I am trying to reverse engineer a program called HD sentinel. What it does, is that shows the health of your disk. Anyway, i try to register, this way i take the error message. Then, i open ollydbg. I extract the program inside the ollydbg. I change the module to "HDSentinel.exe"(because by default is ntdll). Then i search for strings, and i search for the particular error. I got nothing. I try to run the program inside ollydbg, and then search for the error. Nothing again. What i am doing wrong ??
Asked
Active
Viewed 470 times
-3
-
4"What am i doing wrong" - probably nothing. Except expect that a software that's less than 20 years old makes bypassing registration that easy. – Guntram Blohm Mar 23 '16 at 19:13
-
2You know, i am not asking from users in stackexchange "hate" comments. If you can help me ok, else please get out. – Revolution Mar 23 '16 at 20:59
1 Answers
1
There are various ways of how strings are processed. They are probably aren't in text-planed format. Or probably stored in resources section which you won't find by search strings, have you checked to set a bp on LoadString? it could also be that your application uses a 3rd party dll to handle registration scheme and/or some tricks to encrypt strings. You could also try to pause the program after you get the error message while in debugger and look for call stack and go backward in calls to find where are those messages came from.
RCECoder
- 314
- 1
- 6