Remove the extra window
Find out extra windows
This window will be deleted, and find Recode
And a similar analysis on the structure, after all the parameters passed, an indirect call structure.
Two ways to find the desired string
- Find all after the reference text strings, find the need to remove the window suggested by the characters change,
- Found in VB MSVBVM50.rtcMsgBox, you can find the window you want to delete.
The second method is shown below:
MsgBox find the corresponding window, look up, find the string we need.
rent removing the window calling function
This information will be displayed as a function, we look up
00402C17 > \55 push ebp
Replace
dir 0x4
To adjust the size of the function to the parameter stack (RETN XX) The transfer
Once saved, the View Results
Find registration code
Tips to find the input string
When the message is then to find all references to the text string, enter the registration code found
Prompt registration code found in the wrong place and the right have in common:
Call has a rather string strcmp function, and then guess I'mlena151 is the registration code
Test Results
