Hello all!

Im trying to understand how to make a ASM rip keygen.

I've coded a little console app (attached) that initializes a variable to 2, calls a function to double it and outputs the result.

IDA translates my int Dbl(int x) function to:


Now, lets pretend that this function is actually some complicated key-generation algorithm, and I want to rip it for my keygen...

So I create a function and put the above code in a __asm { } block:


But it doesnt work, the keygen crashes.
I've never tried this before, so can someone please tell me what I'm doing wrong and what's the right way to do it?

Also another question: if a key-generation function includes calls to other functions, whats the proper way to rip it?

Thanx!

this function just takes argument and adds to itself so it is multiplying by two.I guess you can write this simple calculation yourself.
However, your C translation is wrong.You can't reference passed variables like this.


mov eax, [ebp+x] change this to
mov eax, [ebp+8]

Hmmm... Yeah, I did that but it still wouldnt work.... Then I added

to the function and now it works....

Why 8? Length of an integer??? Isnt that 4???

Hello,

because :00401194 arg_0 = dword ptr 8. So if arg_0 = dword ptr 8 you can do this:

mov eax, [ebp+arg_0] >>> mov eax, [ebp+8]

Ok?

sF

Right, thanks!

Hi!

I don't think it is a good idea to rip codes from the target.
(by the way,there is a tool named TMG Ripper Studio which can do it,maybe its current version is 0.03).

most of time the codes are too much and the codes ripped
are very complecated! And many data referenced may need
to be initialized.

I wrote a tool to export functions from a DLL.At this time it does
nothing to DLLs which have no export directory.I will modify it
to add export table for that Dlls and even EXEs! So we can
exported any functions as we like.

Maybe it is better to call the functions than rip it:-)