this case, you’re not interested in ever getting to the error message at
Key4.00401358, so you completely eliminate the jump from the program.
You do this by typing NOPinto the Assemble dialog box, with the Fill with
NOPs option checked. This will make sure that Olly overwrites the entire
instruction with NOPs.
Having patched the program, you can run it and see what happens. It’s
important to keep in mind that the patch is only applied to the debugged pro-
gram and that it’s not written back into the original executable (yet). This
means that the only way to try out the patched program at the moment is by
running it inside the debugger. You do that by pressing F9. As usual, you get
the usual KeygenMe-3 dialog box, and you can just type random values into
the two text boxes and click “OK”. Success! The program now shows the suc-
cess dialog box, as shown in Figure 11.8.
This concludes your first patching lesson. The fact is that simple programs
that use a single ifstatement to control the availability of program function-
ality are quite common, and this technique can be applied to many of them.
The only thing that can get somewhat complicated is the process of finding
these ifstatements. KeygenMe-3 is a really tiny program. Larger programs
might not use the stock MessageBoxAPI or might have hundreds of calls to
it, which can complicate things a great deal.
One point to keep in mind is that so far you’ve only patched the program
inside the debugger. This means that to enjoy your crack you must run the pro-
gram in OllyDbg. At this point, you must permanently patch the program’s
binary executable in order for the crack to be permanent. You do this by right-
clicking the code area in the CPU window and selecting Copy to Executable,
and then All Modifications in the submenu. This should create a new window
that contains a new executable with the patches that you’ve done. Now all you
must do is right-click that window, select Save File, and give OllyDbg a name
for the new patched executable. That’s it! OllyDbg is really a nice tool for sim-
ple cracking and patching tasks. One common cracking scenario where patch-
ing becomes somewhat more complicated is when the program performs
checksum verification on itself in order to make sure that it hasn’t been modi-
fied. In such cases, more work is required in order to properly patch a pro-
gram, but fear not: It’s always possible.
Figure 11.7 The Assemble dialog in OllyDbg.
Breaking Protections 363