Change Serial number

jackall · Posted: Sun Mar 02, 2008 1:31 pm Post subject: Change Serial number

i wrote a small program in C++ and compiled it to binary. Then i tried to reverse the binary code using Ollydbg .
And i was able to patch the jump to get �Good Boy� message. Now, i want to change the hard coded serial: 4321; but i was not able to locate it in OllyDbg. Please let me know how to proceed? The code is given below:
Thank you.

#include<iostream>
using namespace std;

int main()
{
int nbr;
int a;
cout<<"Enter a 4-digit number:\n";
cin>>nbr;
cin.ignore();

if(nbr==4321){
cout<<"Good Boy";
}else

for(a=0;a<15;a++){
cout<<"Bad.....Boy\n\n\n";
}
cin.get();
return 0;

}

Nacho_dj · Frequent poster Joined: 03 Jan 2006 Posts: 52

Search for your number in hexa format, it should be there...

If no luck doing in that way, the best is coding a messagebox in front of and behind the "if" sentence that contains your 1234. In that way you should find it better in OllyDbg.

Cheers

Nacho_dj

jackall · Posted: Mon Mar 03, 2008 6:41 pm Post subject:

Thank you Nacho_dj for your tips.

i will try to follow your suggestion although it is not very clear to my shrunk brain
Hope i find a solution.
regards.

detten · Site Admin Joined: 05 Feb 2005 Posts: 317

I think the problem is that your serial is represented as an number (int).
If it was represented a string (char*), you would be able to find it in ollyDbg more easily.

If you found the 'goodguy' jump, then you must be able to find the CMP in front of it?
Doesn't it look something like this :

cmp eax, 10E1 ?

jackall · Posted: Tue Mar 04, 2008 7:03 am Post subject:

Thanks detten ..

i changed the 'int' to ' char ' data type. Now the issue is about C++.
The if (nbr==4321) is evaluated to be ' not true ' and executes the ' else ' statement.

After compiling this , opened the file in Olly and found the "Good Boy" message is missing there too. could you please explain it ?

it is a satisfying experience to learn especially when understanding helping hands are nearby.

Thank you once again..

jackall · Posted: Tue Mar 04, 2008 8:54 am Post subject:

detten ..

Your suggestion proved right ; it has taken me some Google search ; little effort to understand the string data declaration.
i was able to find the coded serial in Olly.

regards.

detten · Site Admin Joined: 05 Feb 2005 Posts: 317

jackall · Posted: Wed Mar 05, 2008 8:40 am Post subject:

Well...
'String content and string address' are well explained by detten . And the code snippets accompanying it make the concept clearer...

Good clarity of subject and genuine willingness to share the knowledge with others.

This has helped me...
Though i had got my answer right following detten's initial tip; i would have not have learned why if (nbr 4321) is evaluated to be 'not true� with out the additional explanation.

Thank you.