![]() | |
Re: Re: Re: Re: Re: Simple solution Wednesday, 03-Feb-99 16:39:12
Hi Joseph OK. 10h , 11h Right we are talking about the same thing. I agree and disagree with you and here are why. Since the program checks for a zero-generated key something will need to be in that byte otherwise we will need to alter 4010AB I am bypassing the routine not in the sense that I jump over it When I NOP 401207 I cause eax = 1 therefore pass the comparison. Therefore regardless of what key is generated elsewhere at the second pass at call 401116 and the call at 4011C1, it will not be used, because whether the CMP at 401205 is good or not it will not jump. So the key is not used. Whether it generates a serial or not it will pass, therefore the routine becomes invalid and equal to not being used (therefore bypassed) I went over your analysis as you mentioned, I had briefly run through it but not read it before. We are actually doing the same thing (Step7) You added another 16 bytes and put your name in hex at location 402072 When you push that location at 4010CC you are pushing your unencrypted name into the "cracked by" box (I know it does not push directly but it amounts to that.) So any manipulation of the key generated name above is useless as you do not use it . Ps Your analysis is somewhat difficult to follow in places Ex: in step 7 after the .dat file listing Change 00401038 from 30 to 40 (should be 00401037) Change location 004010CD from 4B to 72 (should be 004010CC) But aside from that, Great job Regards Princess Princess |
Princess's Tread (Princess) (29-Jan-99 15:08:40) |
|
Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.