Acid_Cool_178
presents he's
| #9 Tutorial |
| For Hellforge |
| Athour Information |
| acid_cool_178@hotmail.com | ||
| Age | 17 | |
| Web Page | http://acidcool.cjb.net/ | |
| Date | January 2000 | |
| Member in | Hellforge | Flying Horse Cracking Force |
| Groups Web Page | Hellforge Login | FHCF Login |
| Program Infromation |
| Name | Crackme 1 - By CoSH | |||
| crackme1.exe | ||||
| Athour | CoSH | |||
| Where to Downlaod | Crackmes | |||
| Tools used | W32Dasm Hiew.exe |
Downlaod At | ||
| 1 Player Tools. | ||||
| 2. Programmer Tools | ||||
| Size | 20KB | |||
| What kind of a program | Crackme | Shareware | ||
| Skill | Easy | Not so easy | Hard | X-pert |
| Information about the protection |
This protection are the PC games gigants using. You must have the correct CD else you cant play the game.
| Before we start |
CoSH have coden one crackme that i also want to code, and i don't now how to do it on
Visual Basic 6 and this crackme are easy to understand for a newbie.
In W32Dasm so must ya now where #String data References are, so just goto the meny
Refs-->String Data References and woala ;)
NOP means NO OPERATION and NOP are 90 in hex.
i.e. 00401054 74BD
je 00401013
|Offset | |Code| |ASM Code |
It's the code that we have to nop, here we have to press 90 twice.
| The Process |
I opned crackme.exe in W32Dasm, the i went on String Data References and founded this
string "CD Found: This will contain....."
Adn scrolled some up in the code.
* Reference To: MFC42.Ordinal:0320, Ord:0320h
|
:00401384 E811030000 Call 0040169A
:00401389 385DF3 cmp byte ptr [ebp-0D], bl
:0040138C 0F84F3000000 je 00401485
<-- Jump to good message if correct CD, Else move on to bad message.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401352(C)
|
:00401392 FF45EC inc [ebp-14]
:00401395 83C704 add edi, 00000004
:00401398 837DEC07 cmp dword ptr [ebp-14], 00000007
:0040139C 759F jne 0040133D
:0040139E 53 push ebx
* Possible StringData Ref from Data Obj ->"Try again"
|
:0040139F 684C304000 push 0040304C
In W32Dasm's statusbare can you see this @Offset xxxxxxxx In File:Crackme1.exe
Note the offset anf open crackme in hiew. Press enter twice (Decode mode) and goto (F5)
the offset you noted. Nop the jump and everything will be cool ;)
| Ending |
Bored at a saturday and nothing to do, my life are PC and before i started with coding/code reverse engineering so did i play cames and have fun. Now i have more fun with my PC and i like it. I have learnd alot in debugging and coding the last time, my mum and dad don't now what i'm doing and i'm glad for that ;)
| Greetings |
LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke and all the other i have forgotten