Microslave's Thread (managed to unzip) Tuesday, 09-Feb-99 12:02:37
Using bpx getdlgitemtexta if found out, that the 'Incorrect Password...' message is called at location 004011E2. Using win32dasm it was easy to find out where this location is called from -> 00403C1B Inspecting all jumps before 00403C1B I found out that just a few of them are leading to a position after 00403C1B When reaching 00403C87 the file will be unzipped ! (I set eax=00 at location 00403BA4 and whom.....). So I would suggest to look after the right password in :00403B9F E84CDBFFFF call 004016F0 :00403BB1 E860D6FFFF call 00401216 :00403BBE E8F8DBFFFF call 004017BB :00403BCB E8EEDDFFFF call 004019BE :00403B96 833DF878400000 cmp dword ptr [004078F8], 00000000 :00403B9D 7539 jne 00403BD8 :00403B9F E84CDBFFFF call 004016F0 :00403BA4 85C0 test eax, eax :00403BA6 0F84DB000000 je 00403C87 <-!!!!!! :00403BAC 6880854000 push 00408580 :00403BB1 E860D6FFFF call 00401216 :00403BB6 85C0 test eax, eax :00403BB8 0F85C9000000 jne 00403C87 :00403BBE E8F8DBFFFF call 004017BB :00403BC3 85C0 test eax, eax :00403BC5 0F84BC000000 je 00403C87 :00403BCB E8EEDDFFFF call 004019BE :00403BD0 85C0 test eax, eax :00403BD2 0F84AF000000 je 00403C87 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403B9D(C) | :00403BD8 833D0879400000 cmp dword ptr [00407908], 00000000 :00403BDF 744E je 00403C2F :00403BE1 E865160000 call 0040524B :00403BE6 85C0 test eax, eax :00403BE8 7545 jne 00403C2F :00403BEA 833D1079400000 cmp dword ptr [00407910], 00000000 :00403BF1 6880854000 push 00408580 :00403BF6 7504 jne 00403BFC :00403BF8 6A05 push 00000005 :00403BFA EB02 jmp 00403BFE * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403BF6(C) | :00403BFC 6A06 push 00000006 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403BFA(U) | :00403BFE E878D4FFFF call 0040107B :00403C03 50 push eax :00403C04 8D8DD4FEFFFF lea ecx, dword ptr [ebp+FFFFFED4] :00403C0A 51 push ecx * Reference To: USER32.wsprintfA, Ord:0262h | :00403C0B FF1598934000 Call dword ptr [00409398] :00403C11 83C40C add esp, 0000000C :00403C14 8D85D4FEFFFF lea eax, dword ptr [ebp+FFFFFED4] :00403C1A 50 push eax :00403C1B E8C2D5FFFF call 004011E2 <- The End Ok, that's it for this time...... Microslave |
Microslave's Thread (managed to unzip) (Microslave) (09-Feb-99 12:02:37) |