Thread: [ARMADILLO] 1 serial & 1 key - need input
View Single Post
  #2  
Old 02-17-2005, 13:14
Maltese
 
Posts: n/a
Well I found the solution to the 1st serial #. The Serial window actually uses the same routine that checks the serial# if it is from the registry.

Serial must be 17 chars (11h). If it is 17 chars then start check @ 44F70C

0044F70C MOV DL,BYTE PTR DS:[ESI+D]
0044F70F MOV AL,BYTE PTR DS:[ESI+10]
0044F712 MOV EDI,DWORD PTR DS:[<&msvcrt.atol>] ; msvcrt.atol
0044F718 LEA ECX,DWORD PTR SS:[ESP+14]
0044F71C PUSH ECX
0044F71D MOV BYTE PTR SS:[ESP+18],DL
0044F721 MOV BYTE PTR SS:[ESP+19],AL
0044F725 MOV BYTE PTR SS:[ESP+1A],0
0044F72A CALL EDI
0044F72C MOV DL,BYTE PTR DS:[ESI+8]
0044F72F MOV CL,BYTE PTR DS:[ESI+A]
0044F732 MOV BYTE PTR SS:[ESP+18],DL
0044F736 MOV DL,BYTE PTR DS:[ESI+B]
0044F739 MOV DWORD PTR SS:[ESP+10],EAX
0044F73D MOV AL,BYTE PTR DS:[ESI+F]
0044F740 MOV BYTE PTR SS:[ESP+1B],DL
0044F744 MOV BYTE PTR SS:[ESP+19],AL
0044F748 MOV AL,BYTE PTR DS:[ESI+5]
0044F74B MOV BYTE PTR SS:[ESP+1A],CL
0044F74F MOV CL,BYTE PTR DS:[ESI+6]
0044F752 LEA EDX,DWORD PTR SS:[ESP+18]
0044F756 PUSH EDX
0044F757 MOV BYTE PTR SS:[ESP+20],AL
0044F75B MOV BYTE PTR SS:[ESP+21],CL
0044F75F MOV BYTE PTR SS:[ESP+22],0
0044F764 CALL EDI
0044F766 ADD ESP,8
0044F769 XOR ECX,ECX
0044F76B MOV EAX,ESI
0044F76D MOV EDX,0D
J1:
0044F772 MOVSX EDI,BYTE PTR DS:[EAX]
0044F775 ADD ECX,EDI
0044F777 INC EAX
0044F778 DEC EDX
0044F779 JNZ SHORT 0044F772 (J1)

0044F77B MOVSX EAX,BYTE PTR DS:[ESI+E]
0044F77F MOVSX EDX,BYTE PTR DS:[ESI+F]
0044F783 ADD EDX,EAX
0044F785 ADD EDX,ECX
0044F787 MOVSX ECX,BYTE PTR DS:[ESI+7]
0044F78B SHL EDX,3
0044F78E OR EDX,ECX
0044F790 MOVSX ECX,BYTE PTR DS:[ESI+6]
0044F794 IMUL EDX,ECX
0044F797 OR EDX,EAX
0044F799 MOVSX EAX,BYTE PTR DS:[ESI+5]
0044F79D SUB EDX,EAX
0044F79F MOV DWORD PTR SS:[ESP+10],EDX
0044F7A3 FILD DWORD PTR SS:[ESP+10]
0044F7A7 FLD QWORD PTR DS:[489620]
0044F7AD CALL <JMP.&msvcrt._CIfmod>
0044F7B2 FILD DWORD PTR SS:[ESP+C]
0044F7B6 FCOMPP
0044F7B8 FSTSW AX
0044F7BA TEST AH,40
0044F7BD JNZ SHORT 0044F7CD (J2).... TAKE THIS JUMP IF VALID SERIAL
0044F7BF POP EDI
0044F7C0 POP ESI
0044F7C1 XOR EAX,EAX
0044F7C3 POP EBP
0044F7C4 ADD ESP,108
0044F7CA RETN 4
J2:
0044F7CD POP EDI
0044F7CE POP ESI
0044F7CF MOV EAX,1 ....... must be 1 = valid serial
0044F7D4 POP EBP
0044F7D5 ADD ESP,108
0044F7DB RETN 4

Now onto the key window....

Program is actually written in VB.... go figure.

Still need some ideas.

Thanks
Reply With Quote