Rotating dots animation - crashing 5-6 times (or more) before loading it correctly

[r0ger]

hi guys

recently ripped a rotating dots animation from penawar.brontok.1.4.3.full.incl.keygen-tsrh , but the thing is it crashes 6 or more times before it loads correctly.

but in the meatime i think i found some buggy thing on this one on StartAddress function:

loc_4025B3:
		cmp [ebp+var_10], 0
		jb loc_4025FB
		push 2Ch 	; int
		push dword_407AD4 ; float
		push 2 	; int
		push offset dword_407290 ; int
		call sub_401EB0
		push 2Ch 	; int
		push dword_407AE0 ; float
		push 1 	; int
		push offset dword_407290 ; int
		call sub_401EB0
		fld dword_407AE0
		fadd flt_407AFC
		fstp dword_407AE0
		lea eax, dword_407290
		jmp $+2 ;<-------------

i've even replaced "$+2" with "loc_4025FB" as it was also predicted in IDA Pro in which the loc_4025FB actually initiates the animation with Sleep function.

any suggestions so i can prevent this from crashing multiple times before a complete load of anim?

 

Edited June 27, 2022 by r0ger
attachment removed - problem fixed,now releasing the final version of the animation to be released for public

[kao]

This line is crashing:

lea eax, [ebp+ThreadId]

Reason for crash - you changed ThreadId from a local variable to a global variable. So, you should change this line as well. Try this instead:

lea eax, ThreadId

 

[r0ger]

it worked, thanks so much.

later i will make this public now with fully recoded and renamed variables.

[r0ger]

sorry to interrupt you again guys.

is it possible to set the colors for the dots as well as its background?

i tried firstly setting the bg color with Black (invoke SetBkColor,hdcSrc,Black) but it is still white.

and as for the DotzProc , i cannot find the colour of its every dot.

loc_4025FB: 			
		push 2Ch
		push eax 	
		push 0
		push 37h 	
		push 32h 	
		push hdcSrc 	
		call DotzProc

do you see any of the value that sets the dot color? i've checked in another keygen (t3.screensaver.keygen-tsrh.zip) with similar effect but white dot color and dark-blue bg color but unfortunately some of the MASM32 functions are not showing in my IDA after unpacking.

i have another keygen source made recently and i want to make another keygen template with this effect but white dot color and black bg color.

any suggestions on this ? 

Edited July 2, 2022 by r0ger

[fearless]

SetDCPenColor probably is needed at i guess, or possibly SetPixel or maybe its using MoveToEx to paint the dots

[r0ger]

hey @fearless thanx for the suggestion

finally got the color for the dots working , so what i did was firstly to retrieve a handle for the dots with GetStockObject and set its type to DC_PEN (actually for every color not just for the white color) , then apply it with SelectObject. Then i set the color right with RGB function and then i've used the SetDCPenColor afterwards :

DotzProc :

loc_401E2D:
		fld dword ptr [esi]
		fld dword ptr [esi+4]
		fld dword ptr [esi+8]
		fistp [ebp+var_4]
		fistp [ebp+var_8]
		fistp [ebp+var_C]
		mov eax, [ebp+arg_4]
		mov ebx, [ebp+arg_8]
		add eax, [ebp+var_4]
		add ebx, [ebp+var_8]
		mov ecx, ebx
		add ecx, 2
		push ecx 	
		mov ecx, eax
		add ecx, 2
		push ecx 	
		push ebx 	
		push eax 	
		push [ebp+hdc] 
		call Rectangle
		;---------------------------------
		invoke GetStockObject,DC_PEN
		invoke SelectObject,[ebp+hdc],eax
		RGB 255, 255, 255
		invoke SetDCPenColor,[ebp+hdc],eax
		;---------------------------------
		inc [ebp+var_10]
		add esi, 0Ch
		mov eax, [ebp+var_10]
		cmp eax, [ebp+arg_14]
		jl loc_401E2D
		leave
		retn 18h

these should be inserted right ater the Rectangle function.

and to make the background color go black, i've literally just switched its raster operation type from WHITENESS to BLACKNESS, from the PatBlt function:

loc_402131:
		finit
		invoke PatBlt,hdcSrc,0,0,6Eh,6Eh,BLACKNESS
		cmp [ebp+AnimSequence], 0BB9h
		jbe loc_40215C
		mov [ebp+AnimSequence], 0

 

[T-rad]

 

It looks like you can now change the dotz to any color so why not use PATCOPY in stead of BLACKNESS or WHITRENESS to change the background to any color ?

example

loc_402131:
		finit
		RGB 0,0,0
		invoke CreateSolidBrush, eax
		invoke SelectObject,hdcSrc,eax
		invoke PatBlt,hdcSrc,0,0,6Eh,6Eh,PATCOPY
		;invoke PatBlt,hdcSrc,0,0,6Eh,6Eh,BLACKNESS
		cmp [ebp+AnimSequence], 0BB9h
		jbe loc_40215C
		mov [ebp+AnimSequence], 0

 

[r0ger]

7 minutes ago, T-rad said:

 

It looks like you can now change the dotz to any color so why not use PATCOPY in stead of BLACKNESS or WHITRENESS to change the background to any color ?

example

loc_402131:
		finit
		RGB 0,0,0
		invoke CreateSolidBrush, eax
		invoke SelectObject,hdcSrc,eax
		invoke PatBlt,hdcSrc,0,0,6Eh,6Eh,PATCOPY
		;invoke PatBlt,hdcSrc,0,0,6Eh,6Eh,BLACKNESS
		cmp [ebp+AnimSequence], 0BB9h
		jbe loc_40215C
		mov [ebp+AnimSequence], 0

 

thanks dude, i actually forgot about that. also works this one too!

[r0ger]

Hey @T-rad

it looks like you've inserted these lines of codes right in the middle of the animation cycle which causes GDI leak:

but to prevent this , ALWAYS insert it at the beginning, or literally, before its animation cycle like i did here :

	mov hdcSrc,eax
		invoke CreateCompatibleBitmap,[ebp+hdc],BoxWidth,BoxHeight
		mov DotzDC,eax
		invoke SelectObject,hdcSrc,eax
		invoke SetBkMode,hdcSrc,TRANSPARENT
        ;-------------------------------- should be placed here to prevent gdi leak
		invoke CreateSolidBrush,White
		invoke SelectObject,hdcSrc,eax
        ;--------------------------------
        
        ....
        
    loc_402131:
		finit
		invoke PatBlt,hdcSrc,0,0,BoxWidth,BoxHeight,PATCOPY ;<------
		cmp [ebp+AnimSequence], 0BB9h
		jbe loc_40215C
		mov [ebp+AnimSequence], 0

final result :

here u go dude,no GDI leaks 😃