Acid_Cool_178
presents he's

This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.

One name and two serial fields, no "check" button. It checkes automaticly. :)

Well, this crackme will be patched etc etc.

NOP means No OPeration and are 90 in hex
Question: But where to NOP ?
Answer: In the code field. You can see this in W32Dasm and Hiw.   Location : Code : ASM Code   <-- You are NOP'ing tha code. and that's all.
The code are always in 2,4 or 6 bits never 1,3 or 5 bits. So, if i have this and i want to NOP it.
00442A0D    7432        CMP EAX, ECX
The i will cange it to
0044A0D      9090           CMP AEXX, ECX

Fire up the crackme in W32Dasm and go to "String Data References" there you can see this string. "You cracked it, now write me" dubbleclick on that string and you will see this code.

* Possible StringData Ref from Data Obj ->"You cracked it, now write me"
|
:00402C31 BA57F34400 mov edx, 0044F357                                         <-- You land here | Here starts the good code
:00402C36 8D85FCFDFFFF lea eax, dword ptr [ebp+FFFFFDFC]
:00402C3C E867B00400 call 0044DCA8
:00402C41 FF431C inc [ebx+1C]
:00402C44 66C743108C00 mov [ebx+10], 008C

Now when i did scroll up i could see 4 important Jumps that i have to NOP
:00402C29 745B je 00402C86        <-- Important Jump I
:00402BFC 7405 je 00402C03        <-- Important Jump II
:00402BEC 7405 je 00402BF3        <-- Important Jump III
:00402BE4 742E je 00402C14        <-- Important Jump IV

Scroll up so you are standing at those adn in W32Dasm's statusbar you can see the @Offset. Note it down.

Lets start with the NOP'ing.

Open the crackme in Hiew and press enter twice, now you shall be in Decode Mode (F4 and Select Decode)
Goto (F5) and write in the offset.
Now you will stand on the jump, Edit the code by pressing F3 and just write in 9090 on all the important jumps.
Update the file by pressing F9 and exit (F10 or Escape)

Run the crackme and what the hell!
When i for the firt time did see this bad messagebox i almost crushed my monitor with my head, I don't now how i did it..

Now lets go back to the code. and i scrolled down so i could see this code.

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402C5A(U)
|
:00402C61 A1243A4500 mov eax, dword ptr [00453A24]
:00402C66 8B00 mov eax, dword ptr [eax]
:00402C68 E8A7AF0400 call 0044DC14                 <-- CALL THE NAG
:00402C6D FF4B1C dec [ebx+1C]
:00402C70 8D85FCFDFFFF lea eax, dword ptr [ebp+FFFFFDFC]
:00402C76 BA02000000 mov edx, 00000002
:00402C7B E82CB10400 call 0044DDAC
:00402C80 66C743100800 mov [ebx+10], 0008

Find the offset to the call and open the crackme in Hiew
F4 and choose Decode
F5 and write in the offset
F5 and fill in 9090909090
Update the file by pressing F9
Exit by pressing F10 or Escape

Run the crackme and try to write your name :) Congratulations :))

LaZaRuS you have almost destroyd my monitor, shame on you (hehe)
Well, it was a cool crackme also. fun to crack. As you have read in Hellforge's messageboard...

This protection sux bigtime. anti patching routine and still one Name and two serial fields. fuck..
But i have defeated that :)

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^  and all the other i have forgotten