Break the API Breakpoint method

Last to everyone to do the hack tutorial, address is http://www.52pojie.net/thread-52719-1-1.html, using the call stack method. Today provides a new way for novices to "API function breakpoints", this method requires you to remember common API functions, I have to organize some common API breakpoints:

String: Getdlgitemtexta, getwindowtexta These two functions use the program to read characters entered by the user
dialog box: MessageBoxA This function is used to eject the message box "registration succeeded", "registration failed"

In fact, there are registry classes, but for beginners, first grasp the three.


Today we take the "Terminator file encryption Master" to illustrate that the program I have taken off the shell, although the Peid display can not be identified, but look at the program entrance, it seems to be written in assembly language. Well, no matter how much, run the software first

The first time you run this software, the program directly into, we can click "Set Password" to set the password, so that in the future run will prompt for the password (you can set the password, the following is to crack this password, it is best not to remember the password you lose, so more challenging)

then we are going to crack this "password function", so that we can enter any password to use the software
How to crack it? We can use the method of the last tutorial to crack or use the API function
We first load with ollydbg and then enter "Bpx messageboxa" in the Command box in the lower left corner of OllyDbg, where the "bpx" is the meaning of the breakpoint on all calls.

then hit enter, then run the software, enter any password, when you click "OK", ollydbg will prompt the software pause, then "API Breakpoint" worked. On the picture is the code after the pause

we can analyze the code, there is no suspected key nearby. How could that be? Let's look at the picture .

The Parent program calls the subroutine (call), so what we see now is the subroutine, which is used to complete the "password error" subroutine, and we have to find the parent program that controls the subroutine. We press F8 to step, walk through the "RETN" command will come to call the program's parent program. , we went through 2 "RETN" to the position we were looking for.

come here

We analyze, it seems that the 00403793 is the key jump, so we modified to try, in this line of code right-click, select "Assembly", the original "Je" to "jnz".


let's try saving the file .


run it and enter the password at will.
Well, the tutorial is over, and this tutorial should be easier to understand than the previous one. Another hint, I later found that the password of this program is saved in the registry: Hkey_local_machine\software\sfolder, where the value of code is the password.
attached: http://u.115.com/file/f3fc16f06 Terminator file encryption master. RAR