View previous topic :: View next topic |
Author |
Message |
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Sat Jan 26, 2008 11:08 pm Post subject: VB6 CRACKME |
|
|
I ADDED A LOT OF ANTI-CRACK THINGS...........................
I think it's going to be cracked --
And you won't need vb6ko.dll, you just need msvbvm60.dll.
Antivirus Version Last Update Result
AhnLab-V3 2008.1.26.10 2008.01.25 -
AntiVir 7.6.0.53 2008.01.25 -
Authentium 4.93.8 2008.01.26 -
Avast 4.7.1098.0 2008.01.27 -
AVG 7.5.0.516 2008.01.26 -
BitDefender 7.2 2008.01.27 DeepScan:Generic.Malware.P!Pk!.20811F4C
CAT-QuickHeal 9.00 2008.01.25 -
ClamAV 0.91.2 2008.01.27 -
DrWeb 4.44.0.09170 2008.01.26 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5486 2008.01.26 -
Ewido 4.0 2008.01.26 -
FileAdvisor 1 2008.01.27 -
Fortinet 3.14.0.0 2008.01.26 -
F-Prot 4.4.2.54 2008.01.26 -
F-Secure 6.70.13260.0 2008.01.26 -
Ikarus T3.1.1.20 2008.01.27 -
Kaspersky 7.0.0.125 2008.01.27 -
McAfee 5216 2008.01.26 -
Microsoft 1.3109 2008.01.27 -
NOD32v2 2824 2008.01.26 -
Norman 5.80.02 2008.01.24 -
Panda 9.0.0.4 2008.01.26 Suspicious file
Prevx1 V2 2008.01.27 -
Rising 20.28.60.00 2008.01.27 -
Sophos 4.25.0 2008.01.26 -
Sunbelt 2.2.907.0 2008.01.25 -
Symantec 10 2008.01.27 -
TheHacker 6.2.9.199 2008.01.26 -
VBA32 3.12.2.5 2008.01.21 -
VirusBuster 4.3.26:9 2008.01.26 -
Webwasher-Gateway 6.6.2 2008.01.27 -
Additional information
File size: 73728 bytes
MD5: a936877d66a304c8b849cb29f79f0218
SHA1: abaf8c16b72b147571f3b5b46f8ba84d39fdb6b1
PEiD: -
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
|
Back to top |
|
|
Symbol I'm a spammer Reputation: 0
Joined: 18 Apr 2007 Posts: 5094 Location: Israel.
|
Posted: Sun Jan 27, 2008 12:19 pm Post subject: |
|
|
How come comparing the process ID to the current process ID prevents debugging? its like a child window to the debugger or something?
|
|
Back to top |
|
|
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Mon Jan 28, 2008 4:54 am Post subject: |
|
|
Wiccaan wrote: | Password: IloveCheatEngine
Methods you did to prevent debugging:
- Compared current process id to the actual process id which fails if you are debugging via Olly.
- Attempted to open files (\\.\NTICE and \\.\SICE) to detect Softice and such.
- Looped the process list to locate Ollydbg.exe, w32dam.exe, and softice.exe
- Checked IsDebuggerPresent
Like usual, after defeating any of the above, break on __vbaStrCmp and obtain params.
Nice little trick at the start though, took me a bit and had to ask Sun for his opinion to figure it out |
OMGOMG
But you cracked it ....
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Mon Jan 28, 2008 1:40 pm Post subject: |
|
|
Symbol wrote: | How come comparing the process ID to the current process ID prevents debugging? its like a child window to the debugger or something? |
If I recall correctly, SunBeam and I found that it looks at the parent process ID which returns Olly's process id when you load the prog in Olly and it compares to current which is the programs proc ID and not Ollys so it fails and closes.
Sun mentioned Yodacrypt has this method in it to prevent hacking and such by detecting the parent procid and then blocking input (BlockInput()) if the IDs don't match.
Set a breakpoint on GetCurrentProcessId() and follow it back to each call to it and you will see where it dies.
_________________
- Retired. |
|
Back to top |
|
|
DotNet Newbie cheater Reputation: 0
Joined: 28 Jan 2008 Posts: 10
|
Posted: Mon Jan 28, 2008 1:46 pm Post subject: |
|
|
the pw is IloveCheatEngine !! yeah !
|
|
Back to top |
|
|
woodbine Grandmaster Cheater Reputation: 0
Joined: 28 Sep 2007 Posts: 899
|
Posted: Wed Jan 30, 2008 12:22 am Post subject: |
|
|
DotNet wrote: | the pw is IloveCheatEngine !! yeah ! |
I'm sure Wiccaan already mentioned that.
_________________
Funny Picture Of The Week:
|
|
Back to top |
|
|
|