perwhe.blogg.se - Ollydbg save changes

In this case the block always returns zero, regardless of the value in the PEB->BeingDebugged flag. The plug-in hooks the debuggee’s kernel32 IsDebuggerPresent() function in the same way – by replacing the first six bytes of the function with an indirect jump to a dynamically allocated block of memory. This block attempts to replace all ‘%’ characters with ‘_’ in the message. Similarly, Olly Invisible hooks the debuggee’s kernel32 OutputDebugStringW() function by replacing the first six bytes with an indirect jump to a dynamically allocated block of memory. The plug-in hooks the debuggee’s kernel32 OutputDebugStringA() function by replacing the first six bytes with an indirect jump to a dynamically allocated block of memory. However, a bug in the routine causes it to miss the last character in the string.

So that would be the crack to bypass the registration.Olly Invisible hooks the code in OllyDbg that is reached when it is formatting the kernel32 OutputDebugStringA() string, and then attempts to replace all ‘%’ characters with ‘ ’ in the message. Then we have to click “Save file” and give it a name.Once we have made the changes, by right-clicking on the main window, there is an option to “Copy to executable” and “All modifications”.We have to rename that one also to “JMP” Once we done that we have to save all the changes that we made earlier. If we scroll upward we can find out another JNZ within our string scope.Instead of JNZ we should type “JMP” which is used to jump from that statement. By double clicking we cant edit that values.

If we look carefully, on the top of our error string, there is a statement starting with “JNZ XXXXXX” and some values.

Now we have to double click and go inside that string.

Viola! It shows us the location of that string.

When we click the “OK” button it shows if the string appears in the code or not.

Then we have to type that string which pop-uped in the powerISO tool.

By just right clicking in the main window, goto “Search for” and select “All referenced strings”.

Now we are going to search this string in that ollydbg.

It says that “The username or serial number is invalid”.

Now let’s open that software and see what kind of error it generates.

So we have already installed the PowerISO tool.

Then you have to click “Play ” button on the top left corner.

After a few seconds ollydbg will analyze and show different output windows as shown below.

Then we should select the powerISO.exe file from the installed directory. Then we have to go to the File option and click open.Then the main ollydbg page will look like the image below.