Hav-in Fun
August 25th, 2005, 00:00
Hi,All
Have read all the tuts from Gabri3l -Shub-Nig. I have used several tools, and can get to (invaild registration number),trace back,Set brakepoints and just as I should see my reg.number show up or I think, the program goes into to hyper speed, thur jumps then to end program.. This progrm has numbers for the Basic,Plus,and Pro version and also has an serial for an add on (barcoder) and time trial.
Program has Key number on Nag Screen That you use when calling in to register and ask's that you do not change company's name....I have went in at the Invaild reg.#, also the first call before and after the last (pro version) test al,al Traced back..After hitting a point with brakepoints and run on olly it just take off and trying to read the register for Eax.Ecx.Edx number in olly is impossible..even tried throwing brakepoint to see if i could stop it.. used olly 1.09-1.10 and Ida to look at this program. I've got so many hours into this (reading and trying) need hand to go down the right path (I'm thinking my tools are not correct for this target)
PEiD v 0.93
Multiple Scanner
Borland Delphi 4.0-5.0
Wise Installer Stub (overlay)
Microsoft Visual C++ Dll Method 1
KANAL:
Detected 2 crypto Signature (in 2.0s)
CRC 32:002A727C::006A887C. Referenced @ 006A9180
Zip 2 encryption ::0028FF14 :: 00690B14
005F8AB6 |. 55 PUSH EBP
005F8AB7 |. 68 508D5F00 PUSHxxxxxx20.005F8D50
005F8ABC |. 64:FF30 PUSH DWORD PTR FS:[EAX]
005F8ABF |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
005F8AC2 |. 8B96 D4020000 MOV EDX,DWORD PTR DS:[ESI+2D4]
005F8AC8 |. 8BC6 MOV EAX,ESI
005F8ACA |. E8 5994E5FF CALL xxxxxx20.00451F28
005F8ACF |. 33DB XOR EBX,EBX
005F8AD1 |. BA 688D5F00 MOV EDX,xxxxxx20.005F8D68 ; ASCII "REGNUM"
005F8AD6 |. 8B86 DC020000 MOV EAX,DWORD PTR DS:[ESI+2DC]
005F8ADC |. E8 2FF6E7FF CALL xxxxxx20.00478110
005F8AE1 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
005F8AE4 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
005F8AE6 |. FF51 58 CALL DWORD PTR DS:[ECX+58]
005F8AE9 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005F8AEC |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
005F8AEF |. E8 4410E1FF CALL xxxxxx20.00409B38
005F8AF4 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
005F8AF7 |. BA 788D5F00 MOV EDX,xxxxxx20.005F8D78 ; ASCII "GRACE"
005F8AFC |. E8 D3B7E0FF CALL xxxxxx20.004042D4
005F8B01 |. 0F85 CD000000 JNZ xxxxxx20.005F8BD4
005F8B07 |. B3 01 MOV BL,1
005F8B09 |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8B0E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8B10 |. E8 3F160000 CALL xxxxxx20.005FA154
005F8B15 |. 84C0 TEST AL,AL
005F8B17 |. 74 6A JE SHORT xxxxxx20.005F8B83
005F8B19 |. 6A 00 PUSH 0
005F8B1B |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
005F8B1E |. 50 PUSH EAX
005F8B1F |. 68 888D5F00 PUSH xxxxxx20.005F8D88 ; ASCII "Your trial period has been extended for "
005F8B24 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
005F8B27 |. B8 0A000000 MOV EAX,0A
005F8B2C |. E8 DF15E1FF CALL xxxxxx20.0040A110
005F8B31 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
005F8B34 |. 68 BC8D5F00 PUSH xxxxxx20.005F8DBC ; ASCII " days."
005F8B39 |. 68 CC8D5F00 PUSH xxxxxx20.005F8DCC
005F8B3E |. 68 D88D5F00 PUSH xxxxxx20.005F8DD8 ; ASCII "Click OK and then run %s again."
005F8B43 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
005F8B46 |. BA 05000000 MOV EDX,5
005F8B4B |. E8 34B7E0FF CALL xxxxxx20.00404284
005F8B50 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; ||
005F8B53 |. 50 PUSH EAX ; ||
005F8B54 |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ||ASCII "xxxxxx 2003"
005F8B59 |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX ; ||
005F8B5C |. C645 E4 0B MOV BYTE PTR SS:[EBP-1C],0B ; ||
005F8B60 |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ; ||
005F8B63 |. 33C9 XOR ECX,ECX ; ||
005F8B65 |. 58 POP EAX ; ||
005F8B66 |. E8 4127E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8B6B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
005F8B6E |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8B75 |. B2 02 MOV DL,2 ; |
005F8B77 |. E8 8078E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8B7C |. BF 01000000 MOV EDI,1
005F8B81 |. EB 37 JMP SHORT xxxxxx20.005F8BBA
005F8B83 |> 6A 00 PUSH 0 ; /Arg1 = 00000000
005F8B85 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] ; |
005F8B88 |. 50 PUSH EAX ; |/Arg1
005F8B89 |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ||ASCII "xxxxxx 2003"
005F8B8E |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX ; ||
005F8B91 |. C645 E4 0B MOV BYTE PTR SS:[EBP-1C],0B ; ||
005F8B95 |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ; ||
005F8B98 |. 33C9 XOR ECX,ECX ; ||
005F8B9A |. B8 188E5F00 MOV EAX,xxxxxx20.005F8E18 ; ||ASCII "Trial period cannot be extended.
You must register %s to continue using it."
005F8B9F |. E8 0827E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8BA4 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] ; |
005F8BA7 |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8BAE |. B2 01 MOV DL,1 ; |
005F8BB0 |. E8 4778E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8BB5 |. BF 02000000 MOV EDI,2
005F8BBA |> BA 688D5F00 MOV EDX,xxxxxx20.005F8D68 ; ASCII "REGNUM"
005F8BBF |. 8B86 DC020000 MOV EAX,DWORD PTR DS:[ESI+2DC]
005F8BC5 |. E8 46F5E7FF CALL xxxxxx20.00478110
005F8BCA |. 33D2 XOR EDX,EDX
005F8BCC |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
005F8BCE |. FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
005F8BD4 |> 8B86 DC020000 MOV EAX,DWORD PTR DS:[ESI+2DC]
005F8BDA |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
005F8BDC |. FF92 40020000 CALL DWORD PTR DS:[EDX+240]
005F8BE2 |. 8B86 2C030000 MOV EAX,DWORD PTR DS:[ESI+32C]
005F8BE8 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
005F8BEA |. FF92 40020000 CALL DWORD PTR DS:[EDX+240]
005F8BF0 |. A1 84996A00 MOV EAX,DWORD PTR DS:[6A9984]
005F8BF5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8BF7 |. 8B40 54 MOV EAX,DWORD PTR DS:[EAX+54]
005F8BFA |. E8 A5B9E9FF CALL xxxxxx20.004945A4
005F8BFF |. 84DB TEST BL,BL
005F8C01 |. 0F85 0E010000 JNZ xxxxxx20.005F8D15
005F8C07 |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8C0C |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8C0E |. E8 110D0000 CALL xxxxxx20.005F9924
005F8C13 |. 84C0 TEST AL,AL
005F8C15 |. 0F84 E0000000 JE xxxxxx20.005F8CFB
005F8C1B |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8C20 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8C22 |. 8B58 58 MOV EBX,DWORD PTR DS:[EAX+58]
005F8C25 |. 85DB TEST EBX,EBX
005F8C27 |. 7E 46 JLE SHORT xxxxxx20.005F8C6F
005F8C29 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
005F8C2B |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] ; |
005F8C2E |. 50 PUSH EAX ; |/Arg1
005F8C2F |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C] ; ||
005F8C34 |. 895D C8 MOV DWORD PTR SS:[EBP-38],EBX ; ||
005F8C37 |. C645 CC 00 MOV BYTE PTR SS:[EBP-34],0 ; ||
005F8C3B |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ||ASCII "xxxxxx 2003"
005F8C40 |. 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX ; ||
005F8C43 |. C645 D4 0B MOV BYTE PTR SS:[EBP-2C],0B ; ||
005F8C47 |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38] ; ||
005F8C4A |. B9 01000000 MOV ECX,1 ; ||
005F8C4F |. B8 6C8E5F00 MOV EAX,xxxxxx20.005F8E6C ; ||ASCII "Your trial has been extended for %d days.
Click OK and then run %s again."
005F8C54 |. E8 5326E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8C59 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
005F8C5C |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8C63 |. B2 02 MOV DL,2 ; |
005F8C65 |. E8 9277E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8C6A |. E9 A6000000 JMP xxxxxx20.005F8D15
005F8C6F |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005F8C72 |. E8 CDB2E0FF CALL xxxxxx20.00403F44
005F8C77 |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8C7C |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8C7E |. BA 01000000 MOV EDX,1
005F8C83 |. E8 281A0000 CALL xxxxxx20.005FA6B0
005F8C88 |. 84C0 TEST AL,AL
005F8C8A |. 74 0D JE SHORT xxxxxx20.005F8C99
005F8C8C |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005F8C8F |. BA C08E5F00 MOV EDX,xxxxxx20.005F8EC0 ; ASCII "[Barcode Option Enabled]
"
005F8C94 |. E8 43B3E0FF CALL xxxxxx20.00403FDC
005F8C99 |> 6A 00 PUSH 0
005F8C9B |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
005F8C9E |. 50 PUSH EAX
005F8C9F |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ASCII "xxxxxx 2003"
005F8CA4 |. 8945 C8 MOV DWORD PTR SS:[EBP-38],EAX
005F8CA7 |. C645 CC 0B MOV BYTE PTR SS:[EBP-34],0B
005F8CAB |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ASCII "xxxxxx 2003"
005F8CB0 |. 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
005F8CB3 |. C645 D4 0B MOV BYTE PTR SS:[EBP-2C],0B
005F8CB7 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
005F8CBA |. 50 PUSH EAX
005F8CBB |. 68 E48E5F00 PUSH xxxxxx20.005F8EE4 ; ASCII "Thank you for registering %s.
"
005F8CC0 |. FF75 FC PUSH DWORD PTR SS:[EBP-4]
005F8CC3 |. 68 D88D5F00 PUSH xxxxxx20.005F8DD8 ; ASCII "Click OK and then run %s again."
005F8CC8 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
005F8CCB |. BA 03000000 MOV EDX,3
005F8CD0 |. E8 AFB5E0FF CALL xxxxxx20.00404284
005F8CD5 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40] ; ||
005F8CD8 |. B9 01000000 MOV ECX,1 ; ||
005F8CDD |. 5A POP EDX ; ||
005F8CDE |. E8 C925E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8CE3 |. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C] ; |
005F8CE6 |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8CED |. B2 02 MOV DL,2 ; |
005F8CEF |. E8 0877E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8CF4 |. BF 01000000 MOV EDI,1
005F8CF9 |. EB 1A JMP SHORT xxxxxx20.005F8D15
005F8CFB |> 6A 00 PUSH 0 ; /Arg1 = 00000000
005F8CFD |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8D04 |. B2 01 MOV DL,1 ; |
005F8D06 |. B8 0C8F5F00 MOV EAX,xxxxxx20.005F8F0C ; |ASCII "Invalid registration number."
005F8D0B |. E8 EC76E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8D10 |. BF 02000000 MOV EDI,2
005F8D15 |> 89BE 34020000 MOV DWORD PTR DS:[ESI+234],EDI
005F8D1B |. 33C0 XOR EAX,EAX
005F8D1D |. 5A POP EDX
005F8D1E |. 59 POP ECX
005F8D1F |. 59 POP ECX
005F8D20 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
005F8D23 |. 68 578D5F00 PUSH xxxxxx20.005F8D57
Thank's
Have read all the tuts from Gabri3l -Shub-Nig. I have used several tools, and can get to (invaild registration number),trace back,Set brakepoints and just as I should see my reg.number show up or I think, the program goes into to hyper speed, thur jumps then to end program.. This progrm has numbers for the Basic,Plus,and Pro version and also has an serial for an add on (barcoder) and time trial.
Program has Key number on Nag Screen That you use when calling in to register and ask's that you do not change company's name....I have went in at the Invaild reg.#, also the first call before and after the last (pro version) test al,al Traced back..After hitting a point with brakepoints and run on olly it just take off and trying to read the register for Eax.Ecx.Edx number in olly is impossible..even tried throwing brakepoint to see if i could stop it.. used olly 1.09-1.10 and Ida to look at this program. I've got so many hours into this (reading and trying) need hand to go down the right path (I'm thinking my tools are not correct for this target)
PEiD v 0.93
Multiple Scanner
Borland Delphi 4.0-5.0
Wise Installer Stub (overlay)
Microsoft Visual C++ Dll Method 1
KANAL:
Detected 2 crypto Signature (in 2.0s)
CRC 32:002A727C::006A887C. Referenced @ 006A9180
Zip 2 encryption ::0028FF14 :: 00690B14
005F8AB6 |. 55 PUSH EBP
005F8AB7 |. 68 508D5F00 PUSHxxxxxx20.005F8D50
005F8ABC |. 64:FF30 PUSH DWORD PTR FS:[EAX]
005F8ABF |. 64:8920 MOV DWORD PTR FS:[EAX],ESP
005F8AC2 |. 8B96 D4020000 MOV EDX,DWORD PTR DS:[ESI+2D4]
005F8AC8 |. 8BC6 MOV EAX,ESI
005F8ACA |. E8 5994E5FF CALL xxxxxx20.00451F28
005F8ACF |. 33DB XOR EBX,EBX
005F8AD1 |. BA 688D5F00 MOV EDX,xxxxxx20.005F8D68 ; ASCII "REGNUM"
005F8AD6 |. 8B86 DC020000 MOV EAX,DWORD PTR DS:[ESI+2DC]
005F8ADC |. E8 2FF6E7FF CALL xxxxxx20.00478110
005F8AE1 |. 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
005F8AE4 |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
005F8AE6 |. FF51 58 CALL DWORD PTR DS:[ECX+58]
005F8AE9 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]
005F8AEC |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8]
005F8AEF |. E8 4410E1FF CALL xxxxxx20.00409B38
005F8AF4 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
005F8AF7 |. BA 788D5F00 MOV EDX,xxxxxx20.005F8D78 ; ASCII "GRACE"
005F8AFC |. E8 D3B7E0FF CALL xxxxxx20.004042D4
005F8B01 |. 0F85 CD000000 JNZ xxxxxx20.005F8BD4
005F8B07 |. B3 01 MOV BL,1
005F8B09 |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8B0E |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8B10 |. E8 3F160000 CALL xxxxxx20.005FA154
005F8B15 |. 84C0 TEST AL,AL
005F8B17 |. 74 6A JE SHORT xxxxxx20.005F8B83
005F8B19 |. 6A 00 PUSH 0
005F8B1B |. 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
005F8B1E |. 50 PUSH EAX
005F8B1F |. 68 888D5F00 PUSH xxxxxx20.005F8D88 ; ASCII "Your trial period has been extended for "
005F8B24 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18]
005F8B27 |. B8 0A000000 MOV EAX,0A
005F8B2C |. E8 DF15E1FF CALL xxxxxx20.0040A110
005F8B31 |. FF75 E8 PUSH DWORD PTR SS:[EBP-18]
005F8B34 |. 68 BC8D5F00 PUSH xxxxxx20.005F8DBC ; ASCII " days."
005F8B39 |. 68 CC8D5F00 PUSH xxxxxx20.005F8DCC
005F8B3E |. 68 D88D5F00 PUSH xxxxxx20.005F8DD8 ; ASCII "Click OK and then run %s again."
005F8B43 |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14]
005F8B46 |. BA 05000000 MOV EDX,5
005F8B4B |. E8 34B7E0FF CALL xxxxxx20.00404284
005F8B50 |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14] ; ||
005F8B53 |. 50 PUSH EAX ; ||
005F8B54 |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ||ASCII "xxxxxx 2003"
005F8B59 |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX ; ||
005F8B5C |. C645 E4 0B MOV BYTE PTR SS:[EBP-1C],0B ; ||
005F8B60 |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ; ||
005F8B63 |. 33C9 XOR ECX,ECX ; ||
005F8B65 |. 58 POP EAX ; ||
005F8B66 |. E8 4127E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8B6B |. 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10] ; |
005F8B6E |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8B75 |. B2 02 MOV DL,2 ; |
005F8B77 |. E8 8078E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8B7C |. BF 01000000 MOV EDI,1
005F8B81 |. EB 37 JMP SHORT xxxxxx20.005F8BBA
005F8B83 |> 6A 00 PUSH 0 ; /Arg1 = 00000000
005F8B85 |. 8D45 DC LEA EAX,DWORD PTR SS:[EBP-24] ; |
005F8B88 |. 50 PUSH EAX ; |/Arg1
005F8B89 |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ||ASCII "xxxxxx 2003"
005F8B8E |. 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX ; ||
005F8B91 |. C645 E4 0B MOV BYTE PTR SS:[EBP-1C],0B ; ||
005F8B95 |. 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ; ||
005F8B98 |. 33C9 XOR ECX,ECX ; ||
005F8B9A |. B8 188E5F00 MOV EAX,xxxxxx20.005F8E18 ; ||ASCII "Trial period cannot be extended.
You must register %s to continue using it."
005F8B9F |. E8 0827E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8BA4 |. 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24] ; |
005F8BA7 |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8BAE |. B2 01 MOV DL,1 ; |
005F8BB0 |. E8 4778E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8BB5 |. BF 02000000 MOV EDI,2
005F8BBA |> BA 688D5F00 MOV EDX,xxxxxx20.005F8D68 ; ASCII "REGNUM"
005F8BBF |. 8B86 DC020000 MOV EAX,DWORD PTR DS:[ESI+2DC]
005F8BC5 |. E8 46F5E7FF CALL xxxxxx20.00478110
005F8BCA |. 33D2 XOR EDX,EDX
005F8BCC |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
005F8BCE |. FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
005F8BD4 |> 8B86 DC020000 MOV EAX,DWORD PTR DS:[ESI+2DC]
005F8BDA |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
005F8BDC |. FF92 40020000 CALL DWORD PTR DS:[EDX+240]
005F8BE2 |. 8B86 2C030000 MOV EAX,DWORD PTR DS:[ESI+32C]
005F8BE8 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
005F8BEA |. FF92 40020000 CALL DWORD PTR DS:[EDX+240]
005F8BF0 |. A1 84996A00 MOV EAX,DWORD PTR DS:[6A9984]
005F8BF5 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8BF7 |. 8B40 54 MOV EAX,DWORD PTR DS:[EAX+54]
005F8BFA |. E8 A5B9E9FF CALL xxxxxx20.004945A4
005F8BFF |. 84DB TEST BL,BL
005F8C01 |. 0F85 0E010000 JNZ xxxxxx20.005F8D15
005F8C07 |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8C0C |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8C0E |. E8 110D0000 CALL xxxxxx20.005F9924
005F8C13 |. 84C0 TEST AL,AL
005F8C15 |. 0F84 E0000000 JE xxxxxx20.005F8CFB
005F8C1B |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8C20 |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8C22 |. 8B58 58 MOV EBX,DWORD PTR DS:[EAX+58]
005F8C25 |. 85DB TEST EBX,EBX
005F8C27 |. 7E 46 JLE SHORT xxxxxx20.005F8C6F
005F8C29 |. 6A 00 PUSH 0 ; /Arg1 = 00000000
005F8C2B |. 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] ; |
005F8C2E |. 50 PUSH EAX ; |/Arg1
005F8C2F |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C] ; ||
005F8C34 |. 895D C8 MOV DWORD PTR SS:[EBP-38],EBX ; ||
005F8C37 |. C645 CC 00 MOV BYTE PTR SS:[EBP-34],0 ; ||
005F8C3B |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ||ASCII "xxxxxx 2003"
005F8C40 |. 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX ; ||
005F8C43 |. C645 D4 0B MOV BYTE PTR SS:[EBP-2C],0B ; ||
005F8C47 |. 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38] ; ||
005F8C4A |. B9 01000000 MOV ECX,1 ; ||
005F8C4F |. B8 6C8E5F00 MOV EAX,xxxxxx20.005F8E6C ; ||ASCII "Your trial has been extended for %d days.
Click OK and then run %s again."
005F8C54 |. E8 5326E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8C59 |. 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] ; |
005F8C5C |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8C63 |. B2 02 MOV DL,2 ; |
005F8C65 |. E8 9277E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8C6A |. E9 A6000000 JMP xxxxxx20.005F8D15
005F8C6F |> 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005F8C72 |. E8 CDB2E0FF CALL xxxxxx20.00403F44
005F8C77 |. A1 6C986A00 MOV EAX,DWORD PTR DS:[6A986C]
005F8C7C |. 8B00 MOV EAX,DWORD PTR DS:[EAX]
005F8C7E |. BA 01000000 MOV EDX,1
005F8C83 |. E8 281A0000 CALL xxxxxx20.005FA6B0
005F8C88 |. 84C0 TEST AL,AL
005F8C8A |. 74 0D JE SHORT xxxxxx20.005F8C99
005F8C8C |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4]
005F8C8F |. BA C08E5F00 MOV EDX,xxxxxx20.005F8EC0 ; ASCII "[Barcode Option Enabled]
"
005F8C94 |. E8 43B3E0FF CALL xxxxxx20.00403FDC
005F8C99 |> 6A 00 PUSH 0
005F8C9B |. 8D45 C4 LEA EAX,DWORD PTR SS:[EBP-3C]
005F8C9E |. 50 PUSH EAX
005F8C9F |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ASCII "xxxxxx 2003"
005F8CA4 |. 8945 C8 MOV DWORD PTR SS:[EBP-38],EAX
005F8CA7 |. C645 CC 0B MOV BYTE PTR SS:[EBP-34],0B
005F8CAB |. B8 008E5F00 MOV EAX,xxxxxx20.005F8E00 ; ASCII "xxxxxx 2003"
005F8CB0 |. 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
005F8CB3 |. C645 D4 0B MOV BYTE PTR SS:[EBP-2C],0B
005F8CB7 |. 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-38]
005F8CBA |. 50 PUSH EAX
005F8CBB |. 68 E48E5F00 PUSH xxxxxx20.005F8EE4 ; ASCII "Thank you for registering %s.
"
005F8CC0 |. FF75 FC PUSH DWORD PTR SS:[EBP-4]
005F8CC3 |. 68 D88D5F00 PUSH xxxxxx20.005F8DD8 ; ASCII "Click OK and then run %s again."
005F8CC8 |. 8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
005F8CCB |. BA 03000000 MOV EDX,3
005F8CD0 |. E8 AFB5E0FF CALL xxxxxx20.00404284
005F8CD5 |. 8B45 C0 MOV EAX,DWORD PTR SS:[EBP-40] ; ||
005F8CD8 |. B9 01000000 MOV ECX,1 ; ||
005F8CDD |. 5A POP EDX ; ||
005F8CDE |. E8 C925E1FF CALL xxxxxx20.0040B2AC ; |\xxxxxx20.0040B2AC
005F8CE3 |. 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-3C] ; |
005F8CE6 |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8CED |. B2 02 MOV DL,2 ; |
005F8CEF |. E8 0877E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8CF4 |. BF 01000000 MOV EDI,1
005F8CF9 |. EB 1A JMP SHORT xxxxxx20.005F8D15
005F8CFB |> 6A 00 PUSH 0 ; /Arg1 = 00000000
005F8CFD |. 66:8B0D 0C8E5F>MOV CX,WORD PTR DS:[5F8E0C] ; |
005F8D04 |. B2 01 MOV DL,1 ; |
005F8D06 |. B8 0C8F5F00 MOV EAX,xxxxxx20.005F8F0C ; |ASCII "Invalid registration number."
005F8D0B |. E8 EC76E6FF CALL xxxxxx20.004603FC ; \xxxxxx20.004603FC
005F8D10 |. BF 02000000 MOV EDI,2
005F8D15 |> 89BE 34020000 MOV DWORD PTR DS:[ESI+234],EDI
005F8D1B |. 33C0 XOR EAX,EAX
005F8D1D |. 5A POP EDX
005F8D1E |. 59 POP ECX
005F8D1F |. 59 POP ECX
005F8D20 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX
005F8D23 |. 68 578D5F00 PUSH xxxxxx20.005F8D57
Thank's