|
May be this can be of help:
OCX, after registering, get assigned a a unique registry key
that looks something like 1234f-756b45463465-476464648389309
searching the registry with your dll name will give you the unique key for your OCX.
They get loaded by your app using the API:
ole32.CoCreateInstance
which takes the reg key as one of the parameters pushed into the stack. In olly you can by choosing brake in new module, you can catch it loading your dll.
If you locate the area of your main exe code that load your OCX .dll you can figure out the validation/registration mechanism and neutralize it.
In my case, loading an authorized OCX returned 1 in EAX, after ole32.CoCreateInstance API returns. otherwise a weird value, 800000A1 returned in EAX
|