lol

I have any difficulties with target wich has been written with windev .
I have find only one tuto with windev .It si poor althougth
windev target don't miss .Was somebody be able to give me any crack windev tutos ?

I want to crack this windev crackme
If somebody is interrested he should to download the two missing .dll (WD553EXE.dll , WD553WDW.dll) at http://www.alltheweb.com in the ftp part . Otherwise the crackme is bigger to attach .

I will Softice and windasm .

I have done this

bpx sendmessageA

hwnd crackme1
Window Handle hQueue SZ QOwner Class Name Window Procedure
03C8(1) 2E27 32 CRACKME1 WDRBF 1427:00000BE8
03CC(2) 2E27 32 CRACKME1 Button 1427:00000B7A
03D4(2) 2E27 32 CRACKME1 Button 1427:00000B7A
03D8(2) 2E27 32 CRACKME1 Static 1427:00000BA6
03DC(2) 2E27 32 CRACKME1 Edit 1427:00000BD2
03C4(1) 2E27 32 CRACKME1 WDRBF 1427:00000AB4
03C0(1) 2E27 32 CRACKME1 WDBULLE00520EDE 1427:00000A88

bmsg 3c8 wm_gettext
bmsg 3cc 202 ;; 202 code when I press the button

Then , what have I to do ?
Sometimes bpr breakes .

Hi newbcrk,
to catch wm_gettext seems to be one of the best ways to approach the target. Then, you have to step each line! From what I have seen, the interesting code is all inside WD553EXE.dll but I can be wrong. I solved this crackme in a different way, using SoftIce's 's' command. Look around for some interesting texts, you will find your serial

Best regards,
ZaiRoN

lol
before and after this call 100CCF84 call 10124580 there is a loop .
There is the bad way .

It seems to be around (or inside) this call .Right ? (So I can begin a analyse)
A bpr lands inside this code .But yet I fail to put my bpr .Strange isn’t it ?

If I am right .Could you tell me which methods you have used to compare with mine ?

Hi,
I started with bmsg on wm_settext and, as I said before, after that I have not putted breakpoint...

Sorry but I stepped only few lines and I don't know whether the addresses you gave me are good or bad. I don't have the crackme on this machine and I can't check but if I recall correctly the serial is not visible in the files but its only visible at runtime...

ZaiRoN

Thanks (I will find)

I have found .Mos tof time I find without understanding the code
I have use only bpx sendmessageA and F10-F12
I will try with the bmsg in the purpose to understand

d eax
:u 100F9A38 L FF
0167:100F9A38 EBD2 JMP 100F9A0C
0167:100F9A3A 8B4111 MOV EAX,[ECX+11] ;;HERE d EAX give the serial number 123456ABCEF
0167:100F9A3D 33D2 XOR EDX,EDX
0167:100F9A3F 40 INC EAX
0167:100F9A40 51 PUSH ECX
0167:100F9A41 894111 MOV [ECX+11],EAX
0167:100F9A44 8A50FF MOV DL,[EAX-01]
0167:100F9A47 FF149538EA1310 CALL [EDX*4+1013EA38]
0167:100F9A4E 83C404 ADD ESP,04
0167:100F9A51 8B4D08 MOV ECX,[EBP+08]
0167:100F9A54 EBE4 JMP 100F9A3A
0167:100F9A56 8BFF MOV EDI,EDI
0167:100F9A58 009A0F10CD99 ADD [EDX+99CD100F],BL
0167:100F9A5E 0F10CD MOVUPS XMM1,XMM5
0167:100F9A61 99 CDQ
0167:100F9A62 0F1000 MOVUPS XMM0,[EAX]
0167:100F9A65 9A0F109E990F10 CALL

Bye

Well done! ;-)

Btw, to play with a program written with windev is not so unusual, you have used the same approaches and the same SoftIce's commands that you use with another program written with something different from WinDev. Am I wrong?

ZaiRoN

You are right .I have used bpx sendmessageA looking in the user 32.hlp .
The most important is to understand the hwnd command and what she gives .
I watch the handle , do F5 to make a breake .As soon as I have seen the handle number of edit BOX (hwnd gives it) , I have begin to trace with F10 .
I have understand too why my bpr refuses to breake .I had to localise before the sendmessageA API of the edit then I could to put a breaking bpr .
I can't explain this but it's breakes .Memory reasons ?



Realy I have learn , find a rational approach .I am only newbie

Hello everybody

If you have difficulties to find serial for windev crackme, thalos wrote a tutorial. You find it on my web site.

Bye

DalKiT