I have used Deassembler W32 and and Olly.
Therefore W32 tells me that to the sentence: "non installed key"
to which correspond two offsetts: 00024145h and 00024097h
To these two offsetts, corriponde a same jmp 0042BC50

To which corresponds all this:
| :00401000(U)
|
:0042BC50 64A100000000 movs eax, dword ptr fs:[00000000]
:0042BC56 55 pushes ebp
:0042BC57 8BEC movs ebp, esp
:0042BC59 6AFF pushes FFFFFFFF
:0042BC5B 687DBD4200 pushes 0042BD7D
:0042BC60 50 pushes eax
:0042BC61 64892500000000 movs dword ptr fs:[00000000], esp
:0042BC68 83EC1C sub esp, 0000001C
:0042BC6B 56 pushes esi
:0042BC6C 57 pushes edi
:0042BC6D 8BF1 movs esi, ecx
:0042BC6F 6A01 pushes 00000001

I believe is the routine where the Dongle works...

To the push 00274b to which it corresponds "the key is not installed" I have found that they are connected two addresses: 00424c97 and 00424d45

I have put with Olly a BP and the program stop here before giving me the error message.

But I don't now know whether to go on and I ask your help.
Tell me if everything thin for an ignorantone...

I have read tutorial to all flattens, but vio I pray helped me.

I want to know how change instruction in routine with OLLY.

Thanks

To change the instruction in Olly, simply double click on the offending instruction and either nop it out or code a jmp to wherever.

SS

Thanks, but to eliminate CALL instruction i cant know to do
I have BP in this line
Breakpoints
Address Module Active Disassembly
00424C9C MAG3 Always CALL <JMP.&MFC40.#1060>

I have not succeeded in intervening on this education

I have said to cancel it, but it has not served.
In short with a CALL that I have to do?

Fabrizio

Hello:

To eliminate a call instruction you must NOP it out. NOP stands for NO OPERATION. Double click on the call instruction, Olly will pop up a box that says Assemble at Address XXXXXXXX. Check the checkbox that says Fill with nop's then press the assemble button. The call will be disabled. To change a Call or other instruction, do the same thing except you must type in the instruction yourself and the hit the assemble button. Try to find out what makes the program jmp to 0042BC50.

SS

At JMP 0042BC50 is it:

:0042BC50 64A100000000 mov eax, dword ptr fs:[00000000]
:0042BC56 55 push ebp
:0042BC57 8BEC mov ebp, esp
:0042BC59 6AFF push FFFFFFFF
:0042BC5B 687DBD4200 push 0042BD7D
:0042BC60 50 push eax
:0042BC61 64892500000000 mov dword ptr fs:[00000000], esp
:0042BC68 83EC1C sub esp, 0000001C
:0042BC6B 56 push esi
:0042BC6C 57 push edi
:0042BC6D 8BF1 mov esi, ecx
:0042BC6F 6A01 push 00000001



Is it a dongle routine?

A have click NOP on call instruction bun the program told me dongle non installed.

Don:

I am no expert on Dongle Cracking. In fact, I have never tried to reverse a Dongle protected program. That being said, it is really hard for me to tell if the code snippet you provided is infact part of the protection scheme. All I can tell you at this point is how I would approach the problem.

First a little humor, face towards France and pray to the god +Tsehp. Then spin in a circle and shout Woodman until your voice is raw. Carve +Splaj's name into your arm and with the dripping blood write JMI on your churches front door. This puts you into the right frame of mind.

Put a break point on all occurances of MessageBox in your target to find out wich one fires when you start your program or select a menu item or whatever(there may be several). When Olly breaks, with your eyes, try to determine where the MessageBox function is called from. Before the message box function is called, there should be some kind of Dongle check function and then a descision if the program should continue running or display the MessageBox. From there, try to determine what instructions makes the descision. Make the program think that the dongle is installed. This is really a generic approach and may not work at all, but it is how I would start. Do some work on it, make notes of what you have tried, take a few screen shots of relevant code. Zip it all up and upload it to the board, maybe someone can help, always remember, the Lord helps them that helps themselves.

Best Regards,
SS

Howdy,

The last time I checked, you cant nop a dongle call. Of course there are a few exceptions, but that was a long time ago.

You need to provide some more information.
Who made the dongle, you know, who's protection is it.
If it is a new app, you may name it, I give you permission but, you have better done some searching

You must be prepared to put in many hours of work to reverse a dongle.
There is no easy answer in almost every case.

If you have the dongle and require some additional features or extended time, you are in a different situation. It would help if you did some more research of your dongle to show your desire to learn.

Woodmann

LMAO, I am going to get that printed on a T-Shirt.

I dare say that comes close to topping some of the whitty comments I have read of JMI's, ...close...almost