My Overlay processing and re-Learning

[Cracked by] stasi [DCM] [BCG] [DFCG] [FCG] [OCN] [CZG] [D.4s]
[Author mailbox] stasi@163.com
[Author's homepage] stasi.7169.com
[Tools] ollydbg winhex
[Cracking platform] Win9x/NT/2000/XP
[Software name] Host-mounted acceleration plug-in 2.1
[] Www.wgdown.com prayer Studio
[Software Overview] Unusual plug-ins: users with charges can use them normally;
The cost of this plug-in is 300 RMB/year (upgrade is provided)
RMB 200/six months (upgrade available)
[Software size] 5 m
[Shelling method] aspack
[Statement of cracking] I am a cainiao. I have some occasional experiences. I 'd like to share with you :)
--------------------------------------------------------------------------------
[Cracking content]

I read the article "talking about the additional data problem (overlay) in Shell shell" written by Lenus. It's awesome, with a clear concept and a fresh structure!
I just saw someone giving me something on the Forum and I learned it myself :)

Peid-> ASPack 2.12-> Alexey Solodovnikov [overlaps]

How to shell is irrelevant to the Article. Either stripper or api repair is acceptable.

After the shell is run, the setting star dialog box is displayed, indicating that the original tail data is not correctly read and must be corrected!

The theoretical part can be viewed in "shappan", which is a little rubbish when I write it. You can skip it and not read it :)
00616070 8B45 F8 mov eax, dword ptr ss: [ebp-8]
00616073 BA B0616100 mov edx, fsbwg21.006161B0; ASCII "fsjm ipd W32"
00616078 E8 DBEDDEFF call fsbwg21.00404E58
0061607D 0F85 E4000000 jnz fsbwg21.00616167
00616083 8B03 mov eax, dword ptr ds: [ebx]
00616085 8B10 mov edx, dword ptr ds: [eax]
00616087 FF12 call dword ptr ds: [edx]

Ds: [00413434] = 004218B4 (fsbwg21.004218B4)

00616089 52 push edx
0061608A 50 push eax
0061608B 8B06 mov eax, dword ptr ds: [esi]
0061608D 99 cdq
0061608E 290424 sub dword ptr ss: [esp], eax

Eax = 0000000C
Stack ss: [0012FF24] = 000D267F

00616091 195424 04 sbb dword ptr ss: [esp + 4], edx
00616095 58 pop eax
00616096 5A pop edx
00616097 83E8 08 sub eax, 8
0061609A 83DA 00 sbb edx, 0
0061609D 52 push edx
0061609E 50 push eax
0061609F 8B03 mov eax, dword ptr ds: [ebx]
006160A1 E8 FAB7E0FF call fsbwg21.004218A0

004218A0 = fsbwg21.004218A0

006160A6 8D55 F0 lea edx, dword ptr ss: [ebp-10]
006160A9 8B03 mov eax, dword ptr ds: [ebx]
006160AB B9 04000000 mov ecx, 4
006160B0 E8 F7B9E0FF call fsbwg21.00421AAC
006160B5 8B45 F0 mov eax, dword ptr ss: [ebp-10]
Stack ss: [0012FF58] = 000D265A

006160B8 99 cdq
006160B9 52 push edx
006160BA 50 push eax
006160BB 8B03 mov eax, dword ptr ds: [ebx]
006160BD E8 DEB7E0FF call fsbwg21.004218A0
006160C2 8BD6 mov edx, esi
006160C4 8B03 mov eax, dword ptr ds: [ebx]
006160C6 B9 04000000 mov ecx, 4
006160CB E8 DCB9E0FF call fsbwg21.00421AAC
006160D0 8B06 mov eax, dword ptr ds: [esi]
006160D2 3B45 F0 cmp eax, dword ptr ss: [ebp-10]
006160D5 74 37 je short fsbwg21.0061610E
006160D7 8D45 F8 lea eax, dword ptr ss: [ebp-8]
006160DA 8t8 mov edx, dword ptr ds: [esi]
006160DC E8 B7EFDEFF call fsbwg21.00405098
006160E1 8B55 F8 mov edx, dword ptr ss: [ebp-8]
006160E4 8B03 mov eax, dword ptr ds: [ebx]
006160E6 8B0E &