Portal: https://www.lanzous.com/i5btfmh
First run the program, and it cannot be opened directly, because when the program starts, it will judge whether the trial is expired, and if it expires, the startup window will be destroyed. So it won't work.
Use peid to check the shell, there is no shell, it shows that it is written in C++.
The next step is to directly put it into the OD to handle the exit button.
Click Plugin-3. API Breakpoint Setting Tool-Common Breakpoint Setting.
Click the common breakpoint, tick the "Program Exit", and click OK below. This will successfully set a breakpoint.
Then run the program, the program stops at the next break. Observe the stack window, the nearest "return to" near the calling function, right click-follow in the disassembly window, and come to the address of the calling and exit function.
In the disassembly window, there is a jump above the call exit call statement. In this breakpoint, run, you can see that the program will run the call and then exit, we need to deal with the exit button, we must change jle to jmp, let it skip the exit call unconditionally. Save after modification.
Run the program and wait for a while and the program still exits, indicating that there is still a stake. Put it in the OD, the steps are still plug-in-API breakpoint setting tool-common breakpoint setting-common breakpoint-ExitProcess (program exit).
After setting the breakpoint, run the program, in the stack window, the most recent "return to" right click-the disassembly window follows.
There is no jump statement before exiting the call. At this time, we choose retn Dafa and change the first statement of the paragraph to retn 0x8. Note that it must be the same as the last retn 0x8, keeping the stack balanced. Save after modification.
It still exits after running the program, indicating that the pile is still pressed. Put it in the OD, the steps are the same as above. Come to the address where call is called.
There is still no jump statement on this call, we choose retn at the beginning of the paragraph. Save after modification.
Run the program again and no longer exit. At this time, the exit buttons have all been cleared.
This message box that pops out is very annoying, let's get rid of it.
Put it in the OD, right-click the Chinese search engine, smart search, and right-click the keyword "statement". Click to the corresponding address.
There is a call under the keyword, change this call to nop, and eliminate the function of the pop-up message box. Save the changes, and then run the program, there will be no message box.
