Hi, after debugging this vb application, I was able to locate the "check if registered" routine, the program uses online registration and once it receives the server's good boy response, it writes the used serial to the registry here:
HKEY_Local_Machine/Software/TargetName
The key that holds the serial is RegKey= 123456789123456789123456;
the key's length has to be 24.
Now, if I enter a bogus key, the program uses this routine to check it out, I am unable to understand it and what it is supposed to return when registration is valid. I know what jumps to reverse but I think it is storing some variables elsewhere that prevent the program from working normally.
I need help in understanding the valid key check hereafter:
Code:
Public Sub unknown_47B730
loc_47B678: FLdRfVar var_BC
loc_47B67B: LitVarI4
loc_47B683: LitStr "RegKey"
loc_47B686: FStStrCopy var_98
loc_47B689: FLdRfVar var_98
loc_47B68C: LitStr "Software\TargetName"
loc_47B68F: FStStrCopy var_94
loc_47B692: FLdRfVar var_94
loc_47B695: LitI4 -2147483646// WHAT IS THIS FOR?
loc_47B69A: CStrI4 // What DOES THIS DO?
loc_47B69C: PopTmpLdAdStr
loc_47B6A0: ImpAdLdRf unk_419ECB
loc_47B6A3: NewIfNullPr
loc_47B6A6: Me.HeightSet
loc_47B6AB: FLdZeroAd var_BC
loc_47B6AE: FStStr var_8C
loc_47B6BD: LitI2_Byte 0
loc_47B6BF: FStI2 var_86
loc_47B6C2: ILdRf var_8C
loc_47B6C5: FnLenStr
loc_47B6C6: LitI4 24 <------------- is the serial's length 24?
loc_47B6CB: NeI4
loc_47B6CC: BranchF loc_47B6D7 <-----------jump to bad boy if not
loc_47B6CF: LitI2_Byte 255 //WHAT IS THIS variable's function?
loc_47B6D1: FStI2 var_86
loc_47B6D4: Branch loc_47B72D
loc_47B6D7: ' Referenced from: 47B6CC
loc_47B6D7: ILdRf var_8C
loc_47B6DA: ImpAdLdPr unk_419ECE
loc_47B6DD: MemStStrCopy
loc_47B6E1: FLdRfVar var_BC
loc_47B6E4: LitVarI2 var_B8, 63
loc_47B6E9: LitStr "User Name" // User Name is the name you enter as user
loc_47B6EC: FStStrCopy var_98
loc_47B6EF: FLdRfVar var_98
loc_47B6F2: LitStr "Software\TargetName"
loc_47B6F5: FStStrCopy var_94
loc_47B6F8: FLdRfVar var_94
loc_47B6FB: LitI4 -2147483646 // Here it is again...
loc_47B700: CStrI4
loc_47B702: PopTmpLdAdStr
loc_47B706: ImpAdLdRf unk_419ECB
loc_47B709: NewIfNullPr
loc_47B70C: Me.HeightSet
loc_47B711: FLdZeroAd var_BC
loc_47B714: FStStr var_8C
loc_47B723: ILdRf var_8C
loc_47B726: ImpAdLdPr unk_419ECE
loc_47B729: MemStStrCopy
loc_47B72D: ' Referenced from: 47B6D4
loc_47B72D: ExitProcI2
loc_47B72E: LargeBos loc_47B732 'Ignore this
End Sub
I have tried finding some explanation about these mnemonics but I could not find all what I need.
Any help is appreciated.