Ollydbg cracking-Daily Diary V1.9

Software size: 556 KB
Software language: Simplified Chinese
Software type: domestic software/Information Management
Application Platform: Win9x/NT/2000/XP
Launch: http://tianyu717.51.net/

Software introduction:
The Electronic intelligent notebook has many powerful functions such as text processing. It can easily organize Daily diaries and greatly save your time.★Provides the most detailed text processing functions;★Beautiful interface settings;★Built-in multi-user functions that can be used by multiple users;★Direct and concise Management window;★Exclusive "Import and Export" function;★Support Windows 95/98/NT/2000/ME/XP;★It runs very stably and consumes less resources. No additional OCX or DLL is required.

Download http://www.skycn.com/soft/6059.html
-----------------------------------------------------------------------

Author: I want to [dfcg]
Cracking tool: pe-scan V3.31
Ollydbg V1.07
Keymake1.73

The following cracking processes are slow:

1. First, use pe-scan V3.31 to detect the aspack 2.12 shell, and use pe-scan V3.31 to directly shell.

2. Find the "unpack" button on the pe-scan V3.31 interface, click the "start" button, and you will be able to shell the file and generate a custom shell removal file name, for example, after is saved, a shelled file named 123.exe is generated.

3. Now my favorite is playing. Use ollydbg V1.07 to load the program and find the string "pass". I believe you will not be unfamiliar with this English meaning! But why am I looking for this string? This is a clear string similar to the previous cracking failure in finding a registration. However, when you decompress the code to install the software, you still remember to create a new user (marked as 1) to enter the registration page (marked as 2 !, In addition, the online registration authentication (marked as 3) means that it has been authenticated three times or three ways to become a formal registered user.

4. The three methods should always be prompted in the string. Also, the current programming software is basically an English kernel. What is the English pass or pass? The four letters PASS! Right-click the string and choose "drop-down menu"> "Search"> "all reference text strings". Find the strings below:

004E7F29 ASCII "newunit"
004E7F6B mov edx, 123.004E8270 ASCII "book. mdb" → this file is generated in the directory after being decompressed!
004E8045 PUSH 123.004E82F4 ASCII "book. mdb"
004E809E PUSH 123.004E8208 ASCII ". mdb"
004E80D9 PUSH 123.004E8218 ASCII "Provider = Microsoft. Jet. OLEDB.4.0; Data Source ="
004E80E1 PUSH 123.004E8350 ASCII "; Jet OLEDB: Database Password ="
004E80E6 PUSH 123.004E8378 ASCII "muae0115"
004E80EB PUSH 123.004E838C ASCII "; Persist Security Info = False"
004E8122 mov edx, 123.004E83B0 UNICODE "pass"
004E81A0 mov edx, 123.004E83DC ASCII "pass"
004E8270 ASCII "book", 0
004E82F4 ASCII "book. mdb", 0
004E8308 ASCII ". mdb", 0
004E8318 ASCII "Provider = Microso"
004E8328 ASCII "ft. Jet. OLEDB.4.0"
004E8338 ASCII "; Data Source =", 0
004E8350 ASCII "; Jet OLEDB: Datab"
004E8360 ASCII "ase Password =", 0
004E8378 ASCII "muae0115", 0
004E838C ASCII "; Persist Securit"
004E839C ASCII "y Info = False", 0
004E83B0 UNICODE "pass", 0
004E83DC ASCII "pass", 0
004E85E1 ASCII "Panel1"
004E85EE ASCII "Bevel1"
004E85FB ASCII "KvLabel1"
004E860A ASCII "Label1"
004E8617 ASCII "OkSpeedButton"
004E862B ASCII "Edit1"
004E8637 ASCII "SpeedButton1"
004E864A ASCII "SpeedButton2"
004E865D ASCII "ADOTable1"
004E866F ASCII "SpeedButton2Clic"
004E8687 ASCII "OkSpeedButtonCli"
004E8697 ASCII "ck"
004E86A0 ASCII "FormCreate"
004E86B1 ASCII "SpeedButton1Clic"
004E86C1 ASCII "k"
004E86C3 ASCII "TRegform"
004E86F2 ASCII "TRegform"
004E8705 ASCII "Regunit" → see this! Here you are !!!
004E87BC mov edx, 123.004E883C ASCII "pass" → go in here! Double-click it!
004E883C ASCII "pass", 0
004E886F PUSH 123.004E89E4 ASCII "Provider = Microsoft. Jet. OLEDB.4.0; Data Source ="
004E8882 PUSH 123.004E8A1C ASCII "; Jet OLEDB: Database Password ="
004E8887 PUSH 123.004E8A44 ASCII "muae0115"
004E888C PUSH 123.004E8A58 ASCII "; Persist Security Info = False"
004E88B4 mov edx, 123.004E8A7C UNICODE "pass"
004E8908 mov edx, 123.004E8ABC ASCII "pass"
004E8943 mov edx, 123.004E8ABC ASCII "pass"
004E8961 mov edx, 123.004E8ABC ASCII "pass"
004E8975 mov edx, 123.004E8ABC ASCII "pass"
004E89E4 ASCII "Provider = Microso"
004E89F4 ASCII "ft. Jet. OLEDB.4.0"
004E8A04 ASCII "; Data Source =", 0
004E8A1C ASCII "; Jet OLEDB: Datab"
004E8A2C ASCII "ase Password =", 0
004E8A44 ASCII "muae0115", 0
004E8A58 ASCII "; Persist Securit"
004E8A68 ASCII "y Info = False", 0
004E8A7C UNICODE "pass", 0
004E8ABC ASCII "pass", 0
004E8AD6 PUSH 123.004E8AF0 FileName = "http://tianyu717.51.net"
004E8AF0 ASCII "http: // tianyu717"
004E8B00 ASCII ".51.net", 0
004E8B60 DD 123.004E8DDC ASCII 0A, "Tloginform"
004E8C8D ASCII "Edit2"
004E8C99 ASCII "ADOTable1"
004E8CA9 ASCII "Panel1"
004E8CB6 ASCII "Image1"
004E8CC3 ASCII "KvLabel1"
004E8CD2 ASCII "KvLabel2"
004E8CE1 ASCII "OkSpeedButton"
004E8CF5 ASCII "SpeedButton1"
004E8D08 ASCII "SpeedButton2"
004E8D1B ASCII "combox1"
004E8D2B ASCII "FileSearch1"
004E8D3F ASCII "okButtonClick"
004E8D53 ASCII "newButtonClick"
004E8D68 ASCII "noButtonClick"
004E8D7C ASCII "FormClose"
004E8D8C ASCII "Edit2KeyPress"
004E8DA0 ASCII "FormCreate"
004E8DB1 ASCII "FileSearch1FileF"
004E8DC1 ASCII "ind"
004E8DCB ASCII "FileSearch1Finis"
004E8DDB ASCII "h"
004E8DDD ASCII "Tloginform"
004E8E12 ASCII "Tloginform"
004E8E27 ASCII "logunit"
004E8E94 mov ecx, 123.004E914C ASCII ". mdb" → this file is generated in the directory when you create a new user!
004e8mcm PUSH 123.004E9174 ASCII "Provider = Microsoft. Jet. OLEDB.4.0; Data Source ="
004E8EDE PUSH 123.004E91AC ASCII "; Jet OLEDB: Database Password ="
004E8EE3 PUSH 123.004E91D4 ASCII "muae0115"
004E8EE8 PUSH 123.004E91E8 ASCII "; Persist Security Info = False"
004E8F1F mov edx, 123.004E920C UNICODE "pass"
004E8F8E mov edx, 123.004E9238 ASCII "pass"
004E8F98 mov edx, 123.004E9248 ASCII "100"
004E8FE9 mov edx, 123.004E9238 ASCII "pass"
004E9019 123.004E90DB
004E9036 mov edx, 123.004E9238 ASCII "pass"

5. I found all these three certifications and double-click them here:

004E87BC |. BA 3C884E00 mov edx, 123.004E883C; ASCII "pass"

6. Here we will find the first jump to the next hop, and then the key CALL to the next hop. Now we can find the next hop! See the following:

004E87A8 |. 8B45 F8 mov eax, dword ptr ss: [EBP-8]
004E87AB |. 8B55 fc mov edx, dword ptr ss: [EBP-4]
004E87AE |. E8 29C0F1FF CALL 123.004047DC → key CALL, which is disconnected!
004E87B3 |. 75 3F jnz short 123.004E87F4 → key redirect
004E87B5 |. 8BC3 mov eax, EBX
004E87B7 |. E8 1883 fcff call 123.004B0AD4
004E87BC |. BA 3C884E00 mov edx, 123.004E883C; ASCII "pass"

7. Click 7979797979 e87ae, press F2 to disconnect, and then press F9 to run the software. In the registration window, enter the random number in the box, for example, click "registration confirmation! When the sun comes out, all you need is here, but if you want to do a memory registration machine, you need to keep the following record with me.

8. record the following data, and you can make a registration machine with me:

Data Record in the upper right window:

EAX 0121A544 ASCII "7979797979" found this is my false code!
EAX 00000014
EDX 01218B7C ASCII "618169496" contains the real registration code!

Data Record in the upper left window: