About OD universal breakpoint settings-[posting]

Source: Internet
Author: User
About OD universal breakpoint settings-[posting]
A favorite article on the fashion Forum
-- Author: red fire
-- Release Date: 20:35:00

Operations on OD universal breakpoint settings, applications, and plug-ins

The younger brother recently gave a graphic tutorial on how to set up the application of the OD universal breakpoint. He looked at the text in E. In view of the poor compilation of the younger brother, the OD is not familiar with it, and the E text cannot work either, after two days of hard work, I tried eight cracking exercises in this way (I solved four and broke one, but the other three did not understand what happened, which Eldest Brother is familiar with it? Give me some advice. the operations are as follows:

(1) OD loader (shelled or unshelled), right-click "Search"-"name in current module", select "user32.translatemessage ", right-click "Recording breakpoints in import conditions"

(2) condition: "MSG = 201" (or 202); Note: NULL; expression: "MSG"; Value of the decoding expression: "assumption by expression ";

Pause the program: select [when the condition is met]; the other two: select [never]; The number of times the condition is met: "0" (or "1", or "2", try ), click OK.

(3) Run F9 and enter a registration name and a registration code (if you lose it at will, however, some require the registration name to be at least 6 characters, for example, toshba/33333 ), program interruption in a "pushi ESI" place .., then alt-m to check the memory, right-click "Search"-ASCII code "33333", find and black "33333", and break down the memory access breakpoint, then f9. the address where the program is interrupted is a universal breakpoint. (I don't know why, as I said in the book ?), I tried several times, my machine (winXP-sp2), once is "77d29303", another few times to get is "77e8839b", it seems wrong Oh, do not understand ah. simply use it to say "77d29303 .. (What is wrong with my operations ..... looking forward ....)

(4) re-load the program with OD, run the F9, add a name and registration code (such as toshba/33333), and click OK or not,

(5) alt + e, view the executable module, double-click "user32.dll", and press Ctrl + G to go to the "77d29303" where the memory access is interrupted.

(6) click confirm registration (or OK or check ).

(7) When the interruption occurs, you can see "toshba", and then F9. Then you can see "33333", and then F8 goes to "Call user32.77d28c15" in a single step, click the address at "EDI", right-click "中 ", and click" 中 ". Check the memory access breakpoint in the "33333" "33333. f9. well, it's out. The register window in the upper right corner shows "33333". The string next to it is the real registration code .......

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.