Novice hacker v7.0

When I installed the typing experts, the music immediately sounded, and it was just a few years ago. Okay,

Click "help"> "software registration"> enter "123465789" at the entry of the registration code (why do you enter 9? -- Read Lao Luo's article :))
Pop-up






That's good. You just need it. Next we will use W32dsm8.93 to decompile it, just a few minutes.
Then, click "Reference"-"Serial reference". If it is too bad, why cannot it be clicked? It is Gray !!!!!

How can this happen? I found goolge and knew there was a shell, so I had a idea. I believe everyone knows what I will do next, right! It's just shelling and taking it off ~
Use peid1_wwt.exe. Here is a tip: After opening peid, right-click the option and add the function. In this way, you can easily find the exe or dll file and view it directly, which is very convenient.
:

It seems to be the UPX shell. Find UpxUnpacker,







Open directly --drag wwt.exe to display it

The shell is removed successfully. check it with peid. No more. What is displayed?

It seems that the verification is successful ~
Download the SDK and decompile it with W32dsm8.93. You can use it for a Haha string reference !!
After opening, find "incorrect registration code! Please input it again !" Double-click it.



Here is the real place to compare the registration code. See the address at the entrance above.
0070727D indicates that the address is called here, so press Shift + F12 (location to) and enter
0070727D, here:









Have you seen jne 00707475? It jumped to "incorrect registration code! Please input it again !" ,
Open it in hiew (before that, remember to disable W32dsm8.93; otherwise, hiew prompts read-only !!!), Find 0070727D directly. (here we can look at the Author: wxfengyun, his post: [original] Teach you how to crack WinRAR4.01 with hiew skills.
Change jne 00707475 To je 00707475
F9 save and exit
Next, run mongowwt.exe.
Enter 123456789 again in the registration code,
What happened?
That's right.
I feel like the sky is flying ~
Exit and save. Then, log on and check that the title bar displays "unregistered version,
It's not good. If it succeeds, stick to it!

Open W32DASM for disassembly again, enter "document record authentication and Assessment System" in "search", and find this location:

This je 007923cc is suspicious ......, Jump in and see:

It turns out that this 00792379 is the place where the call shows "[unregistered version]". Obviously, you just need to change the je 007923cc to jne 007923cc!

Repeat the steps of hiew editing and log on again. Haha

This is a success!
I should write the registration code based on the ID of this level later. I am using brute force cracking. It is best to write the registration machine. I hope you can make a brick!