Figure 11.10 Defender.EXE launched without any command-line options.
Defender takes a username and a 16-digit hexadecimal serial number. Just to
see what happens, let’s try feeding it some bogus values. Figure 11.11 shows
how Defender respond to John Doe as a username and 1234567890ABCDEF as
the serial number.
Well, no real drama here—Defender simply reports that we have a bad ser-
ial number. One good reason to always go through this step when cracking is
so that you at least know what the failure message looks like. You should be
able to find this message somewhere in the executable.
Let’s load Defender.EXEinto OllyDbg and take a first look at it. The first
thing you should do is look at the Executable Modules window to see which
DLLs are statically linked to Defender. Figure 11.12 shows the Executable
Modules window for Defender.
Figure 11.11 Defender.EXE launched with John Doe as the username and
1234567890ABCDEF as the serial number.
Breaking Protections 371