Hi

I want to find aserial number, but the application only enable the button only when the user typed the correct serial number

I would like to know , is there a breakpoint for when the user type ?

How Can I to know , if the button is enabled or disabled with Ollydbg?

Where Can I to find some tutorial for Ollydbf ?

type 9898 and serach the memory for 9898 next add other number for example 7 and look if the 7 is added next 9898 and if you look 98987 this is the adress where stores the fake serial, you can put a BPM ON ACCESS in this bytes and continue running when stop you are in teh zone than the program start working with the fake serial (i suppose) i f i don't look a program is hard to see.
There are apis too for enter a byte right click and search for names in this module and look the apis with GET....

for example GetDlgItemInt try putting BPs in the apis you found in the list than begin with GET.

Try using POINT H, try putting BMSG (BREAKPOINT ON MESSAGES), you have very alternatives.

Ricardo Narvaja

Hi Ricardo

But I do not understand, because I type the numbers 14327 and in the ollydbg I put Ctrl+B and search 14327 but do not find

you go to VIEW-MEMORY and serach in all memory?

Well there are other options the most important is use BMSG, i wrote a tut with an idea i read in this forum named messagespy in OLLYDBG, for help using BMSG, is in spanish.

Ricardo Narvaja

this thread is walking on thin ice.

please keep the discussion on Olly specific and not how to get serials. if not, the thread will be closed.

why not try using olldbg first exploring its every buttons etc before trying to find out about hidden or grayed buttons in the debuggee

there is a menu called windows in ollydbg
it will show all the windows in a specific program that is loaded
when you right click on it you can set break points for winproc
or break point for any message

like wm_char,wm-command,or whatever

you can log the arguments
to look at them

olly has got a wealth of options for a good user try to understand olly before trying to understand programs

hint in the above case the edit box is probably superclassed or subclassed so it hooks wm_char and relies on it go find how to set a bpt on wm_char
or if you dont understand what subclassing is go read iczelions tutorial on subclassing
you will automatically come to know how to break anywhere whereever you wish to break
regards