Hi. I'm kind of new to olly (i've used it a few times before and I know how to do basic assembly/tracing). This is really simple i'm sure. Let me explain the situation. I have an application (compiled in Visual Basic 6.0). Now, on the Form_Load event (when the main startup form loads), it connects to a website and reads the return. Now, the program reads it like this:

If return = "good return" then
'load the main form
else
'terminate the process
end if

Except "good return" isn't a readable string, so I don't know what it is. This same program is already cracked and they have it skipping the entire connection and just loading the main form. How would I go about doing something like this? I'm trying to learn as much as I can about debugging/assembly. The problem I have is I don't know how to find things. I have NO idea on how I would make it skip the connection, unless it were something like finding where it connects and replacing it with a jump to the 'load main form' part. If that is the case, how do I find the connection part and the part where it loads the main form?

Any help is appreciated. Thanks.

nobody can help me here?

Think about what API functions are being called for making the connection and set breakpoints on those. That's your starting point.

Well the connection is being made through the Winsock ActiveX control (mswinsck.ocx). And what about the form loading? The part where it opens the main form? How would I go about finding that?

Edit: OK I found the function it uses to connect and I can breakpoint on it, but the only part I need now is how to find the part where it goes to the main form. There has to be some secret on how to find something like that?

Patience.
I am serious.

When I am completely at lost in a situation like yours, I TRACE

You have a starting point, break on winmain, which olly does for you, or break on Winsock ActiveX.

You have an end point, when the main_form loads (Or refuses to load in the bad boy situation).

Then trace. Initially tracing over calls F8, you find a call that directly or indirectly loads the main_form. Note its address, reload the program, and next time trace into the call with F7.

keep the same approach, over several layers of call to call to call, until you find the code you want.
I bet you it is no more that 10 to 15 layers down. . .

This is called brutal force Method. Inelegant, slow, inefficient? Oh yeah.
Effective? Sure.

The best method to solve a problem is the one that works!

Exactly,

The F7, F8, and F9 keys are no longer readable on my keyboard.

SiGiNT

Ok naides, i'll start tracing before posting again. I did trace over for a while from the closesocket function (you have to close the socket before/after you read the data, so it should be somewhere near the check). I think it should be somewhat close to the call to load the main/bad form or whatever. Thanks for replying, i'll let you know if I get anywhere .