Hi,
first off: I DID search the forums and i DID try to learn the basics of working with ollydbg, but somehow both didn't work out pretty good.
So what I want to do is get around the signature check, like some people (??Wesker??) have done in the past. Now i think I have found the interesting section but I don't have a damn clue what to do..
0047038D 68 3C299200 PUSH arma.0092293C ; ASCII "index"
00470392 E8 2917FCFF CALL arma.00431AC0
00470397 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+10]
0047039B 8BCE MOV ECX,ESI
0047039D E8 951C0200 CALL arma.00492037
004703A2 6A 20 PUSH 20
004703A4 51 PUSH ECX
004703A5 8BCC MOV ECX,ESP
004703A7 68 BC359200 PUSH arma.009235BC ; ASCII "filename"
004703AC E8 0F17FCFF CALL arma.00431AC0
004703B1 8BCE MOV ECX,ESI
004703B3 E8 7F1C0200 CALL arma.00492037
004703B8 6A 24 PUSH 24
004703BA 51 PUSH ECX
004703BB 8BCC MOV ECX,ESP
004703BD 68 B4359200 PUSH arma.009235B4 ; ASCII "keyName"
004703C2 E8 F916FCFF CALL arma.00431AC0
004703C7 8BCE MOV ECX,ESI
004703C9 E8 691C0200 CALL arma.00492037
004703CE 6A 28 PUSH 28
004703D0 51 PUSH ECX
004703D1 8BCC MOV ECX,ESP
004703D3 68 A8359200 PUSH arma.009235A8 ; ASCII "keyContent"
004703D8 E8 E316FCFF CALL arma.00431AC0
004703DD 8BCE MOV ECX,ESI
004703DF E8 531C0200 CALL arma.00492037
004703E4 6A 34 PUSH 34
004703E6 51 PUSH ECX
004703E7 8BCC MOV ECX,ESP
004703E9 68 9C359200 PUSH arma.0092359C ; ASCII "signature"
004703EE E8 CD16FCFF CALL arma.00431AC0
004703F3 8BCE MOV ECX,ESI
004703F5 E8 3D1C0200 CALL arma.00492037
004703FA 6A 40 PUSH 40
004703FC 51 PUSH ECX
004703FD 8BCC MOV ECX,ESP
004703FF 68 94359200 PUSH arma.00923594 ; ASCII "hash"
00470404 E8 B716FCFF CALL arma.00431AC0
00470409 8BCE MOV ECX,ESI
0047040B E8 271C0200 CALL arma.00492037
00470410 5E POP ESI
00470411 C3 RETN
00470412 55 PUSH EBP
00470413 8BEC MOV EBP,ESP
00470415 83EC 10 SUB ESP,10
00470418 D9EE FLDZ
0047041A 834D FC FF OR DWORD PTR SS:[EBP-4],FFFFFFFF
0047041E 53 PUSH EBX
0047041F 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C]
00470422 56 PUSH ESI
00470423 57 PUSH EDI
00470424 51 PUSH ECX ; /Arg7
00470425 D91C24 FSTP DWORD PTR SS:[ESP] ; |
00470428 33FF XOR EDI,EDI ; |
0047042A 57 PUSH EDI ; |Arg6 => 00000000
0047042B BE 3D9C9B00 MOV ESI,arma.009B9C3D ; |
00470430 56 PUSH ESI ; |Arg5 => 009B9C3D
00470431 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; |
00470434 50 PUSH EAX ; |Arg4
00470435 6A 02 PUSH 2 ; |Arg3 = 00000002
00470437 6A 01 PUSH 1 ; |Arg2 = 00000001
00470439 68 3C299200 PUSH arma.0092293C ; |Arg1 = 0092293C ASCII "index"
0047043E 8BCB MOV ECX,EBX ; |
00470440 E8 C32CFFFF CALL arma.00463108 ; \arma.00463108
00470445 56 PUSH ESI
00470446 8D4D 0C LEA ECX,DWORD PTR SS:[EBP+C]
00470449 E8 7216FCFF CALL arma.00431AC0
0047044E D9EE FLDZ
00470450 51 PUSH ECX ; /Arg7
00470451 D91C24 FSTP DWORD PTR SS:[ESP] ; |
00470454 57 PUSH EDI ; |Arg6
00470455 56 PUSH ESI ; |Arg5
00470456 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C] ; |
00470459 50 PUSH EAX ; |Arg4
0047045A 57 PUSH EDI ; |Arg3
0047045B 6A 04 PUSH 4 ; |Arg2 = 00000004
0047045D 68 BC359200 PUSH arma.009235BC ; |Arg1 = 009235BC ASCII "filename"
00470462 8BCB MOV ECX,EBX ; |
00470464 E8 1E77FFFF CALL arma.00467B87 ; \arma.00467B87
00470469 8D4D 0C LEA ECX,DWORD PTR SS:[EBP+C]
0047046C E8 9F9BFBFF CALL arma.0042A010
00470471 56 PUSH ESI
00470472 8D4D 0C LEA ECX,DWORD PTR SS:[EBP+C]
00470475 E8 4616FCFF CALL arma.00431AC0
0047047A D9EE FLDZ
0047047C 51 PUSH ECX ; /Arg7
0047047D D91C24 FSTP DWORD PTR SS:[ESP] ; |
00470480 57 PUSH EDI ; |Arg6
00470481 56 PUSH ESI ; |Arg5
00470482 8D45 0C LEA EAX,DWORD PTR SS:[EBP+C] ; |
00470485 50 PUSH EAX ; |Arg4
00470486 57 PUSH EDI ; |Arg3
00470487 6A 04 PUSH 4 ; |Arg2 = 00000004
00470489 68 B4359200 PUSH arma.009235B4 ; |Arg1 = 009235B4 ASCII "keyName"
0047048E 8BCB MOV ECX,EBX ; |
00470490 E8 F276FFFF CALL arma.00467B87 ; \arma.00467B87
00470495 8D4D 0C LEA ECX,DWORD PTR SS:[EBP+C]
00470498 E8 739BFBFF CALL arma.0042A010
0047049D 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004704A0 E8 42B5F9FF CALL arma.0040B9E7
004704A5 D9EE FLDZ
004704A7 51 PUSH ECX ; /Arg7
004704A8 D91C24 FSTP DWORD PTR SS:[ESP] ; |
004704AB 57 PUSH EDI ; |Arg6
004704AC 56 PUSH ESI ; |Arg5
004704AD 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] ; |
004704B0 50 PUSH EAX ; |Arg4
004704B1 57 PUSH EDI ; |Arg3
004704B2 6A 05 PUSH 5 ; |Arg2 = 00000005
004704B4 68 A8359200 PUSH arma.009235A8 ; |Arg1 = 009235A8 ASCII "keyContent"
004704B9 8BCB MOV ECX,EBX ; |
004704BB E8 0963FFFF CALL arma.004667C9 ; \arma.004667C9
004704C0 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004704C3 E8 945CFFFF CALL arma.0046615C
004704C8 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004704CB E8 17B5F9FF CALL arma.0040B9E7
004704D0 D9EE FLDZ
004704D2 51 PUSH ECX ; /Arg7
004704D3 D91C24 FSTP DWORD PTR SS:[ESP] ; |
004704D6 57 PUSH EDI ; |Arg6
004704D7 56 PUSH ESI ; |Arg5
004704D8 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] ; |
004704DB 50 PUSH EAX ; |Arg4
004704DC 57 PUSH EDI ; |Arg3
004704DD 6A 05 PUSH 5
004704DF 68 9C359200 PUSH arma.0092359C ; ASCII "signature"
004704E4 8BCB MOV ECX,EBX
004704E6 E8 DE62FFFF CALL arma.004667C9
004704EB 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004704EE E8 695CFFFF CALL arma.0046615C
004704F3 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
004704F6 E8 ECB4F9FF CALL arma.0040B9E7
004704FB D9EE FLDZ
004704FD 51 PUSH ECX
004704FE D91C24 FSTP DWORD PTR SS:[ESP]
00470501 57 PUSH EDI
00470502 56 PUSH ESI
00470503 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10]
00470506 50 PUSH EAX
00470507 57 PUSH EDI
00470508 6A 05 PUSH 5
0047050A 68 94359200 PUSH arma.00923594 ; ASCII "hash"
0047050F 8BCB MOV ECX,EBX
00470511 E8 B362FFFF CALL arma.004667C9
00470516 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
00470519 E8 3E5CFFFF CALL arma.0046615C
0047051E 5F POP EDI
0047051F 5E POP ESI
00470520 8BC3 MOV EAX,EBX
00470522 5B POP EBX
00470523 C9 LEAVE
00470524 C3 RETN
00470525 > 56 PUSH ESI
00470526 . 8BF1 MOV ESI,ECX
00470528 . E8 3C28FEFF CALL arma.00452D69
0047052D . C706 CC359200 MOV DWORD PTR DS:[ESI],arma.009235CC
00470533 . 8366 20 00 AND DWORD PTR DS:[ESI+20],0
00470537 . 8BC6 MOV EAX,ESI
00470539 . 5E POP ESI
0047053A . C3 RETN
0047053B /$ 6A 1C PUSH 1C
0047053D |. 51 PUSH ECX
0047053E |. 8BCC MOV ECX,ESP
00470540 |. 68 38289200 PUSH arma.00922838 ; ASCII "type"
00470545 |. E8 7615FCFF CALL arma.00431AC0
0047054A |. 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C]
0047054E |. E8 E41A0200 CALL arma.00492037
00470553 |. 6A 20 PUSH 20
00470555 |. 51 PUSH ECX
00470556 |. 8BCC MOV ECX,ESP
00470558 |. 68 BC359200 PUSH arma.009235BC ; ASCII "filename"
0047055D |. E8 5E15FCFF CALL arma.00431AC0
00470562 |. 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C]
00470566 |. E8 CC1A0200 CALL arma.00492037
0047056B \. C3 RETN
0047056C /$ 55 PUSH EBP
0047056D |. 8BEC MOV EBP,ESP
0047056F |. 51 PUSH ECX
00470570 |. D9EE FLDZ
00470572 |. 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
00470576 |. 56 PUSH ESI
00470577 |. 51 PUSH ECX ; /Arg7
00470578 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
0047057B |. D91C24 FSTP DWORD PTR SS:[ESP] ; |
0047057E |. 6A 00 PUSH 0 ; |Arg6 = 00000000
00470580 |. BE 3D9C9B00 MOV ESI,arma.009B9C3D ; |
00470585 |. 56 PUSH ESI ; |Arg5 => 009B9C3D
00470586 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; |
00470589 |. 50 PUSH EAX ; |Arg4
0047058A |. 6A 01 PUSH 1 ; |Arg3 = 00000001
0047058C |. 6A 01 PUSH 1 ; |Arg2 = 00000001
0047058E |. 68 38289200 PUSH arma.00922838 ; |Arg1 = 00922838 ASCII "type"
00470593 |. E8 702BFFFF CALL arma.00463108 ; \arma.00463108
00470598 |. 56 PUSH ESI
00470599 |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]
0047059C |. E8 1F15FCFF CALL arma.00431AC0
004705A1 |. D9EE FLDZ
004705A3 |. 51 PUSH ECX ; /Arg7
004705A4 |. D91C24 FSTP DWORD PTR SS:[ESP] ; |
004705A7 |. 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+C] ; |
004705AA |. 6A 00 PUSH 0 ; |Arg6 = 00000000
004705AC |. 56 PUSH ESI ; |Arg5
004705AD |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] ; |
004705B0 |. 50 PUSH EAX ; |Arg4
004705B1 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
004705B3 |. 6A 04 PUSH 4 ; |Arg2 = 00000004
004705B5 |. 68 BC359200 PUSH arma.009235BC ; |Arg1 = 009235BC ASCII "filename"
004705BA |. E8 C875FFFF CALL arma.00467B87 ; \arma.00467B87
004705BF |. 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]
004705C2 |. E8 499AFBFF CALL arma.0042A010
004705C7 |. 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
004705CA |. 5E POP ESI
004705CB |. C9 LEAVE
004705CC \. C3 RETN
I know I am asking way to much for the fact that I'm some noob, but still i would appreciate a helpful answer.