Hello. In part 26 Ricardo Narvaga tutorials
http://ricardonarvaja.info/WEB/INTRODUCCION%20AL%20CRACKING%20CON%20OLLYDBG%20DESDE%20CERO/EN%20FORMATO%20DOC/26-INTRODUCCION%20AL%20CRACKING%20CON%20OLLYDBG%20PARTE%2026.rar
using patched olly (this olly sets break only on execution in memory(no writing and reading). Link to download (in tutorials) unworking.
__
Please, help to download this patched Olly.

http://ricardonarvaja.info/WEB/OTROS/HERRAMIENTAS/L-M-N-O-P/OLLY%20PARCHEADO%20PARA%20BUSCAR%20OEPs.rar ("http://ricardonarvaja.info/WEB/OTROS/HERRAMIENTAS/L-M-N-O-P/OLLY%20PARCHEADO%20PARA%20BUSCAR%20OEPs.rar")

put this ollydbg in the same folder than original, let the original ollydbg.exe but use this is only for specific cases (reach oeps, use in VB etc)

ricnar

Thanks Ricardo.
May I ask a questions yet ?
What do you think, to unpack Themida [using Olly] more difficult, than very hard unpackme in your tutorials, or not ?

is difficult but not impossible, is needed experience in this type of targets (hards)

ricnar

Okey. Probably some time.
Yet, i have problem in part 47 Patrick.exe. The point is this: When i'm set memory breakpoint on IAT and RUN PROGRAM [F9]
i'm successfully breaked on appropriate function according tutorial. But in case if i'm doing STEP OVER[F8] any function, the programm do not stopping after call and RUNNING. And i'm can not continue. What may be problem ?
Settings HIDE OD remaining according PARTE 46.

maybe some plugins, use the same plugins and in windows XP, the tut was made in XP.

ricnar

Okey.
In part 47 at the close occur appeared two functions named CreateThread. What doing this functions ?

http://msdn.microsoft.com/en-us/library/ms682453%28VS.85%29.aspx

ricnar

Thanks. And yet little questions. When a'm unpacked tutorail Marciano, in close after restore IAT and stolen bytes his metod antidump required to patch programm using function VirtualAlloc. It is interesting, but in my case this metod do not worked.
Function return spesific error when adress for VirtualAlloc will be A20000 in my case:
http://img714.imageshack.us/img714/9246/34234d532drfgdfg.jpg (http://img714.imageshack.us/i/34234d532drfgdfg.jpg/)
What you think about this error ?
P.S.
When i'm using method to change Virtual offset [PE EDITOR] in added secton the programm unpacked successfully.
00400000 00001000 GOODING PE header Imag R RWE
00401000 0004A000 GOODING .teddy code Imag R RWE
0044B000 0000C000 GOODING .teddy Imag R RWE
00457000 00009000 GOODING .teddy Imag R RWE
00460000 00003000 GOODING .teddy Imag R RWE
00463000 00008000 GOODING .teddy resources Imag R RWE
0046B000 0000B000 GOODING .teddy Imag R RWE
00476000 005AA000 GOODING .mackt imports Imag R RWE
00A20000 0003D000 GOODING .NewSec Imag R RWE //THIS SECTION NEEDED FOR ANTIDUMP IN MY CASE

maybe this address is used by a module you can rebase the dll, with rebaser and change the location of the dll to other.

ricnar

Hello again Ricardo.
Could you please give me internet-links, where i'm can find tutorials about keygen fishing in VISUAL BASIC.

Hello,

Have you actually searched the Web before asking Ricardo , This could save you some times since it was answered several times.

I,m interesting good tutorails. If this tutuorial on spanish langugage (then it will translated my friends), i'm not search it. And Ricardo will be can help me .