Results 1 to 9 of 9

Thread: help on delphi

  1. #1
    m.albert
    Guest

    help on delphi

    Hi I'm looking for the serial number check part of a program written in Delphi.
    It seems to me looking at the section below that I'm not too far from the target. Each digit of the entered serial is compared with 20.
    What do you think?
    Should I explore close to this?
    Thanks and Regards
    Michael


    * Reference to: system.@LStrLen:Integer;
    | or: system.@DynArrayLength;
    | or: system.DynArraySize(Pointer):Integer;
    |
    00409ADE E86DA7FFFF call 00404250
    00409AE3 8BF0 mov esi, eax
    00409AE5 BB01000000 mov ebx, $00000001
    00409AEA EB01 jmp 00409AED
    00409AEC 43 inc ebx
    00409AED 3BF3 cmp esi, ebx
    00409AEF 7C07 jl 00409AF8
    00409AF1 807C1FFF20 cmp byte ptr [edi+ebx-$01], $20
    00409AF6 76F4 jbe 00409AEC
    00409AF8 3BF3 cmp esi, ebx
    00409AFA 7D0A jnl 00409B06
    00409AFC 8BC5 mov eax, ebp

    * Reference to: system.@LStrClr(String);
    |
    00409AFE E8BDA4FFFF call 00403FC0
    00409B03 EB17 jmp 00409B1C
    00409B05 4E dec esi
    00409B06 807C37FF20 cmp byte ptr [edi+esi-$01], $20
    00409B0B 76F8 jbe 00409B05
    00409B0D 55 push ebp
    00409B0E 8BCE mov ecx, esi
    00409B10 2BCB sub ecx, ebx
    00409B12 41 inc ecx
    00409B13 8BD3 mov edx, ebx
    00409B15 8BC7 mov eax, edi

    * Reference to: system.@LStrCopy;
    |
    00409B17 E83CA9FFFF call 00404458
    00409B1C 5D pop ebp
    00409B1D 5F pop edi
    00409B1E 5E pop esi
    00409B1F 5B pop ebx
    00409B20 C3 ret
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647

    Re: help on delphi

    Originally posted by m.albert
    Hi I'm looking for the serial number check part of a program written in Delphi.
    It seems to me looking at the section below that I'm not too far from the target. Each digit of the entered serial is compared with 20.
    What do you think?
    Should I explore close to this?
    Thanks and Regards
    Michael


    * Reference to: system.@LStrLen:Integer;
    | or: system.@DynArrayLength;
    | or: system.DynArraySize(Pointer):Integer;
    |
    00409ADE E86DA7FFFF call 00404250
    00409AE3 8BF0 mov esi, eax
    00409AE5 BB01000000 mov ebx, $00000001
    00409AEA EB01 jmp 00409AED
    00409AEC 43 inc ebx
    00409AED 3BF3 cmp esi, ebx
    00409AEF 7C07 jl 00409AF8
    00409AF1 807C1FFF20 cmp byte ptr [edi+ebx-$01], $20
    00409AF6 76F4 jbe 00409AEC
    00409AF8 3BF3 cmp esi, ebx
    00409AFA 7D0A jnl 00409B06
    00409AFC 8BC5 mov eax, ebp

    * Reference to: system.@LStrClr(String);
    |
    00409AFE E8BDA4FFFF call 00403FC0
    00409B03 EB17 jmp 00409B1C
    00409B05 4E dec esi
    00409B06 807C37FF20 cmp byte ptr [edi+esi-$01], $20
    00409B0B 76F8 jbe 00409B05
    00409B0D 55 push ebp
    00409B0E 8BCE mov ecx, esi
    00409B10 2BCB sub ecx, ebx
    00409B12 41 inc ecx
    00409B13 8BD3 mov edx, ebx
    00409B15 8BC7 mov eax, edi

    * Reference to: system.@LStrCopy;
    |
    00409B17 E83CA9FFFF call 00404458
    00409B1C 5D pop ebp
    00409B1D 5F pop edi
    00409B1E 5E pop esi
    00409B1F 5B pop ebx
    00409B20 C3 ret

    Smells to me that this code is scanning the string pointed by edi for control characters, with a value of 20 or less. when it finds them, it ignores them and continue with the next. if the char is above 20, ie, printable, does one more check and appears to copy it into the address contained in ebp.

    I think it is getting rid of non printable chars. you are cold, but getting warm

  3. #3
    m.albert
    Guest
    Which of the following sections is most likely to contain the check routine for the serial?
    Thanks
    Michael


    |* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
    |* Reference to: system.@LStrAsg;|
    * Reference to: system.TObject.Free(TObject);

    * Possible String Reference to: 'E[]ËU3Uh?H^'
    |
    * Reference to: system.@LStrClr(String);
    |
    * Reference to: system.@LStrClr(String);
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4

    Re: help on delphi

    Originally posted by m.albert
    Hi I'm looking for the serial number check part of a program written in Delphi.
    It seems to me looking at the section below that I'm not too far from the target. Each digit of the entered serial is compared with 20.
    What do you think?
    Should I explore close to this?
    Thanks and Regards
    Michael
    Hi, Michael!

    Why don't you just break on some adress from that listing and find out for your self if it's checking your serial?
    If so, just follow it and see what you can find!

    Have you already checked the code when you press ok in the regform or the code when you call upp the regform?
    That is, disassemble in dede and get a good adress to trace from in sice...
    Usually you can follow it sucessfully from those.

    //Manko

  5. #5
    m.albert
    Guest

    is ollydbg OK?

    I would like to use ollydbg instead of softice is that OK do you think?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Originally posted by m.albert
    Which of the following sections is most likely to contain the check routine for the serial?
    Thanks
    Michael


    |* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
    |* Reference to: system.@LStrAsg;|
    * Reference to: system.TObject.Free(TObject);

    * Possible String Reference to: 'E[]ËU3Uh?H^'
    |
    * Reference to: system.@LStrClr(String);
    |
    * Reference to: system.@LStrClr(String);
    Those are not sections, those are calls.
    Taken out of context like that, they mean next to nothing to me...
    (So why do I bother answering...:P)
    Please include more code and tell us how you got that code...
    From what form and what button or was it a call further in from souch a point or did you trace in after having exported the symbols from dede?
    There's just not very much info to go on.

    //Manko

  7. #7
    stealthFIGHTER
    Guest

    |* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;


    Trim trims leading and trailing spaces and control characters from the given string. (useful)


    |* Reference to: system.@LStrAsg;|

    Assign a string.


    * Reference to: system.TObject.Free(TObject);

    useless


    * Possible String Reference to: 'E[]ËU3Uh?H^'

    useless


    * Reference to: system.@LStrClr(String);

    Clear a string.
    Last edited by stealthFIGHTER; September 11th, 2002 at 22:26.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    m.albert
    Guest

    delphi serial

    here are the sections which look interesting.
    Which one do you think I should focus on?
    Thanks
    Michael


    * Reference to: controls.TControl.GetText(TControl):System.String;
    |
    005E47F2 E8F53DE5FF call 004385EC
    005E47F7 8B45F0 mov eax, [ebp-$10]
    005E47FA 8D55F4 lea edx, [ebp-$0C]

    * Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
    |
    005E47FD E8D252E2FF call 00409AD4
    005E4802 8B55F4 mov edx, [ebp-$0C]
    005E4805 8BC3 mov eax, ebx

    * Reference to: system.@LStrAsg;
    |
    005E4807 E808F8E1FF call 00404014
    005E480C C645FF01 mov byte ptr [ebp-$01], $01
    005E4810 33C0 xor eax, eax
    005E4812 5A pop edx
    005E4813 59 pop ecx
    005E4814 59 pop ecx
    005E4815 648910 mov fs:[eax], edx

    ****** FINALLY
    |
    005E4818 682D485E00 push $005E482D
    005E481D 8B45F8 mov eax, [ebp-$08]

    * Reference to: system.TObject.Free(TObject);
    |
    005E4820 E857E9E1FF call 0040317C
    005E4825 C3 ret

    005E4826 E9B1F0E1FF jmp 004038DC
    005E482B EBF0 jmp 005E481D

    ****** END
    |
    005E482D 33C0 xor eax, eax
    005E482F 5A pop edx
    005E4830 59 pop ecx
    005E4831 59 pop ecx
    005E4832 648910 mov fs:[eax], edx

    ****** FINALLY
    |

    * Possible String Reference to: 'E[]ËU3Uh?H^'
    |
    005E4835 6852485E00 push $005E4852
    005E483A 8D45F0 lea eax, [ebp-$10]

    * Reference to: system.@LStrClr(String);
    |
    005E483D E87EF7E1FF call 00403FC0
    005E4842 8D45F4 lea eax, [ebp-$0C]

    * Reference to: system.@LStrClr(String);
    |
    005E4845 E876F7E1FF call 00403FC0
    005E484A C3 ret

    005E484B E98CF0E1FF jmp 004038DC
    005E4850 EBE8 jmp 005E483A

    ****** END
    |
    005E4852 8A45FF mov al, byte ptr [ebp-$01]
    005E4855 5B pop ebx
    005E4856 8BE5 mov esp, ebp
    005E4858 5D pop ebp
    005E4859 C3 ret
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    stealthFIGHTER
    Guest

    Re: delphi serial

    Hello m.albert,

    I can't see any important routine here... (except first two)
    But try to concentrate on the first two routines...


    * Reference to: controls.TControl.GetText(TControl):System.String;
    |
    005E47F2 E8F53DE5FF call 004385EC
    005E47F7 8B45F0 mov eax, [ebp-$10]
    005E47FA 8D55F4 lea edx, [ebp-$0C]

    Program reads the input string (serial) probably from TEdit.
    (input := TEdit1.text)


    * Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
    |
    005E47FD E8D252E2FF call 00409AD4
    005E4802 8B55F4 mov edx, [ebp-$0C]
    005E4805 8BC3 mov eax, ebx

    Trim trims leading and trailing spaces and control characters from the given string
    (input := Trim(input))


    * Reference to: system.@LStrAsg;
    |
    005E4807 E808F8E1FF call 00404014
    005E480C C645FF01 mov byte ptr [ebp-$01], $01
    005E4810 33C0 xor eax, eax
    005E4812 5A pop edx
    005E4813 59 pop ecx
    005E4814 59 pop ecx
    005E4815 648910 mov fs:[eax], edx

    Nothing with your input/serial.


    ****** FINALLY
    |
    005E4818 682D485E00 push $005E482D
    005E481D 8B45F8 mov eax, [ebp-$08]

    * Reference to: system.TObject.Free(TObject);
    |
    005E4820 E857E9E1FF call 0040317C
    005E4825 C3 ret

    005E4826 E9B1F0E1FF jmp 004038DC
    005E482B EBF0 jmp 005E481D

    Nothing with your input/serial (usually).


    ****** END
    |
    005E482D 33C0 xor eax, eax
    005E482F 5A pop edx
    005E4830 59 pop ecx
    005E4831 59 pop ecx
    005E4832 648910 mov fs:[eax], edx

    ****** FINALLY

    Nothing with your input/serial (usually).


    * Possible String Reference to: 'E[]ËU3Uh?H^'
    |
    005E4835 6852485E00 push $005E4852
    005E483A 8D45F0 lea eax, [ebp-$10]

    * Reference to: system.@LStrClr(String);
    |
    005E483D E87EF7E1FF call 00403FC0
    005E4842 8D45F4 lea eax, [ebp-$0C]

    * Reference to: system.@LStrClr(String);
    |
    005E4845 E876F7E1FF call 00403FC0
    005E484A C3 ret

    005E484B E98CF0E1FF jmp 004038DC
    005E4850 EBE8 jmp 005E483A

    ****** END
    |
    005E4852 8A45FF mov al, byte ptr [ebp-$01]
    005E4855 5B pop ebx
    005E4856 8BE5 mov esp, ebp
    005E4858 5D pop ebp
    005E4859 C3 ret

    Nothing with your input/serial.

    As you can see there are ONLY system (SysUtils, SysInit, Windows units) functions that Delphi uses.

    sF
    Last edited by stealthFIGHTER; September 11th, 2002 at 22:50.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. I need help with an odd delphi exe
    By james in forum The Newbie Forum
    Replies: 13
    Last Post: September 13th, 2009, 11:10
  2. Function calls in delphi
    By uad782 in forum The Newbie Forum
    Replies: 3
    Last Post: November 14th, 2008, 14:56
  3. delphi for newbie help
    By m.albert in forum The Newbie Forum
    Replies: 9
    Last Post: May 10th, 2005, 21:11
  4. Ice License (delphi)
    By Slider in forum The Newbie Forum
    Replies: 6
    Last Post: July 26th, 2004, 12:51
  5. can anybody help me for reversing delphi
    By erdem2001 in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: December 1st, 2001, 06:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •