[OT] x86 assembler question

Matthew Dillon dillon at apollo.backplane.com
Tue Aug 9 12:36:59 PDT 2005

:Hi all,
:I hate to do this, but I've posted to lots of forums and found no answer.
:I'm doing some research on dongle software protection, and one site referred
:to response codes being 'impossible to recover because you'll sometimes end up
:with TEST [ESI+38],1 as a check.'
:My asm is a bit rusty, but isn't this just an AND operation with a memory
:location found in ESI plus an offset of 38?  What's so hard about that?
:Jonathon McKitrick
:Hoppiness is a good beer.

    I have no idea what the ',1' means, or what register it is ANDing
    agains (probably %eax I guess), but any instruction which accesses
    memory performs a read or write to that memory, and dongle's usually
    have internal state machines that are triggered by the read or write
    operation.  You can't 'monitor' the dongle through software without
    effecting what it outputs.  The only real way to see what is going on
    is to wire up a shim to catch all the data going between the dongle 
    and the computer, and monitor it on another computer or use a 
    digital storage scope or something like that.

    The place where I worked for many years had to deal with dongled software
    all the time (back when dongles were in vogue).  After loosing dongles
    for the Nth time or having to constantly switch them out to run different
    software, we finally just put our foot down and refused to purchase any
    software that used physical dongle devices.  It's just too much of
    a hassle.

					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

More information about the Users mailing list