Need some pointers

[gabri3l]

Talked to you over email. It seems you progressed as far as you could before using Olly. This is where you started to have problems. You could not find calls to set breakpoints on in Olly.

Using stripper to unpack; your entry point lies outside of the code section. This is why Olly is giving you trouble. The code section for this program (after unpack) begins at 00401000. The entry point is at location 0058A000.
To verify this use LordPe to examine the file. You will see your entrypoint as 18A000. Then click the sections button. You will see size of the code section (.text) is only 113000.
1000 + 113000 = 114000 Which means 18A000 is very far outside your code section. What you need to do is let Olly run from the entry point until you get inside your code section.

Now, to correctly find API calls in Olly:
1. Make sure you have the commandbar plugin
2. load the file
3. In the commandbar type "tc eip<500000" without the quotes.
*I am using Win 2000, so your address may need to be different than mine.
**Basically you want to trace until the next execution occurs inside your code section.
4. Then press enter.
5. You should stop here: JMP DWORD PTR DS:[<&kernel32.GetModuleHa>; kernel32.GetModuleHandleA
6. Search for all intermodular calls. And continue as normal.

Hopefully that helps you, and also gives you an idea as to WHY Olly was not finding the calls. I did not continue on and find a serial I figured I would leave that up to you.