|
To give everyone some background, gabri3l sent me an excellent tutorial on going through reg calls to help me out with this program. I think it's on this site in case someone wants to explore and learn more about them. I had some more questions for him about the tutorial (mainly about Olly not seeing the intermodular calls), and he just finished answering it above.
Thanks gabri3l. The tc eip command was the ticket. All the reg/intermodular calls are available now. Out of curiosity, how did you get to the 500000 number? Everything else makes more sense to me now.
Seeing the reg calls now is great, but unfortunately, the serial doesn't seem to be stored as an ascii like in your tutorial. Or if it is, it's definitely not as obvious. The good thing is that it only makes a few calls to the registry and actually makes a real interesting reg call to RegQueryInfoKeyA, but I'm not sure how to read the code. I'm trying to approach it though the hex values, if that's even how I should be approaching it. I'm going through some hex based serial tutorials to see if that helps any.
Thanks again for all your help. You've really helped me along.
|
11-03-2004, 09:41
Similar Threads
Threaded Mode