About OD universal breakpoint settings-[posting]
A favorite article on the fashion Forum
-- Author: red fire
-- Release Date: 20:35:00
Operations on OD universal breakpoint settings, applications, and plug-ins
The younger brother recently gave a graphic tutorial on how to set up the application of the OD universal breakpoint. He looked at the text in E. In view of the poor compilation of the younger brother, the OD is not familiar with it, and the E text cannot work either, after two days of hard work, I tried eight cracking exercises in this way (I solved four and broke one, but the other three did not understand what happened, which Eldest Brother is familiar with it? Give me some advice. the operations are as follows:
(1) OD loader (shelled or unshelled), right-click "Search"-"name in current module", select "user32.translatemessage ", right-click "Recording breakpoints in import conditions"
(2) condition: "MSG = 201" (or 202); Note: NULL; expression: "MSG"; Value of the decoding expression: "assumption by expression ";
Pause the program: select [when the condition is met]; the other two: select [never]; The number of times the condition is met: "0" (or "1", or "2", try ), click OK.
(3) Run F9 and enter a registration name and a registration code (if you lose it at will, however, some require the registration name to be at least 6 characters, for example, toshba/33333 ), program interruption in a "pushi ESI" place .., then alt-m to check the memory, right-click "Search"-ASCII code "33333", find and black "33333", and break down the memory access breakpoint, then f9. the address where the program is interrupted is a universal breakpoint. (I don't know why, as I said in the book ?), I tried several times, my machine (winXP-sp2), once is "77d29303", another few times to get is "77e8839b", it seems wrong Oh, do not understand ah. simply use it to say "77d29303 .. (What is wrong with my operations ..... looking forward ....)
(4) re-load the program with OD, run the F9, add a name and registration code (such as toshba/33333), and click OK or not,
(5) alt + e, view the executable module, double-click "user32.dll", and press Ctrl + G to go to the "77d29303" where the memory access is interrupted.
(6) click confirm registration (or OK or check ).
(7) When the interruption occurs, you can see "toshba", and then F9. Then you can see "33333", and then F8 goes to "Call user32.77d28c15" in a single step, click the address at "EDI", right-click "中 ", and click" 中 ". Check the memory access breakpoint in the "33333" "33333. f9. well, it's out. The register window in the upper right corner shows "33333". The string next to it is the real registration code .......