Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


VB6 CRACKME

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Thu Jan 31, 2008 9:51 am    Post subject: VB6 CRACKME Reply with quote

It might be difficult to crack i think/// ahhaahahahahaha
Actually I'm really really sorry about that,, but it access to Device\PhysicalMemory so sometimes it can show a bluescreen..
I think it won't be work on Vista,95,98,ME.I'm really really sorry about this but it shows rarely..... I'm sorry for this and good work!

안티바이러스 버전 정의 날짜 검사 결과
AhnLab-V3 2008.2.1.10 2008.01.31 -
AntiVir 7.6.0.59 2008.01.31 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.01.31 -
AVG 7.5.0.516 2008.01.31 -
BitDefender 7.2 2008.01.31 -
CAT-QuickHeal 9.00 2008.01.30 Win32.Trojan-Downloader.Banload.chi3
ClamAV 0.92 2008.01.31 -
DrWeb 4.44.0.09170 2008.01.31 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5500 2008.01.31 -
Ewido 4.0 2008.01.31 -
FileAdvisor 1 2008.01.31 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 -
Ikarus T3.1.1.20 2008.01.31 -
Kaspersky 7.0.0.125 2008.01.31 -
McAfee 5219 2008.01.30 -
Microsoft 1.3109 2008.01.31 -
NOD32v2 2839 2008.01.31 -
Norman 5.80.02 2008.01.30 -
Panda 9.0.0.4 2008.01.30 -
Prevx1 V2 2008.01.31 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.01.31 -
Symantec 10 2008.01.31 -
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 -
VirusBuster 4.3.26:9 2008.01.30 -
Webwasher-Gateway 6.6.2 2008.01.31 -
추가 정보
File size: 40960 bytes
MD5: 10c42a2db5c5ca1ed5c94dbf397e3d3f
SHA1: 9ee83eeebd42ce10e896d40fa284a19ae1c35c21
PEiD: -

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
HolyBlah
Master Cheater
Reputation: 2

Joined: 24 Aug 2007
Posts: 446

PostPosted: Thu Jan 31, 2008 2:39 pm    Post subject: Reply with quote

BP on __vbaStrCmp. PW:50E90DA1.


Nice trike with invisible window, but CE can handle this Wink
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Thu Jan 31, 2008 5:06 pm    Post subject: Reply with quote

A little more info on this one, again you seem to make these a little more interesting each time compared to the others that post Wink

Some new methods and extra scans for protection, you make a call to the Windows Management System for the process list via win32_process and scan for the following exes:

    CheatEngine.exe
    moon lightEngine.exe
    MesoEngine.exe
    Engine.exe
    OllyDebug.exe
    OllyDebugger.exe
    OllyDbgger.exe
    Olly.exe


If any of those processes is found, the program closes immediately via 'End'.


Although I did come up with a different password then Holy did as I assume this is due to something you are doing to calculate the pass? Perhaps different on every machine. Mine was: 383628C8

And on my desktop its: 9088C026, so yea different on each machine. Looking at where it generates the string, this is due to:

When the password check button is pressed, it makes a call to GetVolumeInformation then converts the serial number of your C:\ to hex, which is then compared to the current value of the box via a call to:

MSVBVM60.rtcHexBstrFromVar

So a keygen for this would be a simple program that calls GetVolumeInformation and converts the serial number of C:\ to hex. A simple example of this in C++ and VB6:


C++
Code:
#include <windows.h>
#include <iostream>

int main()
{
   TCHAR tszNameBuff[MAX_PATH]={0};
   TCHAR tszFileBuff[MAX_PATH]={0};
   DWORD dwSerialNumber = NULL;
   GetVolumeInformation( TEXT("C:\\"), tszNameBuff, MAX_PATH, &dwSerialNumber, NULL, NULL, tszFileBuff, MAX_PATH );
   std::cout << "The password for your system is: " << std::hex << dwSerialNumber;
   std::cin.sync();
   std::cin.ignore();
   return ERROR_SUCCESS;
}


VB6
Code:
Option Explicit

Private Declare Function GetVolumeInformation Lib "Kernel32" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long

Private Sub Command1_Click()
    Dim dwSerial        As Long
    Dim szName          As String
    Dim szFileSystem    As String
   
    '// Prepare String Variables
    szName = String$(255, Chr$(0))
    szFileSystem = String$(255, Chr$(0))
   
    '// Obtain Volume Information
    GetVolumeInformation "C:\", szName, 255, dwSerial, 0, 0, szFileSystem, 255
   
    '// Display Hexed Serial
    Text1.Text = Hex(dwSerial)
End Sub




Some other things you can do for actually cracking this would be hook GetVolumeInformation and force it to return 0 for the serial and have the user just input 0 for the pass. Or, you can also replace the compare and just have it always return successful.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Fri Feb 08, 2008 1:56 am    Post subject: Reply with quote

Here's a code that I use Windows Management System
Code:

       Dim oWMI As Object
    Set oWMI = GetObject("winmgmts:")
    If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='CheatEngine.exe'").Count > 0 Then End
    If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='   moon   lightEngine.exe'").Count > 0 Then End
        If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='MesoEngine.exe'").Count > 0 Then End
        If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='Engine.exe'").Count > 0 Then End
        If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='OllyDebug.exe'").Count > 0 Then End
        If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='OllyDebugger.exe'").Count > 0 Then End
        If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='OllyDbgger.exe'").Count > 0 Then End
        If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='Olly.exe'").Count > 0 Then End

I think it's not good method Crying or Very sad

And I used shorter one getting harddisk information
Code:

Private Declare Function GetVolumeInformation Lib "kernel32.dll" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, ByRef lpVolumeSerialNumber As Long, ByRef lpMaximumComponentLength As Long, ByRef lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long
Private Sub Form_Load()
 Dim Buggy As Long
 GetVolumeInformation "C:\", vbNullString, 0, Buggy, 0&, 0&, vbNullString, 0
Debug.Print Hex$(Buggy) ' Print Serial

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
Pedram123
Grandmaster Cheater
Reputation: 0

Joined: 16 Nov 2007
Posts: 639
Location: Denmark

PostPosted: Fri Feb 15, 2008 3:19 pm    Post subject: Reply with quote

cool, lemme try it out, XD
_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites