Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 67

Thread: How to write a keygen ripping the original asm code

  1. #16
    Fahr
    Guest
    Originally posted by diz
    First, you are defining buffer which is only 1 byte big:
    @Buffer db 0
    255 bytes will be more than enough:
    @Buffer db 255

    Second, this variable will be used for MessageBox which needs string terminated with 0 so you need to initialize this var with zero's:
    @Buffer db 255 dup(0)

    Now, it will work
    Ah, so the 20 is not significant. The best thing for memory would be then to make it 8, since the serial is always 8 long...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #17
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi Fahr,
    The best thing for memory would be then to make it 8, since the serial is always 8 long...
    Ok, the serial is 8 chars long but you have to remember what diz told you about MessageBox function: the serial must be followed by NULL char (00h).
    When you know the size of a buffer, it's better to terminate it with a 00h byte, like you have done for @Name and @Format:
    @Buffer db 9 dup(0) ; 9 bytes setted to 00h

    ZaiRoN

  3. #18
    Fahr
    Guest
    Originally posted by ZaiRoN
    Hi Fahr,Ok, the serial is 8 chars long but you have to remember what diz told you about MessageBox function: the serial must be followed by NULL char (00h).
    When you know the size of a buffer, it's better to terminate it with a 00h byte, like you have done for @Name and @Format:
    @Buffer db 9 dup(0) ; 9 bytes setted to 00h

    ZaiRoN
    Hmm, isn't it so that 8 in fact MEANS 9? I thought the count starts at 0, see some other ppls remarks on how when it's 0, the size is 1. Makes me think that when it's 8, the size is 9 :P

    - Fahr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #19
    Fahr
    Guest
    ok, another small thing; how can I check if the string I have in @Name actually is longer than 0? I assume I could copy it to eax and then test eax, eax, but that doesn't seem to work...

    - Fahr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #20
    8 will give you 8 bytes, where go from 0 - 7. 9 will give you 9 bytes, 0 - 8.

    To make sure the name length is greater than zero bytes, just check the first byte, like so :

    mov eax, @name
    mov bl, [eax]
    cmp bl, 0
    je lengthiszero

    You may not need the "cmp", but it's best to leave it in there for now.

  6. #21
    Fahr
    Guest
    I knew it (about the bytes)

    also, on

    mov eax, @Serial

    it gives the following error:

    Keymaker.asm(191) : error A2070: invalid instruction operands

    I tried it with offset @Serial en addr @Serial, but both don't seem to work... (no errors, but it doesn't work as it's supposed to (always triggers))

    - Fahr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #22
    Registered User
    Join Date
    Dec 2002
    Location
    PL
    Posts
    45
    mov eax, dword ptr @Name
    mov bl, [eax]
    cmp bl,0
    ..

    or the other way:

    mov bl, byte ptr @Name
    cmp bl,0
    ..

    Like someone proposed to you, you should read some book, you'r smart, you'll get it fast.
    Last edited by diz; June 8th, 2003 at 15:23.

  8. #23
    Fahr
    Guest
    Thanks that works.

    Except for the fact that bl doesn't actually contain the LENGTH of the string (of course). Do I have to loop it till 0 to fetch the length or is there a simpler way (I need to check it against 8)

    As for reading books, I'm on it. Reading Krobar's tuts right now, hope it'll provide me with some insight.

    - Fahr
    Last edited by Fahr; June 8th, 2003 at 15:21.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #24
    Registered User
    Join Date
    Dec 2002
    Location
    PL
    Posts
    45
    Yes, you should compare every character against 0h. If you have text in a editbox (like you final keygen will have, I think) the GetDlgItemText function will return number of characters so you can easily check string lenght while retriving it from editbox.

  10. #25
    Fahr
    Guest
    That's not the problem. I know I can read the length from EAX.

    The problem is that after generation when it pushes it through a wsprintfA, any zero's in front get cut off. So I want to know the length of the output, if it's less than 8, I have to paste the missing 0s back in front.

    - Fahr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #26
    Registered User
    Join Date
    Dec 2002
    Location
    PL
    Posts
    45
    Look at wsprintf lpFmt parameter. It will do the job automaticly if you specify right formating.

  12. #27
    To get the length of a string does require a loop, but it's quite simple:

    MOV EDI, @buffer
    XOR ECX, ECX
    DEC ECX
    XOR AL, AL
    REPNE SCAS BYTE PTR [EDI]
    NOT ECX
    DEC ECX

    Most likely not the most optimised piece of code, but it should work

    If you just want to pad a hex string with zeroes however, just tell the printf call that you want to do that. Eg:

    Instead of %X which will give you (say) 123456
    Use %8X which will give you 00123456
    Last edited by squidge; June 8th, 2003 at 16:50.

  13. #28
    Fahr
    Guest
    duh, I should have thought of the %8X (eventhough it's %.8X, otherwise it fills with [spaces] instead of 0s :P)

    Anyways, I guess my keymaker is ready.

    For the sake of others following this thread, I will post it here, with source and all. Enjoy.

    And thanks to all those who helped me put it together

    - Fahr
    Last edited by Fahr; June 9th, 2003 at 08:29.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #29
    doh! I meant %08X, not %8X otherwise it pads with spaces, like you say. Don't know how %.8X works, but hey, who cares as long as it works

  15. #30
    Fahr
    Guest
    Hmm, I dunno about %08X, but %.8X works for sure :P

    The only thing I'd like to add now is that it generates the serial when you enter something in the box, instead of clicking the 'Generate' button.
    A friend of mine told me that I would have to subclass the editbox and write its own message handler... seems a bit too much to me. Any simpler ways?

    - Fahr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. can anyone tell me why code such as this avoids access violation on write..
    By BanMe in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: January 13th, 2011, 22:27
  2. DVD ripping problem.
    By Woodmann in forum Off Topic
    Replies: 19
    Last Post: July 28th, 2009, 20:30
  3. Me code write good: The l33t skillz of the virus writer
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 71
    Last Post: July 28th, 2007, 07:55
  4. How to write spaghetti code
    By corus-corvax in forum Advanced Reversing and Programming
    Replies: 13
    Last Post: August 26th, 2005, 01:11
  5. Here is the keygen code for Moving Picture
    By goatass in forum Mini Project Area
    Replies: 4
    Last Post: November 17th, 2000, 10:32

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •