Acid_Cool_178
presents he's
| #25 Tutorial |
| For Hellforge |
This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.
| Athour Information |
| acid_cool_178@hotmail.com | ||
| Age | 17 | |
| Web Page | http://acidcool.cjb.net/ | |
| Date | March 2K | |
| Member in | Hellforge | Flying Horse Cracking Force |
| Groups Web Page | Hellforge Login | FHCF Login |
| Program Infromation |
| Name | Crackme 4 - n0p3x | crackme4.exe | ||||
| Crackme 4a - n0p3x | crackme3.exe | |||||
| Athour | n0p3x | |||||
| Where to Downlaod | http://cod3r.cjb.net | |||||
| Tools used | Soft Ice | Downlaod At | ||||
| 1. Player Tools | ||||||
| 2. Programmer Tools | ||||||
| What kind of a program | Crackme | Shareware | ||||
| Skill | Easy | Not so easy | Hard | X-pert | ||
| Information about the Protection I |
This protection needs a correct CD in the CD-ROM that we don't have.
| Before We Start |
Task 1 <-- Crackme 4
Task 2 <-- Crackme 4a
| The Process |
Task1
Start the crackme and it says the it needs a CD. Clock on the "OK" button to
move on with the crackme.
Open Soft Ice by pressing CTRL+D and type Bpx GetDriveTypeA [ENTER]
Exit Soft Ice and press on the "Re-Test CD" and Soft Ice pop's up. Now press F12
once and you will stand at CMP EAX,05
Write in A [ENTER]
Write in CMP EAX,03 [ENTER]
Press enter once more time
Clear all og the breakpoints by entering BC* [ENTER]
Exit Soft ICe by pressing CTRL+D and tell me what you can see :)
It's got a CD :))
Task2
Start the crackme and it says the it needs a CD. Clock on the "OK"
button to move on with the crackme.
Open Soft Ice by pressing CTRL+D and type Bpx GetDriveTypeA [ENTER]
Exit Soft Ice and press on the "Re-Test CD" and Soft Ice pop's up.
Press F12 once and LOOK at the code. We can se any CMP XXX,05 so we have to so something
other cool stuff now.
Press F10 until you are at 401097
Write in A [ENTER]
Write in MOV EBX,03 [ENTER]
And press enter once more time
Look down and you can see this CMB EBC,ECX
EBX are the CD-ROM wich he have set the vaule to 03
ECX are the Hard Drive wich ARE the vaule of 03 :)
| Information about the Protection II |
Task1 and 2
GetDriveTypeA worx like this
UINT GetDriveType(
LPCTSTR lpRootPathName // address of root path
);
| CMP EAX | 06 | RAM-Disk (only GetDriveTypeA) |
| 05 | CD-ROM-Drive | |
| 04 | Remote Drive (Network) | |
| 03 | Fixed Drive (Harddisk) | |
| 02 | Root Directory does not exist | |
| 01 | Drive can't be determinded | |
| 00 | Drive can't be determinded |
Understand, we have canged CMP EAX,05 to CMP EAX,03
| Greetings |
LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do, ^AlX^ and all the other i have forgotten