Reverse analysis of Crackme015
1. observation program
Author's note before we start the program should pop off, and to find the correct registration code.
2. A simple search case
VB5 program uses to write, no shell.
3. Program Analysis
First of all to remove pop during startup.
Use VB Decompiler loader
From the decompiled code, we can see that when loading the program after calling the MsgBox function pop, will verify the return value, if you do not meet the conditions will exit.
We view the corresponding assembly code
So if you want to remove popups, you must first remove the MsgBox function, but also so that does not quit.
We can put the calling code MsgBox function and End functions all use nop overwritten.
Next, find the correct registration code
Is registered at the address 402B14 button click event, we enter the internal code.
Down look at the code, you can see a comparison function
View parameters, it is found that one of the parameters we enter false registration code
That "2G83G35Hs2" is probably a really License
2019-09-17 11:47:51
Relevant documents in my Github: https://github.com/UnreachableLove/160-Crackme/tree/master/Crackme015