DarkWolf
presents:
Essay nš #4: CrackMe 2 version 2*
Toolz:
Soft-Ice and Windasm
Download the crackme at my page.
Explain: A little easy, but this time we gonna use windasm and Soft-Ice together to find the correct serial
The Essay:
* = I don't know whats the real name. The only information that i got is it.
Open our target at Windasm. After load, goto SDR. Dbl clik at String Recource ID=103: "Incorrect, try again".* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00401642(C) <- Copy that address
:00401747 8D8D44FEFFFF lea ecx, dword ptr [ebp+FFFFFE44]
* Reference To: MFC42.Ordinal:021C, Ord:021Ch
|
:0040174D E81A060000 Call 00401D6C
:00401752 C645FC04 mov [ebp-04], 04
* Possible Reference to String Resource ID=00103: "Incorrect!!, Try Again."
|
:00401756 6A67 push 00000067 <- Land Here
Now goto address 00401642. U will see:
:00401627 E852070000 Call 00401D7E
:0040162C 83C40C add esp, 0000000C
:0040162F 8D4DDC lea ecx, dword ptr [ebp-24]
:00401632 E879020000 call 004018B0
:00401637 50 push eax
:00401638 8D4DE8 lea ecx, dword ptr [ebp-18]
:0040163B E880020000 call 004018C0
:00401640 85C0 test eax, eax <- Hmmm a compare. Remember this
address
:00401642 0F85FF000000 jne 00401747 <- U land here
:00401648 8D8DACFEFFFF lea ecx, dword ptr [ebp+FFFFFEAC]
Now, enter ur name, any serial and enter sice and bpx GetWindowTextA. After clik check, sice will pop-up. Clear u breakpoints and enter and bpx on 00401640. Click check again and type "d ecx" u should see ur generated serial. Try to enter and click check. Congratulationz!!! U cracked one mor easy crackme.
Greetz:
Mercution, AC_178, Ac|dFuSiO, LaZaRuZ^, Dead-Mike, Termn8r, Macr0, Dead-Mike, SpeedSta (for playing chess :), [--DP--] (Do u learn????), ep-180 and all ppl in #c4n and #cracking.uk. If i forgot u, sorry :)
Contact: darkwolfhp@hotmail.com