Memory 95
    Date:7/2/99



    Task 3....
    My thoughts
    ??*!#$*% !!!!!! **** ??????#$%^&&..........deep breath

    one step at a time....

    I prefer to use W32dasm for this bit perhaps cause SoftIce is still a little to daunting for me. So with my breakpoint and local function details enabled.

    0040B73A call 0040ccc0

    The call would seem to be some kind of string compare.
    Passing my ser# and the Realser# on the stack to the local function and returning the result in AX
    On return ECX contains the Dword in my ser# at which comparison failed.EDX contains the equivalant Dword in the Realser#.
    Both contain nothing if the comparison was successful.
    AX contains contains '00000000' if the comparison was successful.'FFFFFFFF' if unsuccessful.


    0040B73F add esp,00000008

    Please could someone explain BTW to me in Sandmans Q1.b
    The purpose of this is a little vague to me at this momment. The instruction obviously moves the stack pointer up two Dwords posistioning it just below the two ser#'s at the value 00000111. Prehaps this will become clearer when I look more closely at the function.

    (Q3)

    0040B742 test eax,eax

    This tests the value in EAX for a value. If not found '00000000' then the zero flag is set to '1'. Otherwise the zero flag is '0'

    0040B73A jne 0040B9BC

    A jne instruction check the zero flag and jumps if it's value is '0'. So in this case it is checking the results of the comparison function.
    This jump takes us to the 'Sorry registration codes do not match.............' string

    Question 2:

    :0040CCC0 to :0040CCCC :::not sure thnk it's just setting the stack up
    :0040CCCE mov ecx, dword ptr [esp+10] :::moves the two ser#'s into ecx and edx
    :0040CCD2 mov edx, dword ptr [esp+14] :::from the stack

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040CCF0(C) ::: a loop
    |
    :0040CCD6 mov al, byte ptr [ecx] :::moves first char of myser# into AL
    :0040CCD8 cmp al, byte ptr [edx] :::compares it with the 1st char of Realser#
    :0040CCDA jne 0040CCFA :::jumps if not =
    :0040CCDC or al, al :::checks there is a char in AL (not end of string)
    :0040CCDE je 0040CCF2 :::if eostring jumps
    :0040CCE0 mov al, byte ptr [ecx+01] :::move next char myser# into AL
    :0040CCE3 cmp al, byte ptr [edx+01] :::compare with next char Realser#
    :0040CCE6 jne 0040CCFA :::jump if not=
    :0040CCE8 add ecx, 00000002 :::have now compared 1st two chars, move string
    :0040CCEBadd edx, 00000002 :::pointers up two
    :0040CCEE or al, al :::check not end of string
    :0040CCF0 jne 0040CCD6 :::restart loop

    Please Help:: As I mentioned at the start of this project I am just now learning assembler. Could someone please tell me Are lines 0040ccdc >0040cce6 not redundant code, would it not be better to omit these lines and just add 00000001 to ECX & EDX in 40cce8 & EB?????


    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:0040CCDE(C) :::end of string function
    |
    ue in EAX (:0040CCF2 xor eax, eax :::clears any valAH & AL)
    :0040CCF4 pop esi :::??????????
    :0040CCF5 pop ebx :::??????????
    :0040CCF6add esp, 00000004 :::reset the stack to calling line 40b73a
    :0040CCF9 ret :::return


    * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
    |:0040CCDA(C), :0040CCE6(C) :::don't match function
    |
    :0040CCFA sbb eax, eax :::subtracts AH from AH
    :0040CCFC pop esi :::?????????
    :0040CCFD sbb eax, FFFFFFFF :::sutract -1 from eax
    :0040CD00 pop ebx :::???????
    :0040CD01 add esp, 00000004 :::reset the stack to calling line 40b73a
    :0040CD04 ret :::return

    Please Help: I know what this function is doing in principal, ie moving -1 into EAX but I do not really understand the relevance of the individual instructions. I have included my best guess, but if any one has the time to explain to me I would be grateful. (especially the relevance of ESI and EBX)



    Question 3:


    Phew panic!!!

    I'll take a stab at it

    Still using W32dasm I set bkpts on all GetWindowTextA occurrances.
    Run till API returns 'Pirate copy'
    Step.

    0041c0ee push ESI

    No! I don't even know where to start here, take a break try again later.







    ShADe


Message thread:

ShADe: Project6 - Task1 (04-Feb-99 02:13:20)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.