Cheat Engine

Buggy · Posted: Sat Jan 26, 2008 11:08 pm Post subject: VB6 CRACKME

I ADDED A LOT OF ANTI-CRACK THINGS...........................
I think it's going to be cracked Sad

--

And you won't need vb6ko.dll, you just need msvbvm60.dll.

Antivirus Version Last Update Result
AhnLab-V3 2008.1.26.10 2008.01.25 -
AntiVir 7.6.0.53 2008.01.25 -
Authentium 4.93.8 2008.01.26 -
Avast 4.7.1098.0 2008.01.27 -
AVG 7.5.0.516 2008.01.26 -
BitDefender 7.2 2008.01.27 DeepScan:Generic.Malware.P!Pk!.20811F4C
CAT-QuickHeal 9.00 2008.01.25 -
ClamAV 0.91.2 2008.01.27 -
DrWeb 4.44.0.09170 2008.01.26 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5486 2008.01.26 -
Ewido 4.0 2008.01.26 -
FileAdvisor 1 2008.01.27 -
Fortinet 3.14.0.0 2008.01.26 -
F-Prot 4.4.2.54 2008.01.26 -
F-Secure 6.70.13260.0 2008.01.26 -
Ikarus T3.1.1.20 2008.01.27 -
Kaspersky 7.0.0.125 2008.01.27 -
McAfee 5216 2008.01.26 -
Microsoft 1.3109 2008.01.27 -
NOD32v2 2824 2008.01.26 -
Norman 5.80.02 2008.01.24 -
Panda 9.0.0.4 2008.01.26 Suspicious file
Prevx1 V2 2008.01.27 -
Rising 20.28.60.00 2008.01.27 -
Sophos 4.25.0 2008.01.26 -
Sunbelt 2.2.907.0 2008.01.25 -
Symantec 10 2008.01.27 -
TheHacker 6.2.9.199 2008.01.26 -
VBA32 3.12.2.5 2008.01.21 -
VirusBuster 4.3.26:9 2008.01.26 -
Webwasher-Gateway 6.6.2 2008.01.27 -

Additional information
File size: 73728 bytes
MD5: a936877d66a304c8b849cb29f79f0218
SHA1: abaf8c16b72b147571f3b5b46f8ba84d39fdb6b1
PEiD: -

atom0s · Posted: Sun Jan 27, 2008 11:35 am Post subject:

Password: IloveCheatEngine

Methods you did to prevent debugging:

- Compared current process id to the actual process id which fails if you are debugging via Olly.
- Attempted to open files (\\.\NTICE and \\.\SICE) to detect Softice and such.
- Looped the process list to locate Ollydbg.exe, w32dam.exe, and softice.exe
- Checked IsDebuggerPresent

Like usual, after defeating any of the above, break on __vbaStrCmp and obtain params.

Nice little trick at the start though, took me a bit and had to ask Sun for his opinion to figure it out Smile

Symbol · Posted: Sun Jan 27, 2008 12:19 pm Post subject:

How come comparing the process ID to the current process ID prevents debugging? its like a child window to the debugger or something?

Buggy · Posted: Mon Jan 28, 2008 4:54 am Post subject:

atom0s · Posted: Mon Jan 28, 2008 1:40 pm Post subject:

DotNet · Newbie cheater Reputation: 0 Joined: 28 Jan 2008 Posts: 10

the pw is IloveCheatEngine !! yeah Very Happy

!

woodbine · Posted: Wed Jan 30, 2008 12:22 am Post subject: