What if I'm trying to search for a string that shows up in a message box when verification fails but there are no references to that string in the debugger? I've already tried searching for it in all modules as well, still finding nothing.
You could use the Call Stack method to locate the function that shows the message box, or, use inter-modular call method to do it. The CSL and CSP course teaches how to do it: crackinglessons.com/learn
thank you so much for this video, i wanted to get into this for a long time and with the pervious experience this all made a lot of sense to me i'm trying the same now and will report back if i suceed :D
well i failed because the adress you showed in 2:31 doesn't lead anywhere you have "byte ptr [esp+4]=[address]=0", i have "byte ptr ds:[r15+52]=[52 'R']=???". i put a breakpoint on it but it seems to never get executed in the first place so im thinking that my "check" for if its registered or not is somewhere else... right? for now i'll watch some more videos - do you have any other idea if the checkpoint is not referenced with "unregistred" how i can find it? maybe by a routine the program is using internally where it checks if its registered, the button says "translate" which in the end leads to the message "file is too big 10mb max, it has 11mb - consider patreon for no limit" in the program. i can probably find it through there no? can you maybe recommend me a video or similar to progress on this?
It depends. If we suspect the strings are encrypted, we try to put breakpoints on the decryption API's. Or, if they are stack strings, we then need to trace the stack to identify those strings. My MALDEV1 and MALDEV2 courses teaches how to evade Anti-virus by string encryption. You can check it out here: crackinglessons.com/learn
Hi Paul, interesting topic. Thanks for the video. In this example, it is easier because the string of characters is visible in the code and therefore easy to find. How would you proceed if the strings are invisible in the code? (The messages appear in the warning windows, but not in the code). Thank you.
Another method is called the "Call Stack Method". In this method, you examine the Call Stack to identify the address where the software makes a call to show the Bad Message. For example, if after entering a serial key, if you get a MessageBox which says "Wrong Serial Key". Don't close the Message Box. Instead, click on the Pause button to pause the debugger. Then click on the Call Stack button. You will then see the Call Stack where you can examine the history of function calls since the software started. Look for the most recent function call originating from User Module space and going to the System. Then, goto that address and put a break point.
Hi Paul, I tried using this example program downloadable here: xtx.free.fr/archives/liens/xtx%20cracking%20progressif/Pack/Chapitre%2001/4%20-%20CrackMe2/CrackMe2 .rar using x86dbg after loading I execute it then enter ID + Pwd (any) and I get the window. I put on Pause then I click on "Call Stack", in the list which appears that it is the most recent? The one above or below? There are "Party" System and User rather in User? Thank you for your help.
@@vincentvidal3305 The most recent calls appear on top. But usually the few on top are system calls, what you need to look for are the user module calls usually with lower addresses eg, 0x004xxxxx
Could be stacked strings, or, they are encrypted. If stacked strings, you need to examine the stack when the programs check for key. If it is encrypted, put breakpoints on the decryption function API's. My Maldev1 and Maldev2 course teaches how to do that. Check it out here: crackinglessons.com/learn
hi, your video was helpful to learn. in some software it shows trial, free, and pro. and it has license key too for activation how can i bypass.. can you make one video on that please. or can it be cracked? software called EaseUS Todo PCTrans 11.3
You can use the Message Breakpoint method: ua-cam.com/video/6iHz71lTq-s/v-deo.html The rest of the video is available in my CSL course: crackinglessons.com/learn Thanks for your interest!
@@PaulChin20 Thank you Paul. Will have a look at the course. I probably don't need most of the topics, but that one is of the particular interest at the moment.
Hi Johnson, Sorry, at the moment I am unable to accept cracking requests. But you can learn how to crack software from my courses available here: crackinglessons.com/learn
Thanks for your interest. There is a crack request thread in the Discussion section for the CSP course : crackinglessons.com/learn You can post your crack request there. Thanks!
@@PaulChin20 Sorry sir, i cant access the discussion section of the website above, please just take a look at the application plotagon studio for a sec and tell me a way to reverse engineer it, thanks
Hi, I wanted to ask a question. Would you know why my debugger does not patch the changes, it does not save the changes? I put a different name when patching the file! I would appreciate your help, thank you !!
You could try the call stack method instead. When a bad message shows, pause xdbg and click on call stack menu. Then from the list of the call stack, select the user module and select Follow From.
@@tahargermanni6205 Below are a list of API's used when reading from a Registry: 1. `RegOpenKeyEx`: This function is used to open the registry key that you want to read from. This is usually the first function called when reading from the registry, because you need a handle to the key to perform other operations. 2. `RegQueryValueEx`: After a key has been opened with `RegOpenKeyEx`, `RegQueryValueEx` is used to retrieve the data and type of a specified value associated with the opened key. 3. `RegEnumKeyEx`: This function is used to enumerate the subkeys of the specified open registry key. This can be useful if you need to read from multiple subkeys. 4. `RegEnumValue`: Similar to `RegEnumKeyEx`, but used for enumerating the values for the specified open registry key. 5. `RegQueryInfoKey`: This function retrieves information about the specified registry key, such as the number of subkeys, the number of value entries, and the last write time. Use x64dbg to put breakpoints on all of them and then run. When it hits those breakpoints, just Step Over each one and modify accordingly. Either reverse the logic, or reverse the jumps, or NOP some bytes.
@@PaulChin20 Thank you very much Paul for your return the error message didn't says registration key, it says invalid registration just after execute the app.
Hi Paul, it's time to do the dishes!
hahahaha i can't understand what he's saying i know it's debugging tool.
but please can we elaborate the meaning.
Your video is the best in youtube about how to using ollydbg. Very easy to understand. Thanks
Wow, thanks!
Jeez, he's not using olly at all
God bless you Mr Paul
Thank you Bala!
You can also put a breakpoint to the start of the subroutine, execute "manually" (step into/over) until RET to see where the caller was I guess.
What if I'm trying to search for a string that shows up in a message box when verification fails but there are no references to that string in the debugger? I've already tried searching for it in all modules as well, still finding nothing.
You could use the Call Stack method to locate the function that shows the message box, or, use inter-modular call method to do it. The CSL and CSP course teaches how to do it: crackinglessons.com/learn
thank you so much for this video, i wanted to get into this for a long time and with the pervious experience this all made a lot of sense to me i'm trying the same now and will report back if i suceed :D
well i failed because the adress you showed in 2:31 doesn't lead anywhere you have "byte ptr [esp+4]=[address]=0", i have "byte ptr ds:[r15+52]=[52 'R']=???". i put a breakpoint on it but it seems to never get executed in the first place so im thinking that my "check" for if its registered or not is somewhere else... right? for now i'll watch some more videos - do you have any other idea if the checkpoint is not referenced with "unregistred" how i can find it? maybe by a routine the program is using internally where it checks if its registered, the button says "translate" which in the end leads to the message "file is too big 10mb max, it has 11mb - consider patreon for no limit" in the program. i can probably find it through there no? can you maybe recommend me a video or similar to progress on this?
hi i am learning revrese engineering to patch software can you help me in this
Take my CSL and CSP course here: crackinglessons.com/learn
Good teacher
Thank you!
very nice and informative video. Thanks a lot.
Welcome Abbas. Thanks for watching my videos!
Hello what if i dont see the strings? It's on a console application
Try using Resource Hacker to open the exe file.
What would u do if there is no string, aka the string is created on the run, but is not presaved in the binary.
It depends. If we suspect the strings are encrypted, we try to put breakpoints on the decryption API's. Or, if they are stack strings, we then need to trace the stack to identify those strings. My MALDEV1 and MALDEV2 courses teaches how to evade Anti-virus by string encryption. You can check it out here: crackinglessons.com/learn
Hi Paul, interesting topic. Thanks for the video. In this example, it is easier because the string of characters is visible in the code and therefore easy to find. How would you proceed if the strings are invisible in the code? (The messages appear in the warning windows, but not in the code). Thank you.
Another method is called the "Call Stack Method". In this method, you examine the Call Stack to identify the address where the software makes a call to show the Bad Message. For example, if after entering a serial key, if you get a MessageBox which says "Wrong Serial Key". Don't close the Message Box. Instead, click on the Pause button to pause the debugger. Then click on the Call Stack button. You will then see the Call Stack where you can examine the history of function calls since the software started. Look for the most recent function call originating from User Module space and going to the System. Then, goto that address and put a break point.
Hi Paul, I tried using this example program downloadable here: xtx.free.fr/archives/liens/xtx%20cracking%20progressif/Pack/Chapitre%2001/4%20-%20CrackMe2/CrackMe2 .rar using x86dbg after loading I execute it then enter ID + Pwd (any) and I get the window. I put on Pause then I click on "Call Stack", in the list which appears that it is the most recent? The one above or below? There are "Party" System and User rather in User? Thank you for your help.
@@vincentvidal3305 The most recent calls appear on top. But usually the few on top are system calls, what you need to look for are the user module calls usually with lower addresses eg, 0x004xxxxx
hi paul.in udemy tutorial if make tutorial for find How would you proceed if the strings are invisible in the code in ollydbg thanks
Could be stacked strings, or, they are encrypted. If stacked strings, you need to examine the stack when the programs check for key. If it is encrypted, put breakpoints on the decryption function API's. My Maldev1 and Maldev2 course teaches how to do that. Check it out here: crackinglessons.com/learn
hi, your video was helpful to learn. in some software it shows trial, free, and pro. and it has license key too for activation how can i bypass.. can you make one video on that please. or can it be cracked? software called EaseUS Todo PCTrans 11.3
It is covered in the CSP course available here: crackinglessons.com/learn
Hi Paul, thanks a lot that helps. A question though, how would I find what function is called, when a particular button on UI gets clicked?
You can use the Message Breakpoint method: ua-cam.com/video/6iHz71lTq-s/v-deo.html The rest of the video is available in my CSL course: crackinglessons.com/learn Thanks for your interest!
@@PaulChin20 Thank you Paul. Will have a look at the course. I probably don't need most of the topics, but that one is of the particular interest at the moment.
@@redchameleon613 Welcome, bro!
Can you please show how to crack or bypass Think-Cell software license key
Hi Johnson, Sorry, at the moment I am unable to accept cracking requests. But you can learn how to crack software from my courses available here: crackinglessons.com/learn
what if "find references to selected address" doesnt show any result? And im sure its definitely a subroutine
why i cannt double click? to change
Please provide more details. Which button did you click? And for what program?
Every time I search for string references the program crashes
xdbg crash or the program you are debugging crashes?
Great video!
Nice video.
why cant edit when i double click??
I think you need to press space bar.
in 1:28 tel me is good or not when I change je by jne? and thank you for this good tutorial.
Hi, thanks for watching, you can get the answer here in the CSP course: crackinglessons.com/learn
Hi Mr. Paul thank you so much, sir could you please create a video on how to Patch plotagon story
Thanks for your interest, I will take a look when free.
brooooooooo why the clear mode
Hey, can you help me bypass the login of a software? It is a video player that requires registration to play videos.
Hi Paul do you have discord?
who is cleaning in the kitchen
hello sir, can you make a tutorial on how to patch plotagon studio ??? urgent... Thanks
Thanks for your interest. There is a crack request thread in the Discussion section for the CSP course : crackinglessons.com/learn You can post your crack request there. Thanks!
@@PaulChin20 Sorry sir, i cant access the discussion section of the website above, please just take a look at the application plotagon studio for a sec and tell me a way to reverse engineer it, thanks
@@iamdavidtega3056 You need to sign up for the CSP course - then you can access the discussion. Thanks!
Hi, I wanted to ask a question. Would you know why my debugger does not patch the changes, it does not save the changes? I put a different name when patching the file! I would appreciate your help, thank you !!
If the patch is successful you will see a message as shown here: ibb.co/mq9dr3R If it is not successfull it will say 0/2 patch applied.
How can I reverse engineer *.exe from Delphi ? I can not see a string from my own code ?
pasteboard.co/JpQ1qau.png
Thanks
You could try the call stack method instead. When a bad message shows, pause xdbg and click on call stack menu. Then from the list of the call stack, select the user module and select Follow From.
@@PaulChin20 Could you make a short video capture on how to do that ? thanks
@@PaulChin20 Start from there ? pasteboard.co/JpZqlth.png , then ?
@@PaulChin20 I got : pasteboard.co/JpZrKuj.png , then ?
The code, when executed : pasteboard.co/JpZsiIs.png, I want to know how to update the Serial from exe file.
IDM not foun
idm? Anyway thanks for watching my videos.
can you crack infinite algebra
Sorry Karipo, I only provide courses. You can enrol for the CSL and CSP courses here: crackinglessons.com/learn Thanks for your interest!
How sir to do serial key
Here's a whole cracking software series here: ua-cam.com/channels/9TkBqyRc2bQuKUOl_vJtVA.html
100th comment!
Podes ayudarme?
What can I do for you?
Preciso crackear un soft para trabajar
Soy de Uruguay
@@garyprieto9769 Sorry Gary, I do not provide cracking services. I only provide cracking courses: crackinglessons.com/learn Thanks!
God bless you Mr Paul
Thank you Techno Otmane!
@@PaulChin20 Hi Paul could you please help me to bypass registry in app that the manufacturer is not existing any more
@@tahargermanni6205 Below are a list of API's used when reading from a Registry:
1. `RegOpenKeyEx`: This function is used to open the registry key that you want to read from. This is usually the first function called when reading from the registry, because you need a handle to the key to perform other operations.
2. `RegQueryValueEx`: After a key has been opened with `RegOpenKeyEx`, `RegQueryValueEx` is used to retrieve the data and type of a specified value associated with the opened key.
3. `RegEnumKeyEx`: This function is used to enumerate the subkeys of the specified open registry key. This can be useful if you need to read from multiple subkeys.
4. `RegEnumValue`: Similar to `RegEnumKeyEx`, but used for enumerating the values for the specified open registry key.
5. `RegQueryInfoKey`: This function retrieves information about the specified registry key, such as the number of subkeys, the number of value entries, and the last write time.
Use x64dbg to put breakpoints on all of them and then run. When it hits those breakpoints, just Step Over each one and modify accordingly. Either reverse the logic, or reverse the jumps, or NOP some bytes.
@@PaulChin20 Thank you very much Paul for your return
the error message didn't says registration key, it says invalid registration just after execute the app.
@@tahargermanni6205 Your orginal question asked about how to bypass registry.