View Full Version : help on delphi
m.albert
September 9th, 2002, 21:55
Hi I'm looking for the serial number check part of a program written in Delphi.
It seems to me looking at the section below that I'm not too far from the target. Each digit of the entered serial is compared with 20.
What do you think?
Should I explore close to this?
Thanks and Regards
Michael
* Reference to: system.@LStrLen:Integer;
| or: system.@DynArrayLength;
| or: system.DynArraySize(Pointer):Integer;
|
00409ADE E86DA7FFFF call 00404250
00409AE3 8BF0 mov esi, eax
00409AE5 BB01000000 mov ebx, $00000001
00409AEA EB01 jmp 00409AED
00409AEC 43 inc ebx
00409AED 3BF3 cmp esi, ebx
00409AEF 7C07 jl 00409AF8
00409AF1 807C1FFF20 cmp byte ptr [edi+ebx-$01], $20
00409AF6 76F4 jbe 00409AEC
00409AF8 3BF3 cmp esi, ebx
00409AFA 7D0A jnl 00409B06
00409AFC 8BC5 mov eax, ebp
* Reference to: system.@LStrClr(String);
|
00409AFE E8BDA4FFFF call 00403FC0
00409B03 EB17 jmp 00409B1C
00409B05 4E dec esi
00409B06 807C37FF20 cmp byte ptr [edi+esi-$01], $20
00409B0B 76F8 jbe 00409B05
00409B0D 55 push ebp
00409B0E 8BCE mov ecx, esi
00409B10 2BCB sub ecx, ebx
00409B12 41 inc ecx
00409B13 8BD3 mov edx, ebx
00409B15 8BC7 mov eax, edi
* Reference to: system.@LStrCopy;
|
00409B17 E83CA9FFFF call 00404458
00409B1C 5D pop ebp
00409B1D 5F pop edi
00409B1E 5E pop esi
00409B1F 5B pop ebx
00409B20 C3 ret
naides
September 10th, 2002, 04:16
Quote:
Originally posted by m.albert
Hi I'm looking for the serial number check part of a program written in Delphi.
It seems to me looking at the section below that I'm not too far from the target. Each digit of the entered serial is compared with 20.
What do you think?
Should I explore close to this?
Thanks and Regards
Michael
* Reference to: system.@LStrLen:Integer;
| or: system.@DynArrayLength;
| or: system.DynArraySize(Pointer):Integer;
|
00409ADE E86DA7FFFF call 00404250
00409AE3 8BF0 mov esi, eax
00409AE5 BB01000000 mov ebx, $00000001
00409AEA EB01 jmp 00409AED
00409AEC 43 inc ebx
00409AED 3BF3 cmp esi, ebx
00409AEF 7C07 jl 00409AF8
00409AF1 807C1FFF20 cmp byte ptr [edi+ebx-$01], $20
00409AF6 76F4 jbe 00409AEC
00409AF8 3BF3 cmp esi, ebx
00409AFA 7D0A jnl 00409B06
00409AFC 8BC5 mov eax, ebp
* Reference to: system.@LStrClr(String);
|
00409AFE E8BDA4FFFF call 00403FC0
00409B03 EB17 jmp 00409B1C
00409B05 4E dec esi
00409B06 807C37FF20 cmp byte ptr [edi+esi-$01], $20
00409B0B 76F8 jbe 00409B05
00409B0D 55 push ebp
00409B0E 8BCE mov ecx, esi
00409B10 2BCB sub ecx, ebx
00409B12 41 inc ecx
00409B13 8BD3 mov edx, ebx
00409B15 8BC7 mov eax, edi
* Reference to: system.@LStrCopy;
|
00409B17 E83CA9FFFF call 00404458
00409B1C 5D pop ebp
00409B1D 5F pop edi
00409B1E 5E pop esi
00409B1F 5B pop ebx
00409B20 C3 ret |
Smells to me that this code is scanning the string pointed by edi for control characters, with a value of 20 or less. when it finds them, it ignores them and continue with the next. if the char is above 20, ie, printable, does one more check and appears to copy it into the address contained in ebp.
I think it is getting rid of non printable chars. you are cold, but getting warm
m.albert
September 10th, 2002, 19:32
Which of the following sections is most likely to contain the check routine for the serial?
Thanks
Michael
|* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
|* Reference to: system.@LStrAsg;|
* Reference to: system.TObject.Free(TObject);
* Possible String Reference to: 'ŠEÿ[‹å]ËÀU‹ì3ÀUh?H^'
|
* Reference to: system.@LStrClr(String);
|
* Reference to: system.@LStrClr(String);
Manko
September 10th, 2002, 21:46
Quote:
Originally posted by m.albert
Hi I'm looking for the serial number check part of a program written in Delphi.
It seems to me looking at the section below that I'm not too far from the target. Each digit of the entered serial is compared with 20.
What do you think?
Should I explore close to this?
Thanks and Regards
Michael
|
Hi, Michael!
Why don't you just break on some adress from that listing and find out for your self if it's checking your serial?
If so, just follow it and see what you can find!
Have you already checked the code when you press ok in the regform or the code when you call upp the regform?
That is, disassemble in dede and get a good adress to trace from in sice...
Usually you can follow it sucessfully from those.
//Manko
m.albert
September 10th, 2002, 21:49
I would like to use ollydbg instead of softice is that OK do you think?
Manko
September 10th, 2002, 21:52
Quote:
Originally posted by m.albert
Which of the following sections is most likely to contain the check routine for the serial?
Thanks
Michael
|* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
|* Reference to: system.@LStrAsg;|
* Reference to: system.TObject.Free(TObject);
* Possible String Reference to: 'ŠEÿ[‹å]ËÀU‹ì3ÀUh?H^'
|
* Reference to: system.@LStrClr(String);
|
* Reference to: system.@LStrClr(String); |
Those are not sections, those are calls.
Taken out of context like that, they mean next to nothing to me...
(So why do I bother answering...:P)
Please include more code and tell us how you got that code...
From what form and what button or was it a call further in from souch a point or did you trace in after having exported the symbols from dede?
There's just not very much info to go on.
//Manko
stealthFIGHTER
September 11th, 2002, 00:36
|* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
Trim trims leading and trailing spaces and control characters from the given string. (useful)
|* Reference to: system.@LStrAsg;|
Assign a string.
* Reference to: system.TObject.Free(TObject);
useless
* Possible String Reference to: 'ŠEÿ[‹å]ËÀU‹ì3ÀUh?H^'
useless
* Reference to: system.@LStrClr(String);
Clear a string.
m.albert
September 11th, 2002, 22:18
here are the sections which look interesting.
Which one do you think I should focus on?
Thanks
Michael
* Reference to: controls.TControl.GetText(TControl):System.String;
|
005E47F2 E8F53DE5FF call 004385EC
005E47F7 8B45F0 mov eax, [ebp-$10]
005E47FA 8D55F4 lea edx, [ebp-$0C]
* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
|
005E47FD E8D252E2FF call 00409AD4
005E4802 8B55F4 mov edx, [ebp-$0C]
005E4805 8BC3 mov eax, ebx
* Reference to: system.@LStrAsg;
|
005E4807 E808F8E1FF call 00404014
005E480C C645FF01 mov byte ptr [ebp-$01], $01
005E4810 33C0 xor eax, eax
005E4812 5A pop edx
005E4813 59 pop ecx
005E4814 59 pop ecx
005E4815 648910 mov fs:[eax], edx
****** FINALLY
|
005E4818 682D485E00 push $005E482D
005E481D 8B45F8 mov eax, [ebp-$08]
* Reference to: system.TObject.Free(TObject);
|
005E4820 E857E9E1FF call 0040317C
005E4825 C3 ret
005E4826 E9B1F0E1FF jmp 004038DC
005E482B EBF0 jmp 005E481D
****** END
|
005E482D 33C0 xor eax, eax
005E482F 5A pop edx
005E4830 59 pop ecx
005E4831 59 pop ecx
005E4832 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: 'ŠEÿ[‹å]ËÀU‹ì3ÀUh?H^'
|
005E4835 6852485E00 push $005E4852
005E483A 8D45F0 lea eax, [ebp-$10]
* Reference to: system.@LStrClr(String);
|
005E483D E87EF7E1FF call 00403FC0
005E4842 8D45F4 lea eax, [ebp-$0C]
* Reference to: system.@LStrClr(String);
|
005E4845 E876F7E1FF call 00403FC0
005E484A C3 ret
005E484B E98CF0E1FF jmp 004038DC
005E4850 EBE8 jmp 005E483A
****** END
|
005E4852 8A45FF mov al, byte ptr [ebp-$01]
005E4855 5B pop ebx
005E4856 8BE5 mov esp, ebp
005E4858 5D pop ebp
005E4859 C3 ret
stealthFIGHTER
September 11th, 2002, 22:40
Hello m.albert,
I can't see any important routine here... (except first two)
But try to concentrate on the first two routines...
* Reference to: controls.TControl.GetText(TControl):System.String;
|
005E47F2 E8F53DE5FF call 004385EC
005E47F7 8B45F0 mov eax, [ebp-$10]
005E47FA 8D55F4 lea edx, [ebp-$0C]
Program reads the input string (serial) probably from TEdit.
(input := TEdit1.text)
* Reference to: sysutils.Trim(System.AnsiString):System.AnsiString;
|
005E47FD E8D252E2FF call 00409AD4
005E4802 8B55F4 mov edx, [ebp-$0C]
005E4805 8BC3 mov eax, ebx
Trim trims leading and trailing spaces and control characters from the given string
(input := Trim(input))
* Reference to: system.@LStrAsg;
|
005E4807 E808F8E1FF call 00404014
005E480C C645FF01 mov byte ptr [ebp-$01], $01
005E4810 33C0 xor eax, eax
005E4812 5A pop edx
005E4813 59 pop ecx
005E4814 59 pop ecx
005E4815 648910 mov fs:[eax], edx
Nothing with your input/serial.
****** FINALLY
|
005E4818 682D485E00 push $005E482D
005E481D 8B45F8 mov eax, [ebp-$08]
* Reference to: system.TObject.Free(TObject);
|
005E4820 E857E9E1FF call 0040317C
005E4825 C3 ret
005E4826 E9B1F0E1FF jmp 004038DC
005E482B EBF0 jmp 005E481D
Nothing with your input/serial (usually).
****** END
|
005E482D 33C0 xor eax, eax
005E482F 5A pop edx
005E4830 59 pop ecx
005E4831 59 pop ecx
005E4832 648910 mov fs:[eax], edx
****** FINALLY
Nothing with your input/serial (usually).
* Possible String Reference to: 'ŠEÿ[‹å]ËÀU‹ì3ÀUh?H^'
|
005E4835 6852485E00 push $005E4852
005E483A 8D45F0 lea eax, [ebp-$10]
* Reference to: system.@LStrClr(String);
|
005E483D E87EF7E1FF call 00403FC0
005E4842 8D45F4 lea eax, [ebp-$0C]
* Reference to: system.@LStrClr(String);
|
005E4845 E876F7E1FF call 00403FC0
005E484A C3 ret
005E484B E98CF0E1FF jmp 004038DC
005E4850 EBE8 jmp 005E483A
****** END
|
005E4852 8A45FF mov al, byte ptr [ebp-$01]
005E4855 5B pop ebx
005E4856 8BE5 mov esp, ebp
005E4858 5D pop ebp
005E4859 C3 ret
Nothing with your input/serial.
As you can see there are ONLY system (SysUtils, SysInit, Windows units) functions that Delphi uses.
sF
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.