Analyzes:
DoKey.inc:
DoKey proto :DWORD
chr$ MACRO any_text:VARARG
LOCAL txtname
.data
txtname db any_text,0
.code
EXITM <OFFSET txtname>
ENDM
.CONST
IDC_NAME equ 1001
IDC_CODE equ 1002
szBufSize equ 256
.data
szFormat db "%u",00
szNameLen dd ?
szName db szBufSize dup(0)
szSerial1 db szBufSize dup(0)
szSerial2 db szBufSize dup(0)
szSerial3 db szBufSize dup(0)
.code
DoKey proc hWnd:DWORD
invoke GetDlgItemText,hWnd,IDC_NAME,addr szName,szBufSize
MOV szNameLen,EAX
.if eax == 0
invoke SetDlgItemText,hWnd,IDC_CODE,chr$("there is no name")
.elseif eax > 45
invoke SetDlgItemText,hWnd,IDC_CODE,chr$("name too long")
.elseif eax < 3
invoke SetDlgItemText,hWnd,IDC_CODE,chr$("name too short")
.elseif
MOV ESI,offset szName
MOV EDI,offset szSerial1
MOV ECX,szNameLen
XOR EAX,EAX
MOV EDX,040h
@lp0x1:
MOV AL,BYTE PTR DS:[ESI]
XOR EAX,EDX
MOV BYTE PTR DS:[EDI],AL
INC ESI
INC EDI
DEC ECX
JNZ @lp0x1
XOR EDX,EDX
XOR EAX,EAX
MOV ESI,offset szSerial1
MOV EDI,offset szSerial2
MOV ECX,szNameLen
MOV DL,BYTE PTR DS:[szName]
@lp0x2:
MOV AL,BYTE PTR DS:[ESI]
IMUL EAX,EDX
ADD EAX,EDX
ROL EAX,4
XOR EAX,14h
ROR EAX,4
MOV BYTE PTR DS:[EDI],AL
INC ESI
INC EDI
DEC ECX
JNZ @lp0x2
XOR EAX,DWORD PTR DS:[szSerial2]
invoke wsprintf,addr szSerial3,addr szFormat,eax
invoke SetDlgItemText,hWnd,IDC_CODE,addr szSerial3
invoke RtlZeroMemory,addr szSerial1,szBufSize
invoke RtlZeroMemory,addr szSerial2,szBufSize
invoke RtlZeroMemory,addr szSerial3,szBufSize
.endif
RET
DoKey endp
Download: Keygen4qptekm1.rar
thanks for the solution mate :)
RépondreSupprimer-qpt
Simply, that's the most great explanation of the algorithm for a keygen program :)
RépondreSupprimerKeep up the good work !
Jacky