WEBVTT 1 00:01.730 --> 00:03.350 Hello and welcome back. 2 00:03.380 --> 00:09.500 We are now going to patch this to always show the good message, which is good work, no matter what the 3 00:09.500 --> 00:11.900 serial number or the username. 4 00:12.170 --> 00:19.580 Now, if you notice in the previous program, what we did was we already managed to fish out the serial 5 00:19.580 --> 00:23.390 key for the serial name for the name cracker. 6 00:23.630 --> 00:27.650 And the serial key is this, 932279. 7 00:28.280 --> 00:31.460 So if we put 932279, we get okay. 8 00:31.640 --> 00:37.850 But if you were to change the username, let's say you remove the R character, it says wrong. 9 00:37.850 --> 00:42.740 That means if you want to use this serial key, you must key in this name, cracker. 10 00:42.770 --> 00:49.640 If your name is different, then the registration number, serial, is also wrong. 11 00:50.540 --> 00:51.890 Just be aware of that. 12 00:52.010 --> 00:59.930 Now in this lesson, we are going to patch the file such that no matter whatever the username or whatever 13 01:00.110 --> 01:02.720 the number, it always will show the right message. 14 01:02.720 --> 01:03.950 So let's get started. 15 01:05.680 --> 01:07.330 So now let's see. 16 01:07.360 --> 01:11.290 Over here, we are going to put a breakpoint as usual here. 17 01:11.290 --> 01:12.550 And we run this now. 18 01:12.910 --> 01:18.760 And when it pops up, we are going to put cracker but a wrong registration number. 19 01:19.090 --> 01:27.580 So when you click okay, it comes to this one, we can now, uh, do a graph, and we are going to trace it. 20 01:29.220 --> 01:29.670 Okay. 21 01:29.670 --> 01:33.330 Notice that it came here and then it jumped here. 22 01:33.330 --> 01:38.220 And then it's going to test -. - is negative one. 23 01:38.220 --> 01:42.540 And because of that, uh, this jump is taken. 24 01:42.540 --> 01:43.830 Let me go to the left. 25 01:44.250 --> 01:48.750 So the easiest way to solve this is to just NOP this, to go to the right. 26 01:48.750 --> 01:55.080 But you will notice that something, um, weird will happen when you do that. 27 01:55.080 --> 02:01.380 If you just NOP this, this message box, if you just NOP this, it will go to the right. 28 02:01.380 --> 02:05.070 Yes, but it will not show the message box. 29 02:05.070 --> 02:06.240 Why is that? 30 02:06.450 --> 02:09.510 Because of this - value. 31 02:09.750 --> 02:11.580 - value is negative one. 32 02:11.610 --> 02:17.670 Now the message box API requires the - to be other than negative one. 33 02:17.670 --> 02:20.820 That means you need to put, for example, zero, right? 34 02:20.820 --> 02:22.140 You need to push zero here. 35 02:22.140 --> 02:23.850 Then the message box will show. 36 02:23.880 --> 02:24.990 Let me demonstrate. 37 02:24.990 --> 02:25.500 What if you. 38 02:25.500 --> 02:28.650 Now we NOP this, I already put a comment up. 39 02:28.650 --> 02:30.810 So I'm going to go to this assembly view. 40 02:31.320 --> 02:33.840 And I'm going to just NOP this blindly. 41 02:33.840 --> 02:36.750 Just put right-click and binary fill with NOPs. 42 02:36.750 --> 02:39.180 So now it is filled with NOPs. 43 02:39.960 --> 02:42.000 Let's go back to graphical view. 44 02:43.050 --> 02:46.530 And now I'm going to run, okay. 45 02:47.820 --> 02:49.920 So let's click okay and try again. 46 02:49.920 --> 02:52.830 So now it's supposed to go to the right because I already NOPed this. 47 02:53.010 --> 02:54.390 So let's run it. 48 02:55.080 --> 03:01.680 And okay, so now it's here, and step over. 49 03:04.790 --> 03:06.350 Okay, so it's coming here. 50 03:06.680 --> 03:08.750 All right, remember, this is already a NOP. 51 03:09.680 --> 03:10.370 Take a look. 52 03:10.580 --> 03:11.450 It's already a NOP. 53 03:11.480 --> 03:12.080 All right. 54 03:13.430 --> 03:15.830 So let's go to graphical view again. 55 03:16.820 --> 03:20.510 So because it's already a NOP, it will not go to the left. 56 03:20.510 --> 03:22.310 It will always go to the right. 57 03:23.540 --> 03:24.500 There you go. 58 03:24.710 --> 03:27.650 It's going to push these two parameters to the stack. 59 03:28.700 --> 03:31.670 It's going to push all these four parameters, 1, 2, 3, 4. 60 03:31.790 --> 03:43.970 If you look at the API for, let's look for API, MSDN, uh, MessageBox API, you will see the parameters 61 03:43.970 --> 03:45.530 for that API. 62 03:47.600 --> 03:49.430 And these are the parameters. 63 03:49.430 --> 03:49.970 Okay. 64 03:50.720 --> 03:55.370 Uh, the first parameter is the handle to the parent, handle to the owner. 65 03:55.580 --> 03:59.480 So the handle to the owner should not be negative one. 66 03:59.480 --> 04:02.780 If is negative one, then the window will not show. 67 04:02.780 --> 04:04.190 The message box will not show. 68 04:04.730 --> 04:12.080 So as you can see from here, the first parameter is, first parameter is negative one. 69 04:12.380 --> 04:20.750 Second parameter is the message you want to show, which according to this is, uh, the text 70 04:20.750 --> 04:26.750 that you want to show, the text that you want to show this one, the message will be displayed. 71 04:26.750 --> 04:28.370 That's the second parameter. 72 04:28.460 --> 04:28.940 Good work. 73 04:29.690 --> 04:33.650 Third parameter is the caption for the message box caption. 74 04:34.220 --> 04:38.630 And the fourth parameter is the type, that means what type you want to have, a button or an icon, or 75 04:38.630 --> 04:41.090 what type of icon, or how many buttons, and so on. 76 04:41.090 --> 04:42.890 But we are not concerned with that. 77 04:42.890 --> 04:44.960 We are just concerned with the first parameter. 78 04:44.960 --> 04:50.120 First parameter should not be negative one, but in this case, the value of - is negative one. 79 04:50.150 --> 04:53.690 You see that when you push this, you are pushing negative one. 80 04:53.690 --> 04:53.870 You. 81 04:53.870 --> 04:54.470 Let's take a look. 82 04:55.130 --> 04:56.570 This one takes two bytes. 83 04:57.170 --> 04:58.190 It is only one byte. 84 04:58.190 --> 04:59.570 Push - is one byte. 85 04:59.960 --> 05:02.000 If you push zero, it takes two bytes. 86 05:02.000 --> 05:07.010 As you can see from here, push zero is actually two bytes, but you only have one byte. 87 05:07.010 --> 05:12.260 So if we try to assemble it, push zero here, it will fail, okay. 88 05:12.260 --> 05:13.460 So it will. 89 05:13.460 --> 05:14.300 You can't assemble. 90 05:14.300 --> 05:19.400 So the only way to solve it is to do something. 91 05:19.400 --> 05:22.760 Let me go back to the graph to do something over here. 92 05:23.630 --> 05:24.290 Here. 93 05:24.650 --> 05:25.280 Right. 94 05:25.280 --> 05:31.730 Make sure that - becomes zero here, because it will always come here before it goes to the bad message. 95 05:32.390 --> 05:35.630 So we cannot simply, uh, push zero here. 96 05:36.560 --> 05:38.450 So we have to modify here. 97 05:38.540 --> 05:45.230 So to modify this, we right-click this, put a comment there, say that we want to XOR -. 98 05:46.990 --> 05:52.120 So when we XOR -, what we are doing is setting it to become zero. 99 05:52.120 --> 05:54.370 So let's go back here and follow this assembler. 100 05:57.150 --> 05:59.760 All right, so we have to do this. 101 06:02.310 --> 06:08.400 Press space to assemble an XOR, and notice it's the same size. 102 06:08.430 --> 06:09.060 All right. 103 06:09.960 --> 06:11.940 Next thing, we need to NOP this. 104 06:13.770 --> 06:15.810 Sorry, I didn't assemble it. 105 06:15.810 --> 06:16.920 So let's do it now. 106 06:18.090 --> 06:19.950 XOR, click okay. 107 06:20.880 --> 06:21.510 All right. 108 06:21.720 --> 06:26.850 Next thing is to NOP this, because we don't want it to subtract and cause it to become negative 109 06:26.850 --> 06:27.450 one. 110 06:27.450 --> 06:30.030 So we'll binary edit it. 111 06:30.030 --> 06:30.630 Sorry. 112 06:30.630 --> 06:31.320 Wrong one. 113 06:31.590 --> 06:34.380 Right-click and binary fill with NOPs. 114 06:35.700 --> 06:36.240 And that's it. 115 06:36.660 --> 06:37.320 Okay. 116 06:37.320 --> 06:39.930 So now we go back to our graph view. 117 06:47.590 --> 06:53.080 You go back to our graph, you will find that this one will become - will be zero. 118 06:53.080 --> 06:54.040 Let's try and see. 119 06:55.390 --> 07:01.360 Click run, and then we enter any wrong registration number. 120 07:01.360 --> 07:05.020 And then comes here, and step over. 121 07:07.440 --> 07:11.040 Okay, now this one is already XOR, XOR. 122 07:11.190 --> 07:13.050 Let me refresh this so you can see clearly. 123 07:13.920 --> 07:17.370 Refresh, okay, it's already XOR -, correct. 124 07:17.550 --> 07:19.890 So our - is already zero, okay. 125 07:19.890 --> 07:27.360 So now we come here, and straight away we will come and we test it. - is zero, right. 126 07:27.360 --> 07:28.830 So it will not work. 127 07:30.030 --> 07:32.490 So now it's going to push all this. 128 07:33.180 --> 07:37.170 And now we come to the call to message box. 129 07:37.170 --> 07:39.120 And we see that - is now zero. 130 07:39.420 --> 07:41.940 Because of that, it will now show the message box. 131 07:41.940 --> 07:43.110 So I click continue. 132 07:43.110 --> 07:44.340 The message box shows. 133 07:44.790 --> 07:46.710 So that's how you do it, okay. 134 07:46.710 --> 07:47.970 So be very careful. 135 07:47.970 --> 07:49.050 You cannot simply NOP. 136 07:49.890 --> 07:55.920 You have to always check the parameters for the message box to make sure they are legal values, not 137 07:55.920 --> 07:58.320 negative one for the first parameter. 138 07:58.980 --> 07:59.220 Right. 139 07:59.220 --> 08:00.570 So now you can patch this. 140 08:00.570 --> 08:04.710 So we are going to patch, patch file. 141 08:05.520 --> 08:09.840 Click on this and give it another name with -2 at the back. 142 08:10.860 --> 08:11.370 Click okay. 143 08:11.370 --> 08:13.560 And now we can test our patch directly. 144 08:15.540 --> 08:18.240 Enter any username. 145 08:19.530 --> 08:24.510 And then here we click any kind of registration number, and you click okay. 146 08:24.510 --> 08:25.290 It's good work. 147 08:25.290 --> 08:26.460 So it's working. 148 08:26.460 --> 08:30.240 So this is how you should be careful when you are trying to patch message boxes. 149 08:30.720 --> 08:38.400 Um, when you want to put a NOP for message box, you must always check the first parameter of the message 150 08:38.400 --> 08:42.090 box to make sure it is a legal value. 151 08:42.090 --> 08:44.490 In this case, it cannot be negative one. 152 08:44.760 --> 08:46.410 So that's all for this video. 153 08:46.410 --> 08:48.270 Thank you for watching.