:0040DEB0 8B542404
mov edx, dword ptr [esp+04]
real serial
:0040DEB4 8B4C2408
mov ecx, dword ptr [esp+08]
our serial
* Possible Reference to Dialog: DialogID_0079,
CONTROL_ID:0003, "FtpWolf"
|
:0040DEB8 F7C203000000
test edx, 00000003
:0040DEBE 753C
jne 0040DEFC
better luck next time
* Referenced by a (U)nconditional or (C)onditional
Jump at Addresses:
|:0040DEEC(C), :0040DF16(C), :0040DF32(U)
|
:0040DEC0 8B02
mov eax, dword ptr [edx]
real serial to eax for compare
:0040DEC2 3A01
cmp al, byte ptr [ecx]
compare first number
:0040DEC4 752E
jne 0040DEF4
if wrong -see you
:0040DEC6 0AC0
or al, al
set flags
:0040DEC8 7426
je 0040DEF0
if it´s zero we´re done with the
compare good guy
:0040DECA 3A6101
cmp ah, byte ptr [ecx+01]
compare second number
:0040DECD 7525
jne 0040DEF4
if wrong -see you
:0040DECF 0AE4
or ah, ah
set flags
:0040DED1 741D
je 0040DEF0
if it´s zero we´re done with the compare good guy
:0040DED3 C1E810
shr eax, 10
get next two numbers of real serial
:0040DED6 3A4102
cmp al, byte ptr [ecx+02]
compare third number
:0040DED9 7519
jne 0040DEF4
if wrong -see you
:0040DEDB 0AC0
or al, al
set flags
:0040DEDD 7411
je 0040DEF0
if it´s zero we´re done with the
compare good guy
:0040DEDF 3A6103
cmp ah, byte ptr [ecx+03]
compare fourth number
:0040DEE2 7510
jne 0040DEF4
if wrong -see you
:0040DEE4 83C104
add ecx, 00000004
get next 4 numbers from input
:0040DEE7 83C204
add edx, 00000004
get next 4 numbers from real serial
:0040DEEA 0AE4
or ah, ah
set flags
:0040DEEC 75D2
jne 0040DEC0
finished if zero else jump back to test next
numbers
:0040DEEE 8BC0
mov eax, eax
useless
* Referenced by a (U)nconditional or (C)onditional
Jump at Addresses:
|:0040DEC8(C), :0040DED1(C), :0040DEDD(C), :0040DF0E(C),
:0040DF24(C)
|:0040DF2D(C)
|
:0040DEF0 33C0
xor eax, eax
:0040DEF2 C3
ret
:0040DEF3 90 nop
* Referenced by a (U)nconditional or (C)onditional
Jump at Addresses:
|:0040DEC4(C), :0040DECD(C), :0040DED9(C), :0040DEE2(C),
:0040DF09(C)
|:0040DF20(C), :0040DF29(C)
|
:0040DEF4 1BC0
sbb eax, eax
:0040DEF6 D1E0
shl eax, 1
:0040DEF8 40
inc eax
:0040DEF9 C3
ret
basic: registers are divided into higher and lowed registers. for example: eax is divided into eah eal ah al (h=high, l=low) which looks like
76 54 32 10 : ByteNo each of the four (eah,eal,ah,al) represents one
byte. (total:4 bytes = 32 bit)
| | |
|
eah | ah |
eal al
so if there´s a compare ah,byteptr[exc] the ByteNo 3&2 are
compared with the first two bytes of ecx (0&1)
Let´s look at the numbers to understand the whole thing a bit
better. I take an fictional input like 123456 and real serial 987654.
eax: 3938 3736 (9876)
ecx: 3132 3334 (1234)
cmp al,byte ptr [ecx] compares 36 with 34
cmp ah,byte ptr [ecx+01] compares 37 with 33
shr eax,10 this prepares
the next two numbers in ah,al
shr 39383736,10 ---------> 0000 3938
cmp al, byte prt[ecx+02] compares now (after the shift right) 38 with
32
cmp ah, byte ptr[ecx+03]compares now (after the shift right) 39 with
31
now 4 is added to both registers. this is obvious because after compering
4 characters we have to get the next ones by "shifting" the compared 4
away. why do we add 4 and not 10? With the help of one register we are
able to compare 4 charaters because one char needs 1 byte and one register
has 4 Bytes.