|
Tutorial Cracking : Free Magic Memory Optimizer v8.2.1.457
|
Target : Free Magic Memory Optimizer v8.2.1.457
Tool : OllyDebug DeFixeD
PEiD v0.95
Magic Memory Optimizer is designed to tackle difficult but crucial problems of memory management.
Cek dulu programnya dengan PEiD
Borland Delphi 6.0 - 7.0
Load programnya ke OllyDebug
Tekan Run atau F9
Isi registration codenya
Trus klik ok
"Invalid registration code"
Tekan pause atau F12
Tekan call stack atau Alt+K
0012F33C 00470246 hOwner = 00470246 ('Enter Code',cl
0012F340 010F4648 Text = "Invalid registration code!
0012F344 00DA11E8 Title = "Failed"
0012F348 00000010 Style = MB_OK|MB_ICONHAND|MB_APPLM
0012F34C 00000000 LanguageID = 0 (LANG_NEUTRAL)
0012F354 00473A1E ? MagicMem.00473A19 0012F350
0012F358 00470246 hOwner = 00470246 ('Enter Code',cl
0012F35C 010F4648 Text = "Invalid registration code!
0012F360 00DA11E8 Title = "Failed"
0012F364 00000010 Style = MB_OK|MB_ICONHAND|MB_APPLM
0012F3DC 004E9972 ? MagicMem.00473920 MagicMem.004E996D 0012F3D8
Dikolom "Called from" klik dua kali "MagicMem.004E996D"
004E9948 6A 10 PUSH 10
004E994A A1 08EF4F00 MOV EAX,DWORD PTR DS:[4FEF08]
004E994F 8B00 MOV EAX,DWORD PTR DS:[EAX]
004E9951 E8 16B8F1FF CALL 0040516C
004E9956 50 PUSH EAX
004E9957 A1 BCF14F00 MOV EAX,DWORD PTR DS:[4FF1BC]
004E995C 8B00 MOV EAX,DWORD PTR DS:[EAX]
004E995E E8 09B8F1FF CALL 0040516C
004E9963 8BD0 MOV EDX,EAX
004E9965 A1 0CF34F00 MOV EAX,DWORD PTR DS:[4FF30C]
004E996A 8B00 MOV EAX,DWORD PTR DS:[EAX]
004E996C 59 POP ECX
004E996D E8 AE9FF8FF CALL 00473920
Trace kodenya keatas lagi.
004E98D3 E8 B066FBFF CALL 0049FF88
004E98D8 84C0 TEST AL,AL
004E98DA 74 6C JE SHORT 004E9948
Beri breakpoint atau F2 dialamat "004E98D3"
Trus Run atau F9
Klik ok diregistration codenya biar jalan
Olly akan break dialamat "004E98D3"
Tekan Step into atau F7 untuk masuk ke "CALL 0049FF88"
0049FF88 55 PUSH EBP
0049FF89 8BEC MOV EBP,ESP
0049FF8B 83C4 F4 ADD ESP,-0C
0049FF8E 53 PUSH EBX
0049FF8F 56 PUSH ESI
0049FF90 33DB XOR EBX,EBX
0049FF92 895D F4 MOV DWORD PTR SS:[EBP-C],EBX
0049FF95 894D F8 MOV DWORD PTR SS:[EBP-8],ECX
0049FF98 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
0049FF9B 8BF0 MOV ESI,EAX
0049FF9D 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0049FFA0 E8 B751F6FF CALL 0040515C
0049FFA5 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8]
0049FFA8 E8 AF51F6FF CALL 0040515C
0049FFAD 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
0049FFB0 E8 A751F6FF CALL 0040515C
0049FFB5 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0049FFB8 E8 9F51F6FF CALL 0040515C
0049FFBD 33C0 XOR EAX,EAX
0049FFBF 55 PUSH EBP
0049FFC0 68 48004A00 PUSH 004A0048
0049FFC5 64:FF30 PUSH DWORD PTR FS:[EAX]
0049FFC8 64:8920 MOV DWORD PTR FS:[EAX],ESP
0049FFCB 807E 34 00 CMP BYTE PTR DS:[ESI+34],0
0049FFCF 75 04 JNZ SHORT 0049FFD5
0049FFD1 33DB XOR EBX,EBX
0049FFD3 EB 4B JMP SHORT 004A0020
0049FFD5 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
0049FFD8 8BC6 MOV EAX,ESI
0049FFDA E8 D9050000 CALL 004A05B8
0049FFDF 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
Step over atau F8 kodenya perlahan lahan.
Pas dialamat
0049FFDF 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C]
Akan muncul registration code yang asli
Stack SS:[0012F3C8]=00DA22E0, (ASCII "MMP0029875")
EDX=00DAA660
Done
02/06/10
|