PDA

View Full Version : Problem understanding SmartCheck


S|cK
May 5th, 2005, 12:04
Hi guys, i'm currently "in training" with smartcheck and i'm trying to understand the most of it. I've looked on google for some help or tutorials but no luck, same in Smartcheck help menu (F1)

So here's my problem, I just need to know what VB do in codelike when smartcheck shows the following events :

Len(String:"ASDJSAHDA..." returns LONG: 33 // VB: Str = Len(Str) = 33
Long (33) --> Integer (33) // ???
Integer (120) --> Byte (120) // ???
Integer (80) --> Byte (80) // ???
Integer (114) --> Byte (114) // ???
Integer (56) --> Byte (56) // ???
... 34 of those lines with different number then :
Integer (0) --> Byte (0) // ???

Is VB declaring variables, converting them or something ?? I just need to clear that out :/

Thanks !

SiGiNT
May 5th, 2005, 12:56
I found quite a lot on VB by googling, try doing a specific search for - sams teach yourself visual basic - you'll find an E-book eventually and in the process discover other sources - Eternal Bliss, (I know I didn't capitalize the right way), has several good tut's.

SiGiNT

Kayaker
May 5th, 2005, 14:09
Since you brought it up...
I always seem to "lose" the ref to Eternal Bliss' old page so I'll post it here once and for all. (it's easier for me to search the board than my bookmarks! )

http://ebliss.host.sk/cte.html#tutorials
http://ebliss.cjb.net

Specifically see essays at bottom of page:

Visual Basic Part 1: Compare Methods and Breakpoints
Visual Basic Part 2: SmartCheck Usage SmartCheck Settings: 1 2 3 4


Kayaker

S|cK
May 5th, 2005, 16:31
Thanks for those ressources guys, its really helpful to understand many things ! But what I have to understand seems really more advanced than bliss's tutorials/essays.

I think im facing a good encryption here, or maybe its just in my head

You see the encryption looks like :

StrConv(STRING:"my key",128,LCID:00000000) <- Send serial into bytearray !

:START:
__vbaPowerR8(double:2,double:0) returns DWORD:"pointer stack" <- hmm, take first byte in array and ^2*0 ?
Double (1) --> Integer (1) <- Presume an operation with 1 ?
UBound(PTR:address,Integer: 1) returns LONG: 32 <-- always same PTR and always return 32 ! but what does it do hmm ??
__vbaPowerR8(double:2,double:1) returns DWORD:<<something>> <- ??
Double (2) --> Integer (2) <- Presume an operation with 2 ?
:LOOP:

and it goes on from start to loop like 7 or 8 times... Double (x) --> Integer (x) goes like this : 1, 2, 4, 8, 32, 64, 128 and vbaPowerR8 only increase his second parameter by 1 each time (double:1 double:2 ... double:7), the first parameter always stay 2 (presume ^2)

The thing I don't get is : It's an array of 32 byte (starting from index 0) and there's like 7 operations.

I may think its 7 operations on each bytes to see if its return something good because at the end of those operations I get :

Double (128) --> Integer (128)
UBound(PTR:same address as above, Integer:1) returns LONG: 32
UBound(PTR:another address, Integer:1) returns LONG: 31
Long (different number each time) --> Integer (different number each time)
UBound(PTR:same address as above, Integer:1) returns LONG: 32
on error(-1)

then Msgbox("invalid serial"

Today is the 3rd day i'm trying to get the serial encryption and I still can't get it (Consider myself as a n00b )


Help would be appreciated. thanks !

zombla
January 3rd, 2006, 09:40
aloha
can you send the link for soft(VB) what you want to find serial ?
cya

laola
January 3rd, 2006, 12:03
Quote:
[Originally Posted by S|cK]I think im facing a good encryption here, or maybe its just in my head

You see the encryption looks like :

StrConv(STRING:"my key",128,LCID:00000000) <- Send serial into bytearray !

:START:
__vbaPowerR8(double:2,double:0) returns DWORD:"pointer stack" <- hmm, take first byte in array and ^2*0 ?

__vbaPowerR8 just calculates x^y, with x being the first operand and y the second. So it calculates 2^0 which results to 1. But as the function returns a double, the double value is not returned directly, but a pointer to the value on the stack instead. (returns DWORD: "pointer stack"
Quote:
[Originally Posted by S|cK]Double (1) --> Integer (1) <- Presume an operation with 1 ?

Nope, just converting the double to integer. The round brackets contain the values.
Quote:
[Originally Posted by S|cK]UBound(PTR:address,Integer: 1) returns LONG: 32 <-- always same PTR and always return 32 ! but what does it do hmm ??

No clue, but I'd guess it returns the size of a pointer variable. Depending on the Windows version you are running, pointers are either 32 or 64 bit. UBound could also mean "Upper Bound". I don't have any reference for Smartcheck at hand, sorry.
Quote:
[Originally Posted by S|cK]__vbaPowerR8(double:2,double:1) returns DWORD:<<something>> <- ??

Calculates 2^1 - Smartcheck obviously tries to match the result to known addresses etc. which has to fail because the result is a number and no address
Quote:
[Originally Posted by S|cK]Double (2) --> Integer (2) <- Presume an operation with 2 ?

Same as before, converts the double to integer for the next operations.
Quote:
[Originally Posted by S|cK]:LOOP:

and it goes on from start to loop like 7 or 8 times... Double (x) --> Integer (x) goes like this : 1, 2, 4, 8, 32, 64, 128 and vbaPowerR8 only increase his second parameter by 1 each time (double:1 double:2 ... double:7), the first parameter always stay 2 (presume ^2)

The thing I don't get is : It's an array of 32 byte (starting from index 0) and there's like 7 operations.

I may think its 7 operations on each bytes to see if its return something good

The array is 32 bytes or 8 integer numbers the loop generates a lookup-table with powers of two for upcoming calculations.
Quote:
[Originally Posted by S|cK]
because at the end of those operations I get :

Double (128) --> Integer (128)
UBound(PTR:same address as above, Integer:1) returns LONG: 32
UBound(PTR:another address, Integer:1) returns LONG: 31

How much do the addresses from the two lines differ?
Quote:
[Originally Posted by S|cK]Long (different number each time) --> Integer (different number each time)
Another type conversion...

Maybe this can shed some light on what you are looking at

Admiral
January 3rd, 2006, 14:49
I hate to point it out to you, laola, but the post you quoted is seven months old.
It looks like the aptly named zombla has rasied a zombie.

laola
January 3rd, 2006, 17:21
Ooops, I didn't look at the date of the post before the latest post Sorry
Anyhow, at least it's hopefully useful information