Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Monday, October 25 2021 @ 09:24 AM CEST
KeyMe2 | 10 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
KeyMe2
Authored by: TDC on Saturday, April 15 2006 @ 07:12 PM CEST

004015AF |. 68 22324000 PUSH KeyMe2.00403222 ; /ProcNameOrOrdinal = "sprintf"
004015B4 |. 68 17324000 PUSH KeyMe2.00403217 ; |/FileName = "msvcrt.dll"
004015B9 |. E8 84020000 CALL <JMP.&kernel32.LoadLibraryA> ; |LoadLibraryA
004015BE |. 50 PUSH EAX ; |hModule
004015BF |. E8 72020000 CALL <JMP.&kernel32.GetProcAddress> ; GetProcAddress
004015C4 |. 68 11324000 PUSH KeyMe2.00403211 ; ASCII "%.8X"
004015C9 |. 68 C0324000 PUSH KeyMe2.004032C0 ; ASCII "B1DEC71B"
004015CE |. FFD0 CALL EAX
004015D0 |. 83C4 0C ADD ESP,0C
004015D3 |. 8D05 A0324000 LEA EAX,DWORD PTR DS:[4032A0]
004015D9 |. 50 PUSH EAX ; /String2 => ""
004015DA |. 68 C0324000 PUSH KeyMe2.004032C0 ; |String1 = "B1DEC71B"
004015DF |. E8 88020000 CALL <JMP.&kernel32.lstrcmpA> ; lstrcmpA

At 004015D9, my string at DS:[4032A0] is empty ?! how can we ever get valid serial into there?
I've checked references, and it's not used anywhere but only here (see below) and at 004015D3.

00401454 |. 891D A0324000 MOV DWORD PTR DS:[4032A0],EBX

-- Greetz, TDC

---
=-=-=-=-=-=-=-=-=-=
:: The Dutch Cracker ::

  • KeyMe2 - Authored by: SKiLLa on Saturday, April 15 2006 @ 07:42 PM CEST
  • KeyMe2 - Authored by: moniker on Saturday, April 15 2006 @ 08:36 PM CEST
  • KeyMe2 - Authored by: TDC on Saturday, April 22 2006 @ 08:13 PM CEST
 Copyright © 2021 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.74 seconds