|
Tutorial Cracking : RegDoctor v2.24
|
Target :
RegDoctor v2.24
Tool :
OllyDebug Defixed
Exe Info PE
RegDoctor uses an intelligent, high-performance detection engine to quickly identify missing and invalid references in your Windows registry.
It will provide a list of the registry problems found, and rate the risk of each problem using an easy to understand color-coded system for your information.
You can choose to have RegDoctor automatically repair all identified problems, or more selectively choose which problems to repair immediately.
Untuk memastikan proteksi softwarenya, langsung cek dengan Exe Info PE.
"MS Visual Basic 5.0-6.0 EXE"
Buka file RegDoctor.exe dengan OllyDebug DeFixeD.
Langsung cari "Referenced Text Strings"
Masukkan kata "activation".
Jangan lupa hilangkan tanda di case sensitive dan tandai entire scope.
Kita berada dialamat
0061C8D0 PUSH 00411FAC UNICODE "\ActivationKey"
Klik dua kali dialamat diatas
0061C880 55 PUSH EBP
0061C881 8BEC MOV EBP,ESP
0061C883 83EC 08 SUB ESP,8
0061C886 68 A62E4000 PUSH ; SE handler installation
0061C88B 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0061C891 50 PUSH EAX
0061C892 64:8925 00000>MOV DWORD PTR FS:[0],ESP
0061C899 83EC 18 SUB ESP,18
0061C89C 53 PUSH EBX
0061C89D 56 PUSH ESI
0061C89E 57 PUSH EDI
0061C89F 8965 F8 MOV DWORD PTR SS:[EBP-8],ESP
0061C8A2 C745 FC B0294>MOV DWORD PTR SS:[EBP-4],004029B0
0061C8A9 33F6 XOR ESI,ESI
0061C8AB BA D01F4100 MOV EDX,00411FD0 ; UNICODE "Value"
0061C8B0 8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0061C8B3 8975 E8 MOV DWORD PTR SS:[EBP-18],ESI
0061C8B6 8975 E4 MOV DWORD PTR SS:[EBP-1C],ESI
0061C8B9 8975 E0 MOV DWORD PTR SS:[EBP-20],ESI
0061C8BC FF15 1C124000 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy
0061C8C2 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0061C8C5 68 14224100 PUSH 00412214 ; UNICODE "Not Valid"
0061C8CA 50 PUSH EAX
0061C8CB 68 7CA74000 PUSH 0040A77C ; UNICODE "SOFTWARE\InfoWorks Technology\RegDoctor"
0061C8D0 68 AC1F4100 PUSH 00411FAC ; UNICODE "\ActivationKey"
Trace kodenya keatas.
Lihat pada alamat dibawah ini :
0061C880 55 PUSH EBP
0061C881 8BEC MOV EBP,ESP
0061C883 83EC 08 SUB ESP,8
Dialamat "0061C880" kode "PUSH EBP" diganti "MOV EAX,0"
Trus alamat "dibawahnya" diganti "RET"
Hasilnya akan menjadi :
0061C880 B8 00000000 MOV EAX,0
0061C885 C3 RET
SEMPURNA......
24/09/10
|