Jeffs Thread Wednesday, 10-Feb-99 17:36:20
:00403BE1 E865160000 call 0040524B First step into this call :00403BE6 85C0 test eax, eax :00403BE8 7545 jne 00403C2F :00403BEA 833D1079400000 cmp dword ptr [00407910], 00000000 :00403BF1 6880854000 push 00408580 takes you here: * Referenced by a CALL at Address: |:00403BE1 | :0040524B 83EC0C sub esp, 0000000C :0040524E 833D1079400000 cmp dword ptr [00407910], 00000000 :00405255 7445 je 0040529C <<---change to EB :00405257 8D442400 lea eax, dword ptr [esp] :0040525B 6A0C push 0000000C :0040525D 50 push eax :0040525E FF3504794000 push dword ptr [00407904] takes us here: :0040529C 33C0 xor eax, eax <<-lands here :0040529E 83C40C add esp, 0000000C :004052A1 C3 ret<<--returns to here: :00403BE1 E865160000 call 0040524B :00403BE6 85C0 test eax, eax :00403BE8 7545 jne 00403C2F << we know not equal... :00403BEA 833D1079400000 cmp dword ptr [00407910], 00000000 :00403BF1 6880854000 push 00408580 so change: :00403BE8 7545 jne 00403C2F <<--- to EB x to leave I get a error message : Zip damaged file...bad crc 0000000...should be 3368d07a file transfer error BUT the box just behind this error message shows: UnZipping File....... ?????????? I do realize that the purpose here is to find the real serial... and although there should always be more than one way to skin the cat I have been trying to find an area that will unzip this trial...so that I MIGHT THEN be in the area to find or recognize something being compared...as this area almost unzipped it before it produced an error...I will continue in this vien for a while at least. I had ealier changed a jump at: 00403Ba6 which allowed me to recieve the message: "0 files unzipped successfully" A little confusing language perhaps saying in effect that nothing happened??? Since there was no error message I will also play around more in this area; I have set many breakpoints that work well; one breakpoint that I have tried was the: 0emtochara and the charto0emA...thinking that it might be like the multibytetowidechar type entry.... bpx getKeystate took me somewhere confusing.... getdlgitemtextA works also... bpx lstrlenA; & lstrcmpa; & lstrcpy; all have not given me much info either. each area seems to produce my fake password but have yet to see any compare This is all for the moment... Jeff Jeff |
Jeffs Thread (Jeff) (10-Feb-99 17:36:20) |