kolina
May 27th, 2003, 13:17
Hi all!
In the following code snippet a long double is read from a file, that's the required key. Then a checking function is called which performs a number of calculations. As I don't want to write a keygen (that's too complicated for me at the moment) I thought I could wrap a loop around the checking function to test all keys until a valid one is found. If a correct key is found I'd like to notice it somehow with the help of the check of the result (if this is the correct one ;-) below. I know that the correct key will be smaller than 2^40, so the loop might take some hours I think but that wouldn't be a problem. Can somebody give me some tips how to do this?
Thank you very much!
kolina
10013BAC lea ecx, [esp+5F0h+var_550]
10013BB3 push offset aR ; "r"
10013BB8 push ecx
10013BB9 call ds:fopen
10013BBF mov esi, eax
10013BC1 add esp, 8
10013BC4 test esi, esi
10013BC6 jz loc_10013C53
10013BCC lea edx, [esp+5F0h+var_5D8]
10013BD0 push edx
10013BD1 push offset aLf ; "%lf"
10013BD6 push esi
10013BD7 call ds:fscanf ; <--- READ LONG DOUBLE FROM FILE
10013BDD push esi
10013BDE call ds:fclose
10013BE4 lea eax, [esp+600h+var_5DD]
10013BE8 lea ecx, [esp+600h+var_5DA]
10013BEC push eax
10013BED mov eax, [esp+604h+var_5D4]
10013BF1 lea edx, [esp+604h+var_5DC]
10013BF5 push ecx
10013BF6 mov ecx, [esp+608h+var_5D8]
10013BFA push edx
10013BFB push eax
10013BFC push ecx
10013BFD call sub_100139E0 ; <--- THE CHECKING FUNCTION
10013C02 mov al, [esp+614h+var_5DD]
10013C06 add esp, 24h
10013C09 test al, al ; <--- CHECK IF RETURN IS CORRECT (?)
10013C0B jz short loc_10013C2E
10013C0D call dword_1001F9AC
10013C13 cmp ax, [esp+5F0h+var_5DC]
10013C18 jnz short loc_10013C2E
10013C1A mov dx, [ebp+arg_4]
10013C1E cmp [esp+5F0h+var_5DA], dx
10013C23 jnz short loc_10013C2E
10013C25 mov al, 1
10013C27 pop edi
10013C28 pop esi
10013C29 pop ebx
10013C2A mov esp, ebp
10013C2C pop ebp
10013C2D retn
In the following code snippet a long double is read from a file, that's the required key. Then a checking function is called which performs a number of calculations. As I don't want to write a keygen (that's too complicated for me at the moment) I thought I could wrap a loop around the checking function to test all keys until a valid one is found. If a correct key is found I'd like to notice it somehow with the help of the check of the result (if this is the correct one ;-) below. I know that the correct key will be smaller than 2^40, so the loop might take some hours I think but that wouldn't be a problem. Can somebody give me some tips how to do this?
Thank you very much!
kolina
10013BAC lea ecx, [esp+5F0h+var_550]
10013BB3 push offset aR ; "r"
10013BB8 push ecx
10013BB9 call ds:fopen
10013BBF mov esi, eax
10013BC1 add esp, 8
10013BC4 test esi, esi
10013BC6 jz loc_10013C53
10013BCC lea edx, [esp+5F0h+var_5D8]
10013BD0 push edx
10013BD1 push offset aLf ; "%lf"
10013BD6 push esi
10013BD7 call ds:fscanf ; <--- READ LONG DOUBLE FROM FILE
10013BDD push esi
10013BDE call ds:fclose
10013BE4 lea eax, [esp+600h+var_5DD]
10013BE8 lea ecx, [esp+600h+var_5DA]
10013BEC push eax
10013BED mov eax, [esp+604h+var_5D4]
10013BF1 lea edx, [esp+604h+var_5DC]
10013BF5 push ecx
10013BF6 mov ecx, [esp+608h+var_5D8]
10013BFA push edx
10013BFB push eax
10013BFC push ecx
10013BFD call sub_100139E0 ; <--- THE CHECKING FUNCTION
10013C02 mov al, [esp+614h+var_5DD]
10013C06 add esp, 24h
10013C09 test al, al ; <--- CHECK IF RETURN IS CORRECT (?)
10013C0B jz short loc_10013C2E
10013C0D call dword_1001F9AC
10013C13 cmp ax, [esp+5F0h+var_5DC]
10013C18 jnz short loc_10013C2E
10013C1A mov dx, [ebp+arg_4]
10013C1E cmp [esp+5F0h+var_5DA], dx
10013C23 jnz short loc_10013C2E
10013C25 mov al, 1
10013C27 pop edi
10013C28 pop esi
10013C29 pop ebx
10013C2A mov esp, ebp
10013C2C pop ebp
10013C2D retn
