004213C5 83EC08 sub esp, 00000008 :004213C8 53 push ebx :004213C9 56 push esi :004213CA 57 push edi :004213CB 8BF9 mov edi, ecx :004213CD 6A01 push 00000001 * Reference To: MFC42.Ordinal:18BE, Ord:18BEh | :004213CF E8BA1D0200 Call 0044318E :004213D4 8B4764 mov eax, dword ptr [edi+64] :004213D7 8D5F64 lea ebx, dword ptr [edi+64] :004213DA 8B48F8 mov ecx, dword ptr [eax-08] :004213DD 85C9 test ecx, ecx < Kiểm tra Name nhập vào Nếu name bằng rỗng thì :004213DF 7520 jne 00421401 < Nhảy đến nag "Please enter User name!" :004213E1 6A00 push 00000000 :004213E3 6A00 push 00000000 * Possible StringData Ref from Data Obj ->"Please enter User name!" | :004213E5 68FC054600 push 004605FC * Reference To: MFC42.Ordinal:04B0, Ord:04B0h | :004213EA E8E91E0200 Call 004432D8 :004213EF 8B4C2414 mov ecx, dword ptr [esp+14] :004213F3 64890D00000000 mov dword ptr fs:[00000000], ecx :004213FA 5F pop edi :004213FB 5E pop esi :004213FC 5B pop ebx :004213FD 83C414 add esp, 00000014 :00421400 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004213DF(C) | :00421401 8B4F60 mov ecx, dword ptr [edi+60] :00421404 8D7760 lea esi, dword ptr [edi+60] :00421407 8B41F8 mov eax, dword ptr [ecx-08] :0042140A 85C0 test eax, eax < Kiểm tra Reg Code nhập vào Nếu Reg Code bằng rỗng thì :0042140C 751E jne 0042142C < Nhảy đến nag "Wrong Registration Code!" :0042140E 50 push eax :0042140F 50 push eax * Possible StringData Ref from Data Obj ->"Please enter Registration Code!" | :00421410 68DC054600 push 004605DC * Reference To: MFC42.Ordinal:04B0, Ord:04B0h | :00421415 E8BE1E0200 Call 004432D8 :0042141A 8B4C2414 mov ecx, dword ptr [esp+14] :0042141E 64890D00000000 mov dword ptr fs:[00000000], ecx :00421425 5F pop edi :00421426 5E pop esi :00421427 5B pop ebx :00421428 83C414 add esp, 00000014 :0042142B C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0042140C(C) | :0042142C 83F82C cmp eax, 0000002C < So sánh name nhập vào phải bằng 2C (44 ký tự) :0042142F 7D20 jge 00421451< Nhảy đến nag "Wrong Registration Code!" :00421431 6A00 push 00000000 :00421433 6A00 push 00000000 * Possible StringData Ref from Data Obj ->"Wrong Registration Code!" | :00421435 68C0054600 push 004605C0 * Reference To: MFC42.Ordinal:04B0, Ord:04B0h | :0042143A E8991E0200 Call 004432D8 :0042143F 8B4C2414 mov ecx, dword ptr [esp+14] :00421443 64890D00000000 mov dword ptr fs:[00000000], ecx :0042144A 5F pop edi :0042144B 5E pop esi :0042144C 5B pop ebx :0042144D 83C414 add esp, 00000014 :00421450 C3 ret * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0042142F(C) | :00421451 51 push ecx :00421452 8BCC mov ecx, esp :00421454 89642410 mov dword ptr [esp+10], esp :00421458 56 push esi * Reference To: MFC42.Ordinal:0217, Ord:0217h | :00421459 E8E41D0200 Call 00443242 :0042145E E86D880100 call 00439CD0 :00421463 83C404 add esp, 00000004 :00421466 85C0 test eax, eax :00421468 743D je 004214A7 :0042146A 51 push ecx :0042146B 8BCC mov ecx, esp :0042146D 89642410 mov dword ptr [esp+10], esp :00421471 56 push esi * Reference To: MFC42.Ordinal:0217, Ord:0217h | :00421472 E8CB1D0200 Call 00443242 :00421477 51 push ecx :00421478 C744242400000000 mov [esp+24], 00000000 :00421480 8BCC mov ecx, esp :00421482 89642418 mov dword ptr [esp+18], esp :00421486 53 push ebx * Reference To: MFC42.Ordinal:0217, Ord:0217h | :00421487 E8B61D0200 Call 00443242 :0042148C C7442424FFFFFFFF mov [esp+24], FFFFFFFF :00421494 E8E78B0100 call 0043A080 :00421499 83C408 add esp, 00000008 :0042149C 6A00 push 00000000 :0042149E 6A00 push 00000000 * Possible StringData Ref from Data Obj ->"Congratulation! You have registered " ->"FlashKeeper successfully!" | :004214A0 6880054600 push 00460580 :004214A5 EB09 jmp 004214B0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00421468(C) | :004214A7 6A00 push 00000000 :004214A9 6A00 push 00000000 * Possible StringData Ref from Data Obj ->"Wrong Registration Code!" | :004214AB 68C0054600 push 004605C0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004214A5(U) | * Reference To: MFC42.Ordinal:04B0, Ord:04B0h | :004214B0 E8231E0200 Call 004432D8 :004214B5 8B17 mov edx, dword ptr [edi] :004214B7 8BCF mov ecx, edi :004214B9 FF92CC000000 call dword ptr [edx+000000CC] :004214BF 8B4C2414 mov ecx, dword ptr [esp+14] :004214C3 5F pop edi :004214C4 5E pop esi :004214C5 64890D00000000 mov dword ptr fs:[00000000], ecx :004214CC 5B pop ebx :004214CD 83C414 add esp, 00000014 :004214D0 C3 ret [/code] Đây chính là nguyên đoạn mã dùng để mã hoá và kiểm tra Name và Reg Code. Như vậy chúng ta biết rằng Name nhập vô phải bằng 44 ký tự (có 4 ký tự "-") có dạng . E8B61D0 200 Call 00 443242 :00 4 214 8C C7442424FFFFFFFF mov [esp+24], FFFFFFFF :00 4 214 94 E8E78B 01 0 0 call 00 43A0 80 :00 4 214 99 83C 408 add esp, 00 000 008 :00 4 214 9C 6A 00 push 00 000 000 :00 4 214 9E 6A 00. MFC42.Ordinal :04 B0, Ord :04 B0h | :00 4 214 3A E8991E0 200 Call 00 4432D8 :00 4 214 3F 8B4C2 414 mov ecx, dword ptr [esp +14 ] :00 4 214 43 64890D 000 000 00 mov dword ptr fs: [00 000 000 ], ecx :00 4 214 4A 5F pop edi :00 4 214 4B. [esp +14 ] :00 4 214 C3 5F pop edi :00 4 214 C4 5E pop esi :00 4 214 C5 64890D 000 000 00 mov dword ptr fs: [00 000 000 ], ecx :00 4 214 CC 5B pop ebx :00 4 214 CD 83C 414 add esp, 00 000 01 4 :00 4 214 D0 C3 ret [/code]