Of course, it is more convenient to use the above super string reference + plug-in. In the Disassembly window, right-click a menu and choose search> all reference text strings and click: Start ollydbg, select the menu File> open the crackme3.exe file, and we will stop here:
Now, we will display "Wrong serial, try again!" In this error dialog box today !". We are at the "register now !" Click the button to bring up a dialog box:
This crackme has already lost both the user name and registration code, saving us the trouble of getting started. Let's first run this crackme (detected by peid, It is compiled by Delphi). In special cases, we can also debug with shell. If there is shell, we should try to take off the shell and then use ollydbg for debugging. Such shell checking tools include peid and Fi. If there is no shell, let's see what compiler the program is compiled, such as Vc, Delphi, and VB. After obtaining some basic information about the program, we also need to use the shell check tool to check whether the program has been shelled. To register it as the official version, you must complete the code by yourself. If none of these are, the original program is only a trial version with incomplete functions. If the registration code is not entered, consider whether to read the registry or key file (generally referred to as Keyfile, that is, the program reads the content of a file to determine whether to register ), other tools can be used for analysis. It also leaves some useful clues for us to crack it.
If the serial number method is used, you can take a false one and try it to see how it works. It is best to take a look at the help documentation to familiarize yourself with the use of the software, let's look at the registration method.
Let's first talk about the general software cracking process: Do not use ollydbg to debug a software first, and run it first. The attachment is a file after shelling and can be used directly. We are mainly familiar with the general method of using ollydbg to crack. At the beginning, no shell is involved in cracking. Today's goalProgramIt is CFF crackme #3 in the image package attached to the first version of "encryption and decryption", which adopts the username/serial number protection method. In the previous article, we started to crack the attack. Ollydbg entry series (2)-string reference Because of my own mistakes, I am sorry for the confusion in reading! This time I modified some of the articles, all of them were operated using the OD built-in function, and several images were recreated. As a result, the case score in the comment is unclear and confusing when the original article is written. The modified plug-in automatically adds the stringsCodeIt is followed by a comment, and all the letters are in lower case. Http:///showthread.php? S = & threadid = 24703.Īfter checking, we found that it was a writeArticleYou have used the modified ultra string reference plug-in to search for strings.