through video learning, the realization of a simple Traceme blasting. This is not to decipher its serial number, but to identify its own number, not really blasting. (somewhat different from expectations)
First look at the logical structure of this software.
Enter the user name first and serial numbers
and then test Check
just one more mistake. is the loop.
and then it's using OD the software first loads the next file
then press f8 step-by-step view, or
before watching the video directly entered the Getdlgitemtexta Find the test serial number of the place (do not know what the meaning, anyway, for the moment to remember, then slowly learn ~~~ )
Get to a place where you need to execute, set a breakpoint, click check Enter the algorithm inside.
then continue to press F8 look slowly and you'll find something useful.
dword ptr [esp+4c] is the address where the user name is stored , the following sequence number is also the same as push is into the stack, the saying is that the user name is pressed in, and then f8 Go down, there is a jump
It is the jump has been realized, that it is a step above it istest EAX,eaxand this is where you go. User name and serial number, which returns the0000000, which is wrong. (Must be wrong). So this jump, I add a break point, it must be a problem, if not jump is not the wrong? And then I went onF8, go down and see.
It was not long before it jumped the wrong.
then ICtrl+f2re-organize theF9to the breakpoint, modifyNOPdon't let it jump .
And then continue to execute
Sure enough It was a success.
From for notes (Wiz)
OD Debug 2