The first entry brings you to the About message box (from looking at the
message text in OllyDbg). The second brings you to a parameter validation
message box that says “Please Fill In 1 Char to Continue!!” The third entry
brings you to what seems to be what you’re looking for. Here’s the code Olly-
Dbg shows for the third MessageBoxAreference.0040133F CMP EAX,ESI
00401341 JNZ SHORT Key4.00401358
00401343 PUSH 0
00401345 PUSH Key4.0040348C ; ASCII “KeygenMe #3”
0040134A PUSH Key4.004034DD ; Text = “ Great, You are
ranked as Level-3 at
Keygening now”
0040134F PUSH 0 ; hOwner = NULL
00401351 CALL <JMP.&USER32.MessageBoxA> ; MessageBoxA
00401356 JMP SHORT Key4.0040136B
00401358 PUSH 0 ; Style =
MB_OK|MB_APPLMODAL
0040135A PUSH Key4.0040348C ; Title = “KeygenMe #3”
0040135F PUSH Key4.004034AA ; Text = “ You Have
Entered A Wrong Serial,
Please Try Again”
00401364 PUSH 0 ; hOwner = NULL
00401366 CALL <JMP.&USER32.MessageBoxA> ; MessageBoxA
0040136B JMP SHORT Key4.00401382Well, it appears that you’ve landed in the right place! This is a classic if-
elsesequence that displays one of two message boxes. If EAX == ESIthe
program shows the “Great, You are ranked as Level-3 at Keygening now”
message, and if not it displays the “You Have Entered A Wrong Serial, Please
Try Again” message. One thing we immediately attempt is to just patch the
program so that it always acts as though EAX == ESI, and see if that gets us
our success message.
We do this by double clicking the JNZinstruction, which brings us to the
Assemble dialog, which is shown in Figure 11.7.
The Assemble dialog allows you to modify code in the program by just typ-
ing the desired assembly language instructions. The Fill with NOPs option
will add NOPsif the new instruction is shorter that the old one. This is an
important point—working with machine code is not like a using word proces-
sor where you can insert and delete words and just shift all the materials that
follow. Moving machine code, even by 1 byte, is a fairly complicated task
because many references in assembly language are relative and moving code
would invalidate such relative references. Olly doesn’t even attempt that. If
your instruction is shorter than the one it replaces Olly will add NOPs. If it’s
longer, the instruction that follows in the original code will be overwritten. In362 Chapter 11