Rookie's ollydbg1.08b teaching supplementation articles ollydbg's Attach features used We all know that WinHex can search for the search characters in memory, if it is a clear comparison, enter the fake registration code can find true near him. Registration code` ~~~~~~~~~~~~~~~
When we use TRW and Softice, we can enter the program directly, enter the registration name, false serial number, then enter the TRW / Softice setting breakpoint. Return to Windows, point if the breakpoint is set correctly. We will be interrupted in the breakpoint, then ~~~~~~~~~ start analysis ~~~~~~~~~~~~~ ------------------------------------------------------------------------------------------------------------------ ---------------------------------- So our OLLYDBG can this? I don't think I can't do it. After Peterchen Big brother, referring to the article, seeing the savage, find that there are these features! Not only, and very powerful !!!!! Big arrival, I don't know how to describe !!!!!!! (terrible!) The above and the following applications are summarized: OLLYDBG is the collection of crack tools suitable for Windows various platforms !!!! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
First introduce Attach under the file menu (additional)
This is an OLLYDBG instructions. You can use Ollydbg Attach in the running program. Select File | Attach and select the running program in the list: Do not try to try the ATTACH system, which will cause the system to crash (To tell the truth, in general, the operating system will not let you go to Attach sensitive process) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ First of all, let's demonstrate the function of WinHex: first run Flash conversion decryption, then run ollydbg , Click on the ATTACH in the File menu, select Flash conversion decryption process, choose Attach, this time you have to wait for 6-8 seconds, wait for him to completely load, right key analysis code (analysis Code), then run again, return to the program to enter the registration screen, enter the name point to get the ID, enter the fake registration code, press "OK", and jump out the error screen. Returns OLLYDBG, point pause, then we entered the Memory (memory) of the View menu, a window, click the window to right click, Serch for-binary string, enter you in the ASCII box Just entered the fake registration code, point OK
Wait ~~ For a while, he will find your fake registration code in the pop-up window, you look down on 00D05D64 (this is my computer address) place to find true registration code, he is and id on a chat Yes ~ :-)
Ha ha ~~ I saw it, how is he better than WinHex? ~~~ ################################################################################################################################################################################################################################################### #####################################################
1 Start, first run Flash conversion decryption, then run ollydbg, click on ATTACH under the File menu, select Flash to convert the decryption process, choose Attach, this time you have to wait for 6-8 seconds After the clock, wait for him to completely load, then right key code code, then run again, return to the program to enter the registration screen, enter the name of the name to get the ID, enter a false registration code, press "OK", and jump out the error. Screen 2. Enter OLDBG, press Alt M, in the MEMORY MAP window, select the Flash conversion decryption CODE segment, right click on the Dump IN CPU (in the CPU) 4. In the Memory window of the CPU window, Search for binary String (Search 2 credit characters), type "Registration Code Error" at ASCII, and find it after Search
004D1314 A3 A1 D0 BB D0 BB C4 FA! Thank you 004D131C CA B9 D3 C3 B1 BE C8 ED Using this soft 004D1324 BC Fe A3 A1 0D 0D B3 CC piece! .. Cheng 004D132C D0 F2 D0 E8 D2 AA D6 D8 sequence requires weight 004d1334 d0 C2 C6 F4 B6 A3 AC new start, 004d133C C7 EB B5 E3 BB F7 A1 B0 Click "004D1344 C8 B7 B6 A8 A1 B1 B0 B4 to determine" Press 004D134C C5 A5 A3 A1 00 00 00 00 00! .... 004d1354 D7 A2 B2 E1 C2 EB B4 ED Registration Code Version 004D135C CE F3 A3 AC C7 EB D6 D8 error, please weight 004d1364 D0 CA E4 C8 EB new input
5. Right-click on the check, select Find Refrence, only one result, double click, you can see the following code at the Dissamble window.
004d11ec |. A1 107A4D00 MOV EAX, DWORD PTR DS: [4D7A10] 004d11F1 |. 8B00 MOV Eax, DWORD PTR DS: [E844D11F3 |. E8 4493F7FF Call Flash Transfer "0044A53C: [004D11F8 |. A1 107A4D00 MOV EAX, DWORD PTR DS: [4D7A10] 004D11FD |. 8B00 MOV EAX, DWORD PTR DS: [E8 9492F7FF |. E8 9492F7FF CALL FLASH Turn 0044A498: [004D1204 |> 8bc3 MOV EAX, EBX 004D1206 |. E8 D51BF3FF Call Flash Run? 00402DE0 004d120b |. EB 34 JMP SHORT FLASH Trip? 004d1241 004d120D |> 6a 00 push 0 // Remember this death intersection? 004D120F |. B9 74124D00 MOV ECX, Flash Transfer? 004d1274 004d1214 |. 004d1354c
Summary: 1. First of all, this software plus the shell, we don't take care of him, and find it directly, then find the key, it is difficult to achieve! 2 Tips always generate in practice. Skillful The effect of using ollydbg can play a half-time, I (rookie) Write this message I think of the effect of throwing bricks.
WinRoot 2003, 1,27
