004029C9 6D 65 3E 20 3C 31 36 2D me> <16-
004029D1 64 69 67 69 74 20 68 65 digit he
004029D9 78 61 64 65 63 69 6D 61 xadecima
004029E1 6C 20 6E 75 6D 62 65 72 l number
004029E9 3E 0A 00 >..So, you’ve obviously reached the “bad parameters” message display code.
There is no need to examine this code – you should just get into the “good
parameters” code sequence and see what it does. Looks like you’re close!Processing the Username
Jumping to 402AC4, you will see that it’s not that simple. There’s quite a bit of
code still left to go. The code first performs some kind of numeric processing
sequence on the username string. The sequence computes a modulo 48 on each
character, and that modulo is used for performing a left shift on the character.
One interesting detail about this left shift is that it is implemented in a dedicated,
somewhat complicated function. Here’s the listing for the shifting function:00401681 CMP CL,40
00401684 JNB SHORT Defender.0040169B
00401686 CMP CL,20
00401689 JNB SHORT Defender.00401691
0040168B SHLD EDX,EAX,CL
0040168E SHL EAX,CL
00401690 RETN
00401691 MOV EDX,EAX
00401693 XOR EAX,EAX
00401695 AND CL,1F
00401698 SHL EDX,CL
0040169A RETN
0040169B XOR EAX,EAX
0040169D XOR EDX,EDX
0040169F RETNThis code appears to be a 64-bit left-shifting logic. CLcontains the number of
bits to shift, and EDX:EAXcontains the number being shifted. In the case of a
full-blown 64-bit left shift, the function uses the SHLDinstruction. The SHLD
instruction is not exactly a 64-bit shifting instruction, because it doesn’t shift
the bits in EAX; it only uses EAXas a “source” of bits to shift into EDX. That’s
why the function also needs to use a regular SHLon EAXin case it’s shifting
less than 32 bits to the left.406 Chapter 11