Lan viewing tool V1.70 cracking tutorial

[Author]: 8568309
[Author's email ]:........
[Author's homepage ]:...........
[Author's QQ number ]:.................
[Software name]: Lan viewing tool V1.70
[Software size]: 156kb
[]: Search and download by yourself
[Shelling method]: None
[Protection method]: No shell, Simple Algorithm
[Programming language]: vc 6.0
[Tools]: PEID, OD
[Operating platform]: xp2
[Software introduction]: Check it by yourself
[Author's statement]: I am only interested and have no other purpose. For errors, please enlighten us!
--------------------------------------------------------------------------------
[Detailed process]
I haven't posted any tutorials for a long time, so I'm a lot lazy. I am going to send this article to the hidden groups to commemorate ~~~~~
1. Shell check
No shell, written in Microsoft Visual C ++ 6.0
2. Cracking ideas
After trying to register, the node does not respond to registration, and the MessageBox breakpoint cannot be reached. Check the characters in OD, but you can find them.
00405264. 68 C0434100 push LAN check. 004143C0; registration successful, please run the program again
3. Cracking
Now that you can find the key point, go to the first F2 breakpoint.
004051A0. 64: A1 0000000> mov eax, dword ptr fs: [0] // F2 breakpoint
004051A6. 6A FF push-1
004051A8. 68 78D54000 push LAN query. 0040D578; song
004051AD. 50 push eax
004051AE. 64: 8925 00000> mov dword ptr fs: [0], esp
004051B5. 83EC 0C sub esp, 0C
Run the program, click Register, and enter
Username: 8568309
Registration Code 1234567890
Click "register". If the node is successfully disconnected, press F8 for analysis.
004051A0. 64: A1 0000000> mov eax, dword ptr fs: [0]; disconnected here
004051A6. 6A FF push-1
004051A8. 68 78D54000 push LAN query. 0040D578; song
004051AD. 50 push eax
004051AE. 64: 8925 00000> mov dword ptr fs: [0], esp
004051B5. 83EC 0C sub esp, 0C
004051B8. 53 push ebx
004051B9. 56 push esi
004051BA. 57 push edi
004051BB. 8BF1 mov esi, ecx
004051BD. 6A 01 push 1
004051BF. E8 1C710000 call <jmp. & MFC42. #6334>
004051C4. 8D7E 60 lea edi, dword ptr ds: [esi + 60]
004051C7. 8BCF mov ecx, edi
004051C9. E8 96710000 call <jmp. & MFC42. #6282>
004051CE. 8D5E 64 lea ebx, dword ptr ds: [esi + 64]
004051D1. 8BCB mov ecx, ebx
004051D3. E8 8C710000 call <jmp. & MFC42. #6282>
004051D8. 8B07 mov eax, dword ptr ds: [edi];
004051DA. 8378 F8 09 cmp dword ptr ds: [eax-8], 9; username Count must be 9
004051DE. 0F85 A4000000 jnz LAN check. 00405288
004051E4. 8B03 mov eax, dword ptr ds: [ebx]; put the false registration code to eax
004051E6. 8078 01 31 cmp byte ptr ds: [eax + 1], 31; false? compared with 31, the second digit does not end the jump.
004051EA. 0F85 98000000 jnz LAN check. 00405288; so the second digit of the registration code is 1
004051F0. 8A48 04 mov cl, byte ptr ds: [eax + 4]; the fifth ASCII is sent to CL
004051F3. 80F9 39 cmp cl, 39; compared with 39, do not jump to the end
004051F6. 0F85 8C000000 jnz LAN check. 00405288; so the fifth digit is 9
004051FC. 8078 06 39 cmp byte ptr ds: [eax + 6], 39; the seventh digit is also 9
00405200. 0F85 82000000 jnz LAN check. 00405288
00405206 07 37 cmp byte ptr ds: [eax + 7], 37; the eighth digit is 7
0040520A. 75 7C jnz short LAN query. 00405288
0040520C. 8078 09 35 cmp byte ptr ds: [eax + 9], 35; tenth digit: 5
00405210. 75 76 jnz short LAN lookup. 00405288
00405212. 51 push ecx
00405213. C605 44444100> mov byte ptr ds: [414444], 1
0040521A. 8BCC mov ecx, esp
0040521C. 896424 10 mov dword ptr ss: [esp + 10], esp
00405220. 68 DC434100 push LAN query. 004143DC; softwarelansee
00405225. E8 686D0000 call <jmp. & MFC42. #537>
0040522A