Crack the QQ ghost record viewer v9.32

This article is intended for beginners.
This software is shelled. It is very easy to keep going. Soon you can get to oep and then shell it with the Od plug-in,
 
After the shell is removed, it is now cracked.
In fact, the most important thing to crack is to find a cracking point. The following is a cracking point,
 
Click mailbox settings. A prompt box is displayed, indicating that the version is not registered.
This indicates that the user has checked whether the user is registered before the prompt box is displayed. So press F12 in od to pause and view the stack,
 
 










Go to function 0x405120, and check its return value.
 
Modify the return value of 0x405120 as needed, and save the changes to the file,
 
Finally, reload the program and run the f9 command at 0x405120. Because 0x40512 does not return 0 values, we do not know the purpose of tracking. In the first two cases of disconnection, the return value is simply determined to be 0. There is nothing special about the return value. After the operation continues, it comes to the third place:
 




Here, the returned value is determined, and saved to a variable as needed. Modify the value in the figure. Save the modification and complete the cracking.

 


 
 
 
For the first time, I hope it can help people who need it.

Www.2cto.com:

Note:


The test was completed and no brute-force cracking was successful. As long as the software is successfully registered, any version of the software will be displayed as successful. It is estimated that the lz was successful. Haha.
Super String reference, entry 254
Address = 0040971C
Disassembly = mov esi, dump-already? 004C8324
Text string = Thank You For Your registration! \ R \ n restart software will display complete chat records \ r \ n welcome to try out other software in this studio \ r \ n Xinghai QQ password recorder \ r \ n Xinghai remote control \ r \ n For details see http://www.chakanqq.com \ r \ n after-sales customer service QQ: 36317375
 
Super String reference, entry 259
Address = 00409825
Disassembly = PUSH dump-already? 004C8310
Text string = enter the correct registration code
 
Modify it here. Just drop nop and enter the password change. Just click Register.
Good luck actually showed me my QQ record. Ah, my QQ record is 2012.