In the executable provided in chapter 6 of Lena's tutorials I see the following code which is responsible of setting the variable that will be used for checking if the app is registered or not:
Code:
; AL contains 0 from a previous call to a custom function,
; which is the one that checks if the app is registered or not.
005C2BF6 . 8B15 8CEB6000 MOV EDX,DWORD PTR DS:[60EB8C]
005C2BFC . 8802 MOV BYTE PTR DS:[EDX],AL
005C2BFE . A1 8CEB6000 MOV EAX,DWORD PTR DS:[60EB8C]
005C2C03 . 8038 00 CMP BYTE PTR DS:[EAX],0
005C2C06 . 75 0D JNZ SHORT pcsurgeo.005C2C15
005C2C08 . E8 6307EEFF CALL pcsurgeo.004A3370
After that code the pointer at 60EB8C is checked several times to make decisions on to whether to display register messages/buttons or not.
In the tutorial file I see Lena changing this:
Code:
005C2C03 . 8038 00 CMP BYTE PTR DS:[EAX],0
005C2C06 . 75 0D JNZ SHORT pcsurgeo.005C2C15
to this:
Code:
005C2C03 . 8038 00 MOV BYTE PTR DS:[EAX],1
005C2C06 . 75 0D JMP SHORT pcsurgeo.005C2C15
So i thought that i could achieve the same by fixing the MOV that is before those two lines like this:
Code:
005C2BFC . 8802 MOV BYTE PTR DS:[EDX],1 ; Force it to be 1
But as soon as i do that the whole code changes to this:
Code:
005C2BF6 . 8B15 8CEB6000 MOV EDX,DWORD PTR DS:[60EB8C]
005C2BFC C602 01 MOV BYTE PTR DS:[EDX],1 ; Changed line
005C2BFF 8CEB MOV BX,GS ; automatically added
005C2C01 60 PUSHAD ; automatically added
005C2C02 0080 3800750D ADD BYTE PTR DS:[EAX+D750038],AL
Can somebody explain me why does that happen?