Dark Heaven - Tutorial: Registrierung von GIF Construction Set Professional

Programm: 	GIF Construction Set Professional v2.0a
Beschreibung: 	GIF-Animator
Autor: 		(C) 1998 Alchemy Mindworks Inc.
Groesse: 	1.755.019 Bytes (GCSPRO.EXE)


Werkzeug: - W32DASM v8.93


1. Lade GIF CONSTRUCTION SET und anschlieend W32DASM.


2. Deassembliere GCSPRO.EXE ber [Debug/Attach to an Active Process].


3. Suche nun mittels [Refs/String Data References] nach der Fehlermeldung
   "Your name and registration number don't match" (String Resource ID=00267).
   Mit einem Doppelklick auf die Referenz wird die zugehrige Zeile im Listing
   angezeigt: 0044A3B0.

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0045A2AF(C), :0045A39C(C)
|
:0045A3A6 8B8570FFFFFF            mov eax, dword ptr [ebp+FFFFFF70] ; <- Sprung?
:0045A3AC 85C0                    test eax, eax
:0045A3AE 7533                    jne 0045A3E3

* Possible Reference to String Resource ID=00267: "Your name and registration
                                             number don't match. Please check "
                                  |
:0045A3B0 680B010000              push 0000010B          ; <- gefundene Referenz
:0045A3B5 E82A55FBFF              call 0040F8E4
:0045A3BA 59                      pop ecx
:0045A3BB 50                      push eax
:0045A3BC FF7508                  push [ebp+08]
:0045A3BF E8480DFDFF              call 0042B10C
:0045A3C4 83C408                  add esp, 00000008
:0045A3C7 33D2                    xor edx, edx
:0045A3C9 88157D514D00            mov byte ptr [004D517D], dl
:0045A3CF 881583524D00            mov byte ptr [004D5283], dl
:0045A3D5 EB0C                    jmp 0045A3E3


4. Um den Sprungbefehl zur Fehlermeldung zu finden, suchen wir mittels [Search/
   Find Text] nach der Adresse 0045A3A6.

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A1FA(C)
|
:0045A204 8B8D70FFFFFF            mov ecx, dword ptr [ebp+FFFFFF70]
:0045A20A 85C9                    test ecx, ecx
:0045A20C 0F8495000000            je 0045A2A7         ; <- Sprung zur Auswertung
:0045A212 33C0                    xor eax, eax
:0045A214 898560FFFFFF            mov dword ptr [ebp+FFFFFF60], eax
:0045A21A 898564FFFFFF            mov dword ptr [ebp+FFFFFF64], eax
:0045A220 EB34                    jmp 0045A256

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A264(C)
|
:0045A222 8B9564FFFFFF            mov edx, dword ptr [ebp+FFFFFF64]
:0045A228 33C9                    xor ecx, ecx
:0045A22A 8A8A7D514D00            mov cl, byte ptr [edx+004D517D]
:0045A230 51                      push ecx
:0045A231 E86E5A0700              call 004CFCA4
:0045A236 59                      pop ecx
:0045A237 8B9564FFFFFF            mov edx, dword ptr [ebp+FFFFFF64]
:0045A23D 83E207                  and edx, 00000007
:0045A240 33C9                    xor ecx, ecx
:0045A242 8A8AC15D4D00            mov cl, byte ptr [edx+004D5DC1]
:0045A248 33C1                    xor eax, ecx
:0045A24A 018560FFFFFF            add dword ptr [ebp+FFFFFF60], eax
:0045A250 FF8564FFFFFF            inc dword ptr [ebp+FFFFFF64]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A220(U)
|
:0045A256 8B8564FFFFFF            mov eax, dword ptr [ebp+FFFFFF64]
:0045A25C 8A807D514D00            mov al, byte ptr [eax+004D517D]
:0045A262 84C0                    test al, al
:0045A264 75BC                    jne 0045A222
:0045A266 8B8560FFFFFF            mov eax, dword ptr [ebp+FFFFFF60]

* Possible Reference to Dialog: ANIMATIONWIZARDBOX, CONTROL_ID:0064, "Welcome
                                                          to Animation Wizard.
"
                                  |
* Possible Reference to String Resource ID=00100: "Gif Construction Set 1.0a
Copyright  1995 Alchemy Mindworks"
                                  |
:0045A26C B964000000              mov ecx, 00000064
:0045A271 99                      cdq
:0045A272 F7F9                    idiv ecx
:0045A274 89956CFFFFFF            mov dword ptr [ebp+FFFFFF6C], edx
:0045A27A 8B856CFFFFFF            mov eax, dword ptr [ebp+FFFFFF6C]
:0045A280 85C0                    test eax, eax
:0045A282 7506                    jne 0045A28A
:0045A284 FF856CFFFFFF            inc dword ptr [ebp+FFFFFF6C]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A282(C)
|
:0045A28A 6889524D00              push 004D5289
:0045A28F E8C05D0700              call 004D0054
:0045A294 59                      pop ecx
:0045A295 8B956CFFFFFF            mov edx, dword ptr [ebp+FFFFFF6C]
:0045A29B 3BC2                    cmp eax, edx                ; <- 1. Breakpoint
:0045A29D 7408                    je 0045A2A7         ; <- Sprung zur Auswertung
:0045A29F 33C9                    xor ecx, ecx
:0045A2A1 898D70FFFFFF            mov dword ptr [ebp+FFFFFF70], ecx

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0045A20C(C), :0045A29D(C)
|
:0045A2A7 8B8570FFFFFF            mov eax, dword ptr [ebp+FFFFFF70] ; <- Sprung?
:0045A2AD 85C0                    test eax, eax
:0045A2AF 0F84F1000000            je 0045A3A6      ; <- Sprung zur Fehlermeldung
:0045A2B5 33D2                    xor edx, edx
:0045A2B7 899560FFFFFF            mov dword ptr [ebp+FFFFFF60], edx
:0045A2BD 33C9                    xor ecx, ecx
:0045A2BF 898D64FFFFFF            mov dword ptr [ebp+FFFFFF64], ecx
:0045A2C5 EB2F                    jmp 0045A2F6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A30F(C)
|
:0045A2C7 8B8564FFFFFF            mov eax, dword ptr [ebp+FFFFFF64]
:0045A2CD 8A9083524D00            mov dl, byte ptr [eax+004D5283]
:0045A2D3 8B8D64FFFFFF            mov ecx, dword ptr [ebp+FFFFFF64]
:0045A2D9 83E107                  and ecx, 00000007
:0045A2DC 8A81C15D4D00            mov al, byte ptr [ecx+004D5DC1]
:0045A2E2 32D0                    xor dl, al
:0045A2E4 81E2FF000000            and edx, 000000FF
:0045A2EA 019560FFFFFF            add dword ptr [ebp+FFFFFF60], edx
:0045A2F0 FF8564FFFFFF            inc dword ptr [ebp+FFFFFF64]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A2C5(U)
|
:0045A2F6 8B8D64FFFFFF            mov ecx, dword ptr [ebp+FFFFFF64]
:0045A2FC 8A8183524D00            mov al, byte ptr [ecx+004D5283]
:0045A302 84C0                    test al, al
:0045A304 740B                    je 0045A311
:0045A306 8B9564FFFFFF            mov edx, dword ptr [ebp+FFFFFF64]
:0045A30C 83FA05                  cmp edx, 00000005
:0045A30F 7CB6                    jl 0045A2C7

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A304(C)
|
:0045A311 33C9                    xor ecx, ecx
:0045A313 898D64FFFFFF            mov dword ptr [ebp+FFFFFF64], ecx
:0045A319 EB2F                    jmp 0045A34A

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A363(C)
|
:0045A31B 8B8564FFFFFF            mov eax, dword ptr [ebp+FFFFFF64]
:0045A321 8A908C524D00            mov dl, byte ptr [eax+004D528C]
:0045A327 8B8D64FFFFFF            mov ecx, dword ptr [ebp+FFFFFF64]
:0045A32D 83E107                  and ecx, 00000007
:0045A330 8A81C15D4D00            mov al, byte ptr [ecx+004D5DC1]
:0045A336 32D0                    xor dl, al
:0045A338 81E2FF000000            and edx, 000000FF
:0045A33E 019560FFFFFF            add dword ptr [ebp+FFFFFF60], edx
:0045A344 FF8564FFFFFF            inc dword ptr [ebp+FFFFFF64]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A319(U)
|
:0045A34A 8B8D64FFFFFF            mov ecx, dword ptr [ebp+FFFFFF64]
:0045A350 8A818C524D00            mov al, byte ptr [ecx+004D528C]
:0045A356 84C0                    test al, al
:0045A358 740B                    je 0045A365
:0045A35A 8B9564FFFFFF            mov edx, dword ptr [ebp+FFFFFF64]
:0045A360 83FA05                  cmp edx, 00000005
:0045A363 7CB6                    jl 0045A31B

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A358(C)
|
:0045A365 8B8560FFFFFF            mov eax, dword ptr [ebp+FFFFFF60]

* Possible Reference to Dialog: ANIMATIONWIZARDBOX, CONTROL_ID:0064, "Welcome
                                                          to Animation Wizard.
"
                                  |
* Possible Reference to String Resource ID=00100: "Gif Construction Set 1.0a
Copyright  1995 Alchemy Mindworks"
                                  |
:0045A36B B964000000              mov ecx, 00000064
:0045A370 99                      cdq
:0045A371 F7F9                    idiv ecx
:0045A373 899568FFFFFF            mov dword ptr [ebp+FFFFFF68], edx
:0045A379 8B8568FFFFFF            mov eax, dword ptr [ebp+FFFFFF68]
:0045A37F 85C0                    test eax, eax
:0045A381 7506                    jne 0045A389
:0045A383 FF8568FFFFFF            inc dword ptr [ebp+FFFFFF68]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0045A381(C)
|
:0045A389 6892524D00              push 004D5292
:0045A38E E8C15C0700              call 004D0054
:0045A393 59                      pop ecx
:0045A394 8B9568FFFFFF            mov edx, dword ptr [ebp+FFFFFF68]
:0045A39A 3BC2                    cmp eax, edx         ; <- 2. Breakpoint setzen
:0045A39C 7408                    je 0045A3A6      ; <- Sprung zur Fehlermeldung
:0045A39E 33C9                    xor ecx, ecx
:0045A3A0 898D70FFFFFF            mov dword ptr [ebp+FFFFFF70], ecx


5. Wir finden den Sprungbefehl zur Fehlermeldung (je 0045A3A6) in den Zeilen
   0045A2AF und 0045A39C. Auf den darberstehenden Vergleich setzen wir mittels
   [F2] einen Breakpoint (2. Breakpoint).

   Leider erfolgt der Abbruch schon etwas vorher und wir mssen noch einen
   Breakpoint setzen. Wir suchen also die Sprungbefehle zur Zeile 0045A2A7.
   Diese finden wir bei 0045A20C und 0045A29D (je 0045A2A7). Auf den darber-
   stehenden Vergleich (cmp eax, edx) setzen wir auch einen Breakpoint (1. BP).


6. Jetzt wechseln wir zu GIF CONSTRUCTION SET und geben beliebige Registrier-
   daten ein.

   z.B. Registration name: Dark Heaven
        Registration code: 12345-66-54321-77 ( Format ist gegeben )


7. Nach der Eingabebesttigung wird W32DASM beim 1. Breakpoint aktiv und wir
   knnen uns den Inhalt der einzelnen Register des Vergleichs anschauen.

   EAX = 46 (hex) = 66 (dez) = 1. Zweisteller unseres Codes
   EDX = 4A (hex) = 74 (dez) = 1. gesuchter Zweisteller des Codes

   Wir geben den genderten Code im GIF CONSTRUCTION SET ein: 12345-74-54321-77.

   Beim 1. Breakpoint knnen wir diesmal eine bereinstimmung der Werte fest-
   stellen. Wir setzen das Programm mit [F7], [F9] fort und gelangen zum 2.
   Breakpoint:

   EAX = 4D (hex) = 77 (dez) = 2. Zweisteller unseres Codes
   EDX = 0E (hex) = 14 (dez) = 2. gesuchter Zweisteller des Codes

   Somit ergibt sich der genderte Code: 12345-74-54321-14.


8. Mit dem gefundenen Code knnen wir nun GIF CONSTRUCTION SET registrieren.
   Leider erhalten wir keine Erfolgsmeldung, jedoch wird unser Name im Dialog-
   fenster [Help/About] angezeigt.

   z.B. Registration name: Dark Heaven
        Registration code: 12345-74-54321-14


9. Nach der Registrierung fgt der GIF CONSTRUCTION SET folgende Zeilen in die
   Datei GCSPRO.INI im Windows-Verzeichnis hinzu:

   RegistrationCode = Ђ]]Ӊ]Љ
   RegistrationName = #+3#<31



Viel Spa beim CRACKEN!
Dark Heaven
06.03.1999


