Suche Hilfe bei OllyDbg

Join Date: Mar 2012
Posts: 2
Das wäre der Codeabschnitt, wenn ich das richtig sehe.

Habe das "JNE SHORT 004E86A9" zu "JMP SHORT 004E86A9" geändert...
Spoiler
ASM Code:
CPU Disasm
Address   Hex dump          Command                                  Comments
004E861A  |. /EB 16         JMP SHORT 004E8632
004E861C  |> |8D45 E0       LEA EAX,[LOCAL.8]
004E861F  |. |50            PUSH EAX                                 ; /Arg1 => OFFSET LOCAL.8
004E8620  |. |8B4D E4       MOV ECX,DWORD PTR SS:[LOCAL.7]           ; |
004E8623  |. |BA C8884E00   MOV EDX,004E88C8                         ; |UNICODE "Enter your Key"
004E8628  |. |B8 F4884E00   MOV EAX,004E88F4                         ; |UNICODE "Protection"
004E862D  |. |E8 0ECDF8FF   CALL 00475340                            ; P.00475340
004E8632  |> \8B45 E0       MOV EAX,DWORD PTR SS:[LOCAL.8]
004E8635  |.  8B55 EC       MOV EDX,DWORD PTR SS:[LOCAL.5]
004E8638  |.  E8 D7E9F1FF   CALL 00407014
CPU Disasm
Address   Hex dump          Command                                  Comments
004E863D  |. /75 6A         JNE SHORT 004E86A9
004E863F  |. |B2 01         MOV DL,1
004E8641  |. |A1 90A54400   MOV EAX,DWORD PTR DS:[44A590]
004E8646  |. |E8 4931F6FF   CALL 0044B794                            ; [RP.0044B794
004E864B  |. |8945 C8       MOV DWORD PTR SS:[LOCAL.14],EAX
004E864E  |. |33C0          XOR EAX,EAX
004E8650  |. |55            PUSH EBP
004E8651  |. |68 A2864E00   PUSH 004E86A2
004E8656  |. |64:FF30       PUSH DWORD PTR FS:[EAX]
004E8659  |. |64:8920       MOV DWORD PTR FS:[EAX],ESP               ; Installs SE handler 4E86A2
004E865C  |. |BA 01000080   MOV EDX,80000001
004E8661  |. |8B45 C8       MOV EAX,DWORD PTR SS:[LOCAL.14]
004E8664  |. |E8 1332F6FF   CALL 0044B87C
004E8669  |. |B1 01         MOV CL,1
004E866B  |. |BA 7C884E00   MOV EDX,004E887C                         ; UNICODE "Software\NotC\ARam"
004E8670  |. |8B45 C8       MOV EAX,DWORD PTR SS:[LOCAL.14]
004E8673  |. |E8 4C33F6FF   CALL 0044B9C4                            ; [RP.0044B9C4
004E8678  |. |84C0          TEST AL,AL
004E867A  |. |74 10         JE SHORT 004E868C
004E867C  |. |8B4D E0       MOV ECX,DWORD PTR SS:[LOCAL.8]
004E867F  |. |BA B0884E00   MOV EDX,004E88B0                         ; UNICODE "rp12"
004E8684  |. |8B45 C8       MOV EAX,DWORD PTR SS:[LOCAL.14]
004E8687  |. |E8 503CF6FF   CALL 0044C2DC
004E868C  |> |33C0          XOR EAX,EAX
004E868E  |. |5A            POP EDX
004E868F  |. |59            POP ECX
004E8690  |. |59            POP ECX
004E8691  |. |64:8910       MOV DWORD PTR FS:[EAX],EDX
004E8694  |. |68 B3864E00   PUSH 004E86B3
004E8699  |> |8B45 C8       MOV EAX,DWORD PTR SS:[EBP-38]
004E869C  |. |E8 4FC7F1FF   CALL 00404DF0
004E86A1  \. |C3            RETN                                     ; Jump to 4E86B3
004E86A2   $^|E9 41D1F1FF   JMP 004057E8                             ; SE handling routine
004E86A7   .^|EB F0         JMP SHORT 004E8699
004E86A9  /> \B8 18894E00   MOV EAX,004E8918                         ; UNICODE "Wrong Key"