[KeyGenMe]Very Very Easy CrackMe [SerialFishing]

[aztecx]

QQ just did this again, didn't remember I did it in the first place.

Anyway i sort of did a bit more work this time and commented a bit of the code. If anyone wants to add to it and explain it a bit better it would be greatly appreciated.

004043DA	 66:3B75 E0				CMP SI,WORD PTR SS:[EBP-20]					 ; Start of the routine.
004043DE	 0F8F D1000000			 JG CrackMe_.004044B5
004043E4	 8B45 E4				   MOV EAX,DWORD PTR SS:[EBP-1C]
004043E7	 8D4D C8				   LEA ECX,DWORD PTR SS:[EBP-38]
004043EA	 0FBFD6					MOVSX EDX,SI
004043ED	 8985 50FFFFFF			 MOV DWORD PTR SS:[EBP-B0],EAX				   ; Update stack with serial + next 2 characters
004043F3	 51						PUSH ECX
004043F4	 8D85 78FFFFFF			 LEA EAX,DWORD PTR SS:[EBP-88]
004043FA	 52						PUSH EDX
004043FB	 8D4D B8				   LEA ECX,DWORD PTR SS:[EBP-48]
004043FE	 50						PUSH EAX
004043FF	 51						PUSH ECX
00404400	 C785 48FFFFFF 08000000	MOV DWORD PTR SS:[EBP-B8],8
0040440A	 C745 D0 01000000		  MOV DWORD PTR SS:[EBP-30],1
00404411	 C745 C8 02000000		  MOV DWORD PTR SS:[EBP-38],2
00404418	 897D 80				   MOV DWORD PTR SS:[EBP-80],EDI
0040441B	 C785 78FFFFFF 08400000	MOV DWORD PTR SS:[EBP-88],4008
00404425	 FF15 5C104000			 CALL DWORD PTR DS:[<&MSVBVM60.#632>]			; MSVBVM60.rtcMidCharVar
0040442B	 8D55 B8				   LEA EDX,DWORD PTR SS:[EBP-48]
0040442E	 8D45 D8				   LEA EAX,DWORD PTR SS:[EBP-28]
00404431	 52						PUSH EDX
00404432	 50						PUSH EAX
00404433	 FF15 AC104000			 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrVarVal>]  ; MSVBVM60.__vbaStrVarVal
00404439	 50						PUSH EAX
0040443A	 FF15 20104000			 CALL DWORD PTR DS:[<&MSVBVM60.#516>]			; Call that starts serial generation routine.
00404440	 8D4D A8				   LEA ECX,DWORD PTR SS:[EBP-58]
00404443	 8D55 98				   LEA EDX,DWORD PTR SS:[EBP-68]
00404446	 51						PUSH ECX
00404447	 52						PUSH EDX
00404448	 66:8945 B0				MOV WORD PTR SS:[EBP-50],AX					 ; Replace last 2 serial characters with next 2.
0040444C	 C745 A8 02000000		  MOV DWORD PTR SS:[EBP-58],2
00404453	 FF15 D4104000			 CALL DWORD PTR DS:[<&MSVBVM60.#573>]			; MSVBVM60.rtcHexVarFromVar
00404459	 8D85 48FFFFFF			 LEA EAX,DWORD PTR SS:[EBP-B8]
0040445F	 8D4D 98				   LEA ECX,DWORD PTR SS:[EBP-68]
00404462	 50						PUSH EAX
00404463	 8D55 88				   LEA EDX,DWORD PTR SS:[EBP-78]
00404466	 51						PUSH ECX
00404467	 52						PUSH EDX
00404468	 FF15 B0104000			 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarCat>]	 ; MSVBVM60.__vbaVarCat
0040446E	 50						PUSH EAX
0040446F	 FFD3					  CALL EBX										; MSVBVM60.__vbaStrVarMove
00404471	 8BD0					  MOV EDX,EAX
00404473	 8D4D E4				   LEA ECX,DWORD PTR SS:[EBP-1C]
00404476	 FF15 F4104000			 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrMove>]	; MSVBVM60.__vbaStrMove
0040447C	 8D4D D8				   LEA ECX,DWORD PTR SS:[EBP-28]
0040447F	 FF15 0C114000			 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeStr>]	; MSVBVM60.__vbaFreeStr
00404485	 8D45 88				   LEA EAX,DWORD PTR SS:[EBP-78]
00404488	 8D4D 98				   LEA ECX,DWORD PTR SS:[EBP-68]
0040448B	 50						PUSH EAX
0040448C	 8D55 A8				   LEA EDX,DWORD PTR SS:[EBP-58]
0040448F	 51						PUSH ECX
00404490	 8D45 B8				   LEA EAX,DWORD PTR SS:[EBP-48]
00404493	 52						PUSH EDX
00404494	 8D4D C8				   LEA ECX,DWORD PTR SS:[EBP-38]
00404497	 50						PUSH EAX
00404498	 51						PUSH ECX
00404499	 6A 05					 PUSH 5
0040449B	 FF15 18104000			 CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVarList>]; MSVBVM60.__vbaFreeVarList
004044A1	 B8 01000000			   MOV EAX,1
004044A6	 83C4 18				   ADD ESP,18
004044A9	 66:03C6				   ADD AX,SI
004044AC	 70 79					 JO SHORT CrackMe_.00404527
004044AE	 8BF0					  MOV ESI,EAX
004044B0   ^ E9 25FFFFFF			   JMP CrackMe_.004043DA						   ; Loop