I have been playing around with reverse engineering. It is true I don't know how to program, but I have been going through a lot of the olly tuts on youtube. So I understand a little about JMP, JNZ, JNE, JE, JZ, CMP, MOV, CALL and some other functions. I understand a little about how to read the registers. I have this program that I have been having problems with reverse engineering on it. I am trying to bypass the serial. I have set a breakpoint just before the nag screen pops up. The nag screen pops after after a 'call' is made to an address inside a system file. I know I can't change anything in a system file. The call is made to the Kernel32.HeapCreate, then from there to the ntdll. Then the nag screen pops up. During all the checks for a registration key it hops around in quite a few system files. I tried to NOP this call, but get errors. So the program HAS to make this call. I have tried to see where in the original program the registration process is located but to me it just seems like everything is ran through the system files that I can't touch.
<edit> For anybody trying to help I do have teamspeak availability to talk on with you. I'm not trying to get someone to reverse this program for me, but to help give me a better understanding of what is going on.
Kernel32.HeapCreate is for memory allocation (like when you do in C++ char *pchar = new char[size];)
So, my quick guess is that, when that function is called (Kernel32.HeapCreate), at that point it is preparing a new char array (string) to put the serial on.
So do I need to look even before all that happens? You're meaning so by this time it has already done a check for an existing registration and is already in the process of the nag screen that pops up. In the nag screen is another button to click on before I try to enter a registration code.
HI IM LOOKING FOR SOME HELP ON REVERSE ENDINEERING.IM USING OLLYDBG TO BYPASS A LOCAL SOFTWARE I HAVE SEEN MANY VIDEOS ON YOUTUBE BUT EHAT THEY TEACH AND WHAT I AM IN IS VERY DIFFERENT I CAN NOT FIND BINARY STRINGS NOR I CANT FING INTERMODULAR CALL .I USED PIED TO DETECT AND IT SAYS "microsoft Visual C++ 7.0 Method2 [Overlay]". I HAVE TRIED TO UPLOAD THE SCREENSHOT LINK BUT IM NOT AUHORIZED TO DO SO.ANY HELP ON THIS??