Disassembly Hack Primer

The first example of this book, "Encryption and decryption", is the search for strings, but now many of the software is not done in this way. As a rookie, you want to study how to use the API breakpoints to complete the anti-compilation. The simplest serial number saver is used as a practiced hand tool.

First Open ollydbg Open the software to be cracked, add API breakpoints. Of course, before the software has been running, roughly know the type of pop-up, so it is natural to choose MessageBoxA () and MessageBoxW () (because do not know the character type).

Then run, random enter the serial number, found that the breakpoint is broken here:

Well, it's supposed to be the legendary MessageBox (). Now return to the location of the call function along the stack:

OllyDbg is a good thing, the whole function process is marked out. Now go ahead and see exactly where this function was called. As a result, I went up there and met two places:

As a rookie, I spent a long time in these two places, the results of no gains. In fact, these two functions are not judgment functions. My gut feeling is that it's a judgment function (well, I judge every time I write code). But not really. Keep looking up, there's a SETWINDOWPSO (). If you want to go, it might be to initialize the MessageBox (). In fact, I found that I was also funny, because looking up a register window, there are:

I mean, there's obviously a "wrongxxx" that's going to be written. Obviously here is still the place to prepare the MessageBox ().

OK, now go up and get out of this call.

Where there are multiple calls, try each one, and then take a few more breakpoints. To see where it was called:

Rerun and find that the breakpoint is broken here:

NN, here seems to be the serial number program their own function, unfortunately I still owe, I really do not understand why the direct window to play the place specifically has a call--.

Along the jumping turn, here:

In fact, here can be seen, obviously here is a number of judgments of the place, error pop-up window. On the top of the place breakpoint, if you worry about not, just set a few more breakpoints. But here is the trouble, must but not enter, hey. This 300KB small program is OK, the big program is annoying. Well, obviously the top one has to go through, so that's him. So, know the user name:

Enter the correct user name, run again, come to another function that authenticates the password, get

At this time found that Yi Yi yi yi yi yi yi!!??? Why are you so familiar? This familiar taste, this familiar taste, this familiar sound, is not

Well, I'm thinking, I always think that the function starts with push. If you follow the method in the book, the direct reference string will be solved, I actually spent two days of time. 0.0

As the accumulation of experience ....

Disassembly Hack Primer