Cainiao's ollydbg1.08b tutorial

Before writing, let's talk nonsense (who threw the banana peel, eggs ^ ):

Ollydbg is a powerful software. I used to use it (not used to), and many classic tutorials use trw and softice as sample tools.
Beginners (people like me) often get started with these tools and use them for exercises! It can be said that it is ready for use!
I am new to the dynamic debugging function of ollydbg!

Now a very practical problem has changed my habits. My keyboard and mouse are usb, and the display is right for me! Neither trw nor softice can be used!
I had to learn to use ollydbg. it was so good to find this item !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* During dynamic debugging, you can also listen to songs and chat bubble mm (TRW, SOFTICE can only be black screen)
* Convenient debugging and function reference. You can add comments at will to easily copy the changes to the stack. ^
* The interface is beautiful. You can set the background color at will!
* Powerful right-click function, which is especially convenient to use! (Especially suitable for elderly and children ~~~~)
* I cannot tell it ~~~ Discover other advantages by yourself !!!
I am a newbie. It takes a long time for me to get into touch, and my mind is not very good. The level is very low. please correct me when I say something wrong !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OLLYDBG introduction ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~
Now let me introduce this cainiao to the cainiao:
1 * working interface: (from the top down)

You can see the title bar, menu bar, and toolbar. (You don't have to explain the terms !)
Remember: all functions of the toolbar can be found in the menu bar. The toolbar is a shortcut button in the menu bar (nonsense !)
The detailed functions are described below!
There are four windows: code window (top left), register window (top right), memory window (bottom left), and Stack window (bottom right)

2 * menu bar commands
* File (F) ---- are these commands used?
| ____ Note ** the lower part of the menu contains the record you opened last time, which stores the breakpoint you did not clear last time ** note **

* View (V) ------ this menu only describes what I usually use. I won't use anything else! :-)
|____ Execution module (shortcut: ALT + E): view the dynamic connection library used by the Program (my understanding)
|
|____ Breakpoint (shortcut: ALT + B): This is an auxiliary function to view all your breakpoints (sometimes you forget where you set them.
So much will happen to me! :-(

* Debugging (D) ------- this menu is the key. If you don't understand it, Don't debug the software! It is also common!
| _______ Run (F9) after loading the program, run it!
|
| _______ Pause (F12)
|
| _______ One-step incoming CALL (F7! Enter this child process! Line: "follow in"
|
| ______ SKIP (F8) in a single step and fail to go to the CALL! Don't go to the internal process of the pipe! This is often used for the first rough heel!
|
| ______ Execution to return (ALT + F9) is the return statement that executes to this child program!

The remaining menus are not important ~ I am not paying for it anymore ~~~ I am "the world's first lazy" (name given to me by Emperor Qianlong)
We know that we can start work ~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Instance analysis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
Objective: To Build 2.1 in FlashPT 3067
Cracked by: winroot
Tools: PEiD, W32DASM, ASPACKDIE, OLLYDBG
Objective: An ollydbg tutorial. The software is relatively simple!
: Http://www.softreg.com.cn/shareware_view.asp? Id =/4C7E305E-226A-43B9-98D2-BE0410D46806/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cracking Process ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cracking Process:
After the software is installed, three components are registered.
I select Flash conversion and decryption

1 * PEiD shell check, ASPack 2.12-> Alexey Solodovnikov
2 * the file name is unpacked.exe after aspackdieshelling.
3 * use W32DASM for static analysis!
Unzip unpacked.exe --> decompilation --> click "Reference" on the menu bar to select string data reference.
"Incorrect registration code" found. Please enter it again! "Double-click here
* Referenced by a (U) nconditional or (C) onditional Jump at Address:
|: 004D1174 (C)
| ~~~~~~~~~~~~~~~~~~~~ It's from here. Let's take a look.
: 004D120D 6A00 push 00000000

* Possible StringData Ref from Code Obj-> "prompt"
|
: 004D120F B974124D00 mov ecx, 004D1274

* Possible StringData Ref from Code Obj-> "incorrect registration Code. Please enter it again! "

####################### We have arrived at 004D1174 ############# ################
: 004dda-b 8B55E4 mov edx, dword ptr [ebp-1C]
: 004d0000e 58 pop eax
: 004d0000f E8C42CF3FF call 00403E38
: 004D1174 0F8593000000 jne 004D120D; see it! From here we go to death!
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
: 004D117A B201 mov dl, 01
: 004D117C A1DCCA4400 mov eax, dword ptr [0044 CADC]
: 004D1181 E856BAF7FF call 0044 CBDC
: 004D1186 8BD8 mov ebx, eax
: 004D1188 BA02000080 mov edx, 80000002
: 004D118D 8BC3 mov eax, ebx
: 004D118F E8E8BAF7FF call 0044CC7C
: 004D1194 B101 mov cl, 01

* Possible StringData Ref from Code Obj-> "softwaremicrosoftwindowscurrentversionchan"
-> "Gid"
|
: 004D1196 BA98124D00 mov edx, 004D1298
: 004D119B 8BC3 mov eax, ebx
: 004D119D E83EBBF7FF call 0044CCE0
: 004D11A2 84C0 test al, al
: 004D11A4 745E je 004D1204
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Partial Code omitted

* Possible StringData Ref from Code Obj-> "prompt"
|
: 004D11E2 B974124D00 mov ecx, 004D1274

* Possible StringData Ref from C