Bahasa

Sabtu, 24 Desember 2011

Cara Membuat game sederhana menggunakan Greenfoot


Ada banyak software atau aplikasi untuk membuat game, namun yang kali ini membahas tentang aplikasi Greenfoot, salah satu aplikasi pembuat game sederhana berbasis Java.
Langkah pertama ialah klik new di menu Scenario:

Buat game sesuai sekenario game yang dibuat misalkan petualangan si boy. dalam game ini berskenario terdapat seorang jagoan yang ingin menyelamatkan putri yang ditawan oleh penjahat dan game ini akan berakhir apabila si jagoan berhasil menyelamatkan putri dari tawanan penjahat .
Buat Base awal berupa Lokasi game berlangsung. untuk membuat dunia dimana game ini berlangsung klik new sub class di bagian world lalu akan tampil dialog seperti dibawah ini :
Kemudian beri nama untuk class world ini misal beri nama dengan class ” dunia” dan pilih background untuk dunianya . setelah itu beri ukuran dunia ini tempat game berlangsung pada sub class dunia yang telah dibuat.Ukuran dunia nya berbasis sumbu, sumbu X untuk horizontal, dan sumbu Y untuk vertikal.
Misalnya kita buat ‘dunia’ nya ber ukuran 200X100, dengan ukuran 3 pixel pergambar.
Lalu kita buat codingnya



Pertama klik di subclass ‘dunia’ nya, lalu klik open editor
Kita buat (200,100,5)
200 adalah lebar ‘dunia’ nya
100 adalah tinggi ‘dunia’nya
5 adalah ukuran piksel pergambarnya.
Setelah memasukkan codingnya, klik compile atau tekan tombol ctrl dengan k. jika sukses tampilannya akan seperti ini

Setelah itu kita buat si musuh, pertama klik ikon actor lalu pilih pilihan new subclass. subclass musuh ini kita beri nama snake. Lalu kita pilih gambar untuk si snake, setelah kita beri nama klik ok.
Sekarang kita buat si snake bergerak dari kiri ke kanan
Berikut ini codingnya:
kita tulis di bawah public void act.
public void act()
{s
etLocation(getX() + 1, getY());
}
keterangan:
getX+1 => berarti dia akan bergerak ke kanan, (+1)
getY() => berarti dia tidak akan bergerak dengan sumbu Y
setelah itu sperti biasa kita compile codingnya, jika compile nya berhasil maka akan tampil pesan seperti ini 


Jika sudah selesai dengan semua coding perrgerakan musuhnya, kita akan membuat agar si musuh
bisa menembus batas si ‘dunia’ yang tadi. Caranya kita akan membuat coding tambahan di si musuh,
misalnya kita buat di si snake yang tadi.
Kita beri tambahan coding:
public void act()
{s
etLocation(getX() + 1, getY());
if(getX()==199)
{
setLocation(0,getY());
}
}
Keterangan:
if(getX()==199)
{
setLocation(0,getY());
}
jadi ketika si snake mencapai titik X 199, (ujung kanan si ‘dunia’)
si snake ini akan muncul di Lokasi X => 0 (ujung kiri si ‘dunia’)
Setelah itu, kita buat juga untuk musuh – musuh yang lainnya.
Jika bisa, lanjutkan, namun jika masih adaa error jangan dilanjutkan periksa kembali coding nya.
Setelah kita selesai dengan para musuhnya, sekarang kita akan membuat si ‘jagoan’nya.
Caranya sama seperti sebelumnya, klik di actor, lalu pilih new subclass dan beri nama jagoannya,
misalnya boy. Setelah itu pilih gambar untuk si boy. Sekarang kita akan membuat coding untuk
pergerakan si boy, caranya klik subclass boy lalu pilih open editor setelah itu kita buat codingnya
seperti dibawah ini :
if(Greenfoot.isKeyDown(”right”))
{
setLocation(getX()+1,getY());
}
Keterangan:
if(Greenfoot.isKeyDown(”right”)) jika → tombol “panah kanan” ditekan maka …
setLocation(getX()+1,getY()); → gerakan Actor kearah kanan 1 cell
Setelah itu di test, lalu buat codingnya juga untuk bergerak ke atas, ke bawah, dan ke kiri.
Kalau kita klik tombol Reset, semua actor nya hilang, untuk membuat semua actornya ada kembali
ketika mengklik tombol Reset, kita buka editor di ‘dunia’ nya
lalu masukkan coding seperti dibawah ini:
addObject(new boy,7,145);
lalu pasang juga musuh – musuh nya di ‘dunia’ nya.
Nah sekarang kita akan membuat coding untuk matinya si ‘boy’
caranya buka editor nya, lalu kita masukkan coding nya seperti ini :
snake a=(snake)getOneIntersectingObject(snake.class);
if(a!=null)
{
setImage(”tengkorak.png”);
Greenfoot.playSound(”kalah.wav”);
getWorld().removeObject(a);
Greenfoot.stopSimulation;
return;
}
Keterangan :
snake =nama class musuh
a = nama variabel, boleh bebas, namun untuk mempermudah kita gunakan a
setImage = untuk membuat Greenfoot memunculkan gambar, gambar nya harus ada di folder images
di folder scenarionya, untuk perintah setImage ini dapat menggunakan file dengan format .jpg
atau .png
Greenfoot.playSound = perintah untuk membuat Greenfoot memainkan suara, format file nya
harus .wav dan ada di folder sounds
getWorld().removeObject(a) = membuat variabel a (snake) hilang
stop; = membuat permainan berhenti
buat juga coding yang sama untuk menabrak musuh yang lainnya.
Sekarang kita buat Peluru untuk si ‘boy’
caranya buka editor si ‘boy’
Tambahkan coding diatas public void act()
private dunia pelor;
public voidaddedToWorld(World dunia)
{
pelor = (dunia) dunia;
}
private = variabel ini hanya dikenali di class yang bersangkutan (Prince)
dunia = nama class World
pelor = nama variabel (terserah tapi tidak boleh sama dengan nama Actor
public void addedToWorld(World dunia) = Tambahkan class pelor ke World
dunia = nama variabel baru
Lalu buat di dalam act (boleh paling atas atau paling bawah, yang akan memicu keluarnya
peluru, yaitu jika ditekan tombol x (jangan lupa cari suara dengan nama fire.wav)
if(Greenfoot.isKeyDown(”x”))
{
pelor.addObject(new Peluru1(), getX(),getY());
Greenfoot.playSound(”fire.wav”);}
if(Greenfoot.isKeyDown(”x”)) = jika ditekan tombol x
pelor.addObject(new Peluru1(), getX(),getY()); = akan keluar Object baru yaitu peluru
letakan sama dengan Actor/Object aktif (boy) berada.
Greenfoot.playSound(”fire.wav”); = munculkan suara fire.wav (file harus ada difolder sounds)
Setelah peluru bisa keluar atur agar pelurunya langsung bergerak, misal dari kanan ke kiri, buat
codingnya di Actor Peluru1
setLocation(getX()+2,getY());
Ternyata ada sedikit masalah yaitu peluru akan meninggalkan sisa dibelakang akhir background
untuk mengatasinya gunakan coding berikut:
if(getX()==199)
{
getWorld().removeObject(this);
return;
}
getWorld().removeObject(this); = hilangkan object ini
return; = kembali keawal (perintah sangat penting dipakai jika perintah diatasnya
menghilangkan object, jangan sampai ada perintah lain yang menggunakan Object yang
telah dihilangkan, jika itu yang terjadi akan muncul pesan error).
Peluru yang baru saja dibuat belum berfungsi apaapa
karena jika Musuh tertembak tidak mati/
hilang buat jika peluru terkena Musuh15
maka Musuh hilang dan peluru hilang dengan bunyi
ah, buat coding di Peluru1 atau Musuh1 contoh disini dibuat di Peluru1, masukan file die1.wav
Setelah semua bisa, bagaimana jika sang girl tertembak ?, buat sang girl mati dan
permainan berakhir. Buat coding di Princess dan isi dengan:
Peluru1 f=(Peluru1)getOneIntersectingObject(Peluru1.class);
if(f!=null)
{
Greenfoot.playSound(”die1.wav”);
setImage(”kalah.png”);
getWorld().removeObject(f);
Greenfoot.stopSimulation();
}
Buat coding peluru1 dan jangan lupa ganti arah geraknya jadi kekiri
…………..
//peluru bergerak dari kiri ke kanan
setLocation(getX()+1,getY());
if(getX()==199)
{
getWorld().removeObject(this);
return;
}
//jika snake terkena peluru
snake a=(snake)getOneIntersectingObject(snake;
if(a!=null)
{
Greenfoot.playSound(”die1.wav”);
getWorld().removeObject(a);
getWorld().removeObject(this);
return;
}
……………
Membuat Skor
Agar permainan lebih menarik buat skor, dengan ketentuan setiap membunuh 1 musuh maka
nilai akan bertambah 20 dengan pengurangan pada peluru 1 peluru 1
nilai
Langkahlangkahnya:
1. Buat Actor Nilai dengan gambar angka 0 (ambil dari folder contoh di baloons tepatnya
di ….. greenfoot/scenarios/balloons/images/Counter.png)
2. Masuk ke jendela coding pada Actor Nilai dan buat coding diatas Public void act
3.
private int angka = 0;
private int target = 0;
private String huruf;
private int panjangHuruf;
public Nilai(String depan)
{
huruf=depan;
panjangHuruf = (huruf.length() + 2) * 16;
setImage(new GreenfootImage(panjangHuruf, 24));
GreenfootImage gambar = getImage();
Font jenisHuruf = gambar.getFont();
gambar.setFont(jenisHuruf.deriveFont(24.0F));
gantiGambar();
}
private void gantiGambar()
{
GreenfootImage gambar = getImage();
gambar.clear();
gambar.setColor(Color.RED);
gambar.drawString(huruf + angka, 1, 18);
}
private int angka = 0; ==> variabel angka
Font jenisHuruf = gambar.getFont(); ==> ambil jenis huruf karena perintah ini
diatasnya harus ada import java.awt.Font
gambar.setFont(jenisHuruf.deriveFont(24.0F)); ==> gunakan huruf terbesar yaitu 24
dengan jenis font derive. 0F dibaca nol ef
gantiGambar(); ==> jalankan class gantiGambar
private void gantiGambar() ==> membuat class gantiGambar
gambar.clear(); = kosongkan gambar (angka 0 diawal)
gambar.setColor(Color.RED); ==> pakai tulisan warna Merah. Pilihan lainnya BLACK,
WHITE, RED, GREEN (penulisan harus huruf besar semua). Karena
perintah ini memanggil perintah java diatasnya harus dibuat import
java.awt.Color
gambar.fillRect(20, 4, 24, 16); ==> background tulisan disini tidak dipakai
gambar.drawString(huruf + angka, 1, 18); ==> tata letaknya tulisan dulu baru angkanya
3. Tambahkan dibaris kedua
dari atas dibawah import greenfoot.*;
import java.awt.Font;
import java.awt.Color;
4. Buka classWorld(dunia) lalu buat variabel diatas Public Adventure ()
Nilai skor = new Nilai(”Skor: “);
addObject(skor,35,280);
5. Tambahkan object dibawah perintah menambahkan object yang lain
6. Lihat hasilnya sudah munculkah tulisan Skornya ? jika sudah lanjut agar skor bertambah
jika musuh mati
buka kembali layar coding Nilai dan tambahkan coding yang setingkat dengan public/private
void.
public void tambah(int skor)
{
target += skor;
}
if(angka < b="”(Musuh2)getOneIntersectingObject(Musuh2.class);”" target ="”"> target)
{
angka;
gantiGambar();
}
lanjutkan dengan menambahkan coding pada World dunia, tambahkan dibawah coding
public void tambahNilai()
public void kurangiNilai()
{
skor.kurang(1);
}
Lakukan pemicunya pada actor Prince (pemicu yang mengeluarkan Peluru) syaratnya peluru
ditekan nilai langsung berkurang 1, buat coding di bawah playSound
((dunia) getWorld()).kurangiNilai();
panggil aksi → kurangiNilai yg berada di World dunia.
if(Greenfoot.isKeyDown(”x”))
{
pelor.addObject(new Peluru1(), getX(),getY());
Greenfoot.playSound(”fire.wav”);
((dunia) getWorld()).kurangiNilai();
}
Pemunculan Papan Skor
Satu urusan lagi, papan skor dengan rancangan jika boy bertemu girl papan skor akan
muncul dengan ucapan SELAMAT dengan nilai …… dan permainan berakhir.
Tambahkan Actor PapanSkor lalu buat codingnya, coding lengkapnya:
import greenfoot.*;
import java.awt.Color;
import java.awt.Font;
import java.util.Calendar;
/**
* @author (auvy)
* @version (1.0.0)
*/
public class PapanSkor extends Actor
{
public static final float besarHuruf = 48.0f;
public static final int lebar = 500;
public static final int tinggi = 300;
public PapanSkor(int skor)
{
bikinGambar(”SELAMAT”, “Skor Akhir: “, skor);
}
private void bikinGambar(String judul, String depan, int skor)
{
GreenfootImage gambar = new GreenfootImage(lebar, tinggi);
gambar.setColor(new Color(25, 5, 74, 160));
gambar.fillRect(0, 0, lebar, tinggi);
gambar.setColor(new Color(255, 255, 255, 50));
gambar.fillRect(5, 5, lebar10, tinggi10);
Font font = gambar.getFont();
font = font.deriveFont(besarHuruf);
gambar.setFont(font);
gambar.setColor(Color.GREEN);
gambar.drawString(judul, 60, 100);
gambar.drawString(depan + skor, 60, 200);
setImage(gambar);
}
}
Di Actor Nilai tambahkan coding yang setingkat dengan public void act()
public intnilaiAkhir()
{
return angka;
}
Di World dunia buat coding setingkat public void seperti ini:
public void selesai()
{ addObject(new PapanSkor(skor.nilaiAkhir()*5), 247,145);
}
Nilai akhir didapat dari jumlah skor dikalikan 5 da → n letakan di tengahtengah
Buat pemicunya di Actor boy atau girl (pilih salah satu), disini pakai girl
boy h=(boy)getOneIntersectingObject(boy.class);
if(h!=null)
{
((Adventure)getWorld()).selesai();
Greenfoot.playSound(”login.wav”);
Greenfoot.stopSimulation();
}

Jumat, 21 Oktober 2011

Happy Birthday Mary Blair 100th

Yes we briefly hehe strings attached ......

Wow already 5 days was not open blogs, knowing my monitor broken so I used my mom's monitor hahahahaha
Earlier when I open my web browser.

Humb ..... There is an awkward, visible from the initial window google
I think "Now there is a feast of what?". Then I hold the mouse in the direction of writing is usually Google
Ow it turns out now Mary Blair's birthday is the 100th
Yes, now I'll post about the biography and history.




Mary Blair (October 21, 1911 - 26 July 1978), was born with the name of Mary Robinson, was a leading American artist in producing art and animation for The Walt Disney Company,drawing concept art for movies like Alice in Wonderland, PeterPan, Song of the South and Cinderella. Blair also created the character designs for timeless attractions like It's a Small World at Disneyland, the party scene in El Tiempo del Rio in Mexicopavilion in Epcot World Showcase, and a very large mosaic in theDisney's Contemporary Resort. Some of his children's book illustration from the 1950s still be printed, such as I Can Fly by RuthKrauss. Blair is respected as a Disney Legend in 1991.
And this work of his :






Yes enough for today see ya.....
Uh almost forgot, happy birthday
Hopefully useful article

Senin, 17 Oktober 2011

Tutorial on Key Generators


Hallo All !

Now I will learn about key generator
Humb ...... I'm curious about the key generator so I am lookingbagaimanan how to create and the tools needed to make a key generator and this is the result :




Tools!
                For tools you need a minimum of debugger like SoftIce for Windows (hence WinIce), and a C compiler with Dos libraries.


Content!
In this tutorial I will show how to make a key-gen for Ize and Swiftsearch. The protection that these programs use is the well known Enter-Name-and-Registration-Number method. After selecting 'register',  a window pops up where you can enter your name and your registration number.   The strategy here is to find out where in memory the data you enter is stored and then to find out what is done with it. Before you go on make sure you configure the SoftIce dat file according to the PWD tutorial #1.


Part 1: Scanline Swiftsearch 2.0!

 Swiftsearch is a useful little program that you can use to search on the web. I will explain step by step how to crack it.

 step 1. Start the program :)

 step 2: Choose register from the menus. You will now get a window where you can enter your name and your  registration number.

 step 3: Enter SoftIce (ctrl-d)

 step 4: We will now set a breakpoint on functions like GetWindowText(a) and GetDlgItemText(a) to find out where in memory the data that we just entered is stored.  The function that is used by this program is GetDlgItemTexta (trial and error, just try yourself :) so, in SoftIce type BPX GetDlgItemTexta  and exit SoftIce with the g command.

step 5: Now type a name and a registration number  (I used razzia and 12345) and press OK, this will put you  back in  SoftIce. Since you are now inside the GetDlgItemTexta function press F11 to get out of it.  You should see the following code:

            lea eax, [ebp-2C]          :<--- we are looking for this location
     push eax                  
     push 00000404
     push [ebp+08]
     call [USER32!GetDlgItemTextA]
     mov edi, eax               :<--- eax has the length of the string                  
                                 and is stored in edi for later usage.

                  We see that EAX is loaded with a memory address and then pushed to the stack as a parameter for the function GetDlgItemTextA. Since the function GetDlgItemTextA is already been run we can look at EBP-2c (with ED EDP-2c) and see that the name we entered is there. Now we know where the name is stored in memory, normally it would be wise to write that address down, but we will see that in this case it wont be necessary.
             
So, what next? Now we have to allow the program to read the registration number we entered. Just type g and return and when  back in SoftIce press F11. You should see the following code:

     push 0000000B
     lea ecx, [ebp-18]         : <--So, ebp-18 is where the reg. number                                
     push ecx                  :    is stored.
     push 0000042A
     push [ebp+08]
     call [USER32!GetDlgItemTextA]
     mov ebx, eax              : <--save the lenght of string in EBX
     test edi, edi             : <--remember EDI had the lenght of the                               
     jne 00402FBF              :    name we entered?
            
             We see that the registration number is stored at location EBP-18 , check it with ED EBP-18.  Again, normally it would be wise to note that address down.  Also we see that it is checked if the length of the name we gave was not zero. If it is not zero the  program will continue.

Step 6: Ok, now we know where the data we entered is stored in memory. What next?
             Now we have to find out what is DONE with it. Usually it would we wise to put breakpoints on those memory locations and find out where in the program they are read. But in this case the answer is just a few F10's away. Press F10 until you see the following code :

           cmp ebx, 0000000A       :<--remember EPX had the length of the
     je 00402FDE             :   registration code we entered?
   
             These two lines are important. They check if the length of the registration code we entered is equal  to 10. If not the registration number will be considered wrong already. The program wont even bother  to check it. Modify EBX or the FLAG register in the register window to allow the jump. Continue Pressing F10 until you get to the following code (note that the adresses you will see could be different) :

:00402FDE xor esi, esi        :<-- Clear ESI
:00402FE0 xor eax, eax        :<-- Clear EAX
:00402FE2 test edi, edi
:00402FE4 jle 00402FF2
:00402FE6 movsx byte ptr ecx, [ebp + eax - 2C] :<-- ECX is loaded with a letter of the  name we entered.
:00402FEB add esi, ecx        :<-- Add the letter to ESI                  
:00402FED inc eax             :<-- Increment EAX to get next letter
:00402FEE cmp eax, edi        :<-- Did we reach the end of the string?
:00402FF0 jl 00402FE6         :<-- If not, go get the next letter.

            Well, we see that the program adds together all the letters of the name we entered.  Knowing that ESI contains the sum of the letters, lets continue and find out what the program does with that value :

:00402FF2 push 0000000A
:00402FF4 lea eax, [ebp-18]   :<-- Load EAX with the address of the reg. number we entered   
:00402FF7 push 00000000
:00402FF9 push eax            :<-- Push EAX (as a parameter for the following function)
:00402FFA call 00403870       :<-- Well, what do you think this function does? :)
:00402FFF add esp, 0000000C   
:00403002 cmp eax, esi        :<-- Hey!  
:00403004 je 00403020

             We see that a function is called and when RETurned ESI is compared with EAX. Hmm, lets look at what's in EAX.  A '? EAX' reveals :
          
             00003039       0000012345   "09"

             Bingo. That's what we entered as the registration number. It should have been what's inside ESI.  And we know what's inside ESI, the sum of the letters of the name we entered!
        
Step 7:  Now we know how the program computes the registration code we can make a key-gen.
              But we should not forget that the program checks also that the registration number has 10
              digits.
              A simple C code that will compute the registration number for this program could look like this:


 #include   <stdio.h>
#include   <string.h>
main()
{
     char Name[100];
     int NameLength,Offset;
     long int Reg = 0, Dummy2 = 10;
     int Dummy = 0;
     int LengtDummy = 1;
     int Lengt , Teller;
     printf("Scanline SwiftSearch 2.0 crack by raZZia.\n");
     printf("Enter your name: ");
      gets(Name);
      NameLength=strlen(Name);

/* the for lus calculates the sum of the letters in Name */
/* and places that value in Reg                          */
      for (Offset=0;Offset<NameLength;Offset=Offset+1)
        {
           Reg=Reg+Name[Offset];
        }                                 
/* the while lus calculates the lenght of the figure in */
/* Reg and places it in Lengt                           */
      while (Dummy != 1)
        {
             if ( Reg < Dummy2 )
               { Lengt = LengtDummy ; Dummy =1;
               }
            else
               { LengtDummy=LengtDummy + 1; Dummy2=Dummy2*10;
               }
        };              
     printf("\nYour registration number is : " );
/* First print 10-Lengt times a 0                        */
     Lengt=10-Lengt;
     for (Teller=1;Teller<=Lengt;Teller=Teller+1) printf("0");
/* Then print the registration number                    */
     printf("%lu\n",Reg);
}




                           Case 2 Ize 2.04 from Gadgetware
     
                Ize from Gadgetware is a cute little program that will put a pair of eyes on your screen which will
                follow your mousepointer. It has a register function where you can enter your name and a registration
                number. The strategy in this case is still the same : Find out where in memory the entered information
                is stored and then find out what is done with that information.

Step 1:   Start Ize. Chose register and enter a name and a number. I used 'razzia' and '12345'.

Sterp 2: Enter (CTRL-D) Softice and set a breakpoint on GetDlgItemTextA.

Step 3:  Leave SoftIce and press OK. This will put you back in Softice. You will be inside the GetDlgItemTextA
              function. To get out of it press F11. You should see the following code :

      mov esi, [esp + 0C]
      push 00000064
      push 0040C3A0      :<--On this memory location the NAME we entered will be stored.
      mov edi, [USER32!GetDlgItemTextA]  :<--Load edi with adress of GetDlgItemTextA
      push 00004EE9     
      push esi
      call edi           :<-- Call GetDlgItemTextA 
      push 00000064            :<-- (you should be here now)
      push 0040C210      :<--On this memory location the NUMBER we entered will be stored
      push 00004EEA
      push esi
      call edi           :<-- Call GetDlgItemTextA

                We see that the function GetDlgItemTextA is called twice in this code fragment. The first call has
                already happened. With ED 40C3A0 we can check that the name we entered is stored on that location.
                To allow the program to read in the number we entered we type G and enter. Now we are inside the Get-
                DlgItemTextA function again and we press f11 to get out of it. We check memory location 40C210 and
                we see the number we entered is stored there.
      Now we know the locations were the name and the number are stored,we note those down!

Step 4:   Ok, what next? We now know where in memory the name and the number are stored. We need to find out
                what the program does with those values. In order to do that we could set breakpoints on those memory
                locations to see where they are read. But in this case it wont be necessary. The answer is right after the
                above code :

      push 0040C210  :<--save the location of the number we entered (as a parameter for the next call)
      call 00404490  :<-- call this unknown function  
      add esp, 00000004
      mov edi, eax  :<-- save EAX  (hmmmm)

      We see a function being called with the number-location as a parameter. We could trace into the                                   function and see what it does, but that is not needed. With your experience of the Swiftsearch
                example you should be able to guess what this function does.  It calculates the numerical value of the                          registration number and puts it in EAX. To be sure we step further using F10 untill we are past the call                and check the contents of EAX (with ? EAX). In my case it showed : 00003039       0000012345   "09".

      Knowing that EDI contains our registration number we proceed:
     
      push 0040C3A0 :<-- save the location of the name we entered (as a parameter for the next call)    
      push 00409080 :<-- save an unknown memory-location (as a parameter for the next call)
      call 004043B0 :<--call to an unknown function
      add esp, 00000008
      cmp edi, eax  :<--compare EDI (reg # we entered) with EAX (unknown, since the previous call                                                                                                                  changed it)
      jne 004018A1  :<--jump if not equal
               
                We see that a function is called with two parameters. One of the parameters is the location of the name
                we entered. The other we dont know, but we can find out with ED 409080. We see the text 'Ize'.
                This function calculates the right registration number using those two parameters. If you just want to
                crack this program, you can place a breakpoint right after the call and check the contents of EAX. It will
                contain the right registration number.  But since we want to know HOW the reg. # is calculated we will          trace inside the function (using T). We will then try to find out HOW the contents of EAX got in there.

Step 5:    Once inside the interesting function  you will see that we are dealing with a rather long function. It wont                       be necessary for me to include the complete listing of this function, because we wont need all of it to    make our key-gen.
                But in order find out which part of the code is essential for the computation of the right registration               number, you  have to trace STEP by STEP and figure out what EXACTLY is going on!

                Afther doing this i found out that the first part of the function computes  some kind of "key". Then this
                "key" is stored in memory and in that way passed on to the second part of the function.  
                The second part of the function then computes the right registration number, based on this "key" AND
                 the name we entered.
               
      The code that is essential and that we need for our key-gen is the following:
               
               ( Note that before the following code starts, the registers that are used will have the following values:
                 EBX will point to the first letter of the name we entered,
                 EDX will be zero,
                 EBP will be zero,
                 The "key" that we talked about earlier is stored in memory location 0040B828 and will 
                 have 0xA4CC as its initial value. )


:00404425 movsx byte ptr edi, [ebx + edx]   :<-- Put first letter of the name in EDI
:00404429 lea esi, [edx+01]    :<-- ESI gets the "letter-number"
:0040442C call 00404470        :<-- Call  function
:00404431 imul edi, eax        :<-- EDI=EDI*EAX (eax is the return value of the the previous call)
:00404434 call 00404470        :<-- Call function
:00404439 mov edx, esi           
:0040443B mov ecx, FFFFFFFF
:00404440 imul edi, eax     :<-- EDI=EDI*EAX (eax is the return value of the previous call)
:00404443 imul edi, esi     :<-- EDI=EDI*ESI ( esi is the number of the letter position)
:00404446 add ebp, edi      :<-- EBP=EBP+EDI  (beware that EBP will finally contain the right reg#)
:00404448 mov edi, ebx  :<--these lines compute the lenght of the name we entered    
:0040444A sub eax, eax  :<--these lines compute the lenght of the name we entered
:0040444C repnz         :<--these lines compute the lenght of the name we entered
:0040444D scasb         :<--these lines compute the lenght of the name we entered
:0040444E not ecx       :<--these lines compute the lenght of the name we entered
:00404450 dec ecx       :<-- ECX now contains the lenght of the name
:00404451 cmp ecx, esi       
:00404453 ja 00404425  :<-- If its not the end of the name , go do the same with the next letter
:00404455 mov eax, ebp :<--  SAVE EBP TO EAX !!!! 
:00404457 pop ebp
:00404458 pop edi
:00404459 pop esi
:0040445A pop ebx
:0040445B ret          
            _____

:00404470 mov eax, [0040B828]       :<-- Put "key" in EAX        
:00404475 mul eax, eax, 015A4E35    :<-- EAX=EAX * 15A4E35
:0040447B inc eax                   :<-- EAX=EAX + 1
:0040447C mov [0040B828], eax       :<-- Replace the "key" with the new value of EAX
:00404481 and eax, 7FFF0000         :<-- EAX=EAX && 7FFF0000
:00404486 shr eax, 10               :<-- EAX=EAX >>10
:00404489 ret


      The above code consists of a loop that goes trough all the letters of the name we entered. With each
                letter some value is calculated, all these values are added up together (in EBP). Then this value is stored
                in EAX and the function RETurns. And that was what we were looking for, we wanted to know how EAX                                    got its value!

Step 6:   Now to make a key-gen we have to translate the above method of calculating the right reg# into a
                c program. It could be done in the following way :
                (Note : I am a bad c programmer :)

#include    <stdio.h>
#include    <string.h>
main()
{
      char Name[100];
      int NameLength,Offset;
      unsigned long Letter,DummyA;
      unsigned long Key = 0xa4cc;
      unsigned long Number = 0;
        printf("Ize 2.04 crack by razzia\n");
      printf("Enter your name: ");
        gets(Name);
        NameLength=strlen(Name);
        for (Offset=0;Offset<NameLength;Offset=Offset+1)
        {
               Letter=Name[Offset];
                 DummyA=Key;
                 DummyA=DummyA*0x15a4e35;
                   DummyA=DummyA+1;
                   Key=DummyA;
                   DummyA=DummyA & 0x7fff0000;
                   DummyA=DummyA >> 0x10;
                 Letter=Letter*DummyA;
                 DummyA=Key;
                 DummyA=DummyA*0x15a4e35;
                   DummyA=DummyA+1;
                   Key=DummyA;
                   DummyA=DummyA & 0x7fff0000;
                   DummyA=DummyA >> 0x10;                
                 Letter=Letter*DummyA;
                 Letter=Letter*(Offset+1);
                 Number=Number+Letter;
        }                                  
        printf("\nYour registration number is : %lu\n",Number);
}

Hopefully useful
Ada kesalahan di dalam gadget ini