Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Upgraded VB6 Crackme :)

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Sat Jan 05, 2008 10:18 pm    Post subject: Upgraded VB6 Crackme :) Reply with quote

it'll be more difficult than previous version (actually previous version was really easy....... Sad )
And good work
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sun Jan 06, 2008 12:24 am    Post subject: Reply with quote

Aww cute, you added IsDebuggerPresent checks. Anyway, simply bypassed.

Password: ID10Tcracker

This one was a little more tricky, but, again not too hard.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Sun Jan 06, 2008 12:27 am    Post subject: Reply with quote

Wiccaan wrote:
Aww cute, you added IsDebuggerPresent checks. Anyway, simply bypassed.

Password: ID10Tcracker

This one was a little more tricky, but, again not too hard.

You changed BeingDebugged value to 0 to bypass IsDebuggerPresent ??

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
Cx
Master Cheater
Reputation: 0

Joined: 27 Jul 2007
Posts: 367

PostPosted: Sun Jan 06, 2008 10:17 am    Post subject: Reply with quote

Buggy wrote:
Wiccaan wrote:
Aww cute, you added IsDebuggerPresent checks. Anyway, simply bypassed.

Password: ID10Tcracker

This one was a little more tricky, but, again not too hard.

You changed BeingDebugged value to 0 to bypass IsDebuggerPresent ??

...
There's like a million things you could have done.
Back to top
View user's profile Send private message
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Sun Jan 06, 2008 11:27 am    Post subject: Reply with quote

uhh
anti anti plugins?
and lol wtf no vbastrcmp =(
harder then the first 1. indeed.
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sun Jan 06, 2008 3:47 pm    Post subject: Reply with quote

x0r wrote:
Cx wrote:
There's like a million things you could have done.

1. Change PEB.BeingDebugged to 0
2. Hook IsDebuggerPresent

Close to a million!


Open 2 is what I did. Well, what my Olly plugin did lol..

haha01haha01 wrote:
and lol wtf no vbastrcmp =(
harder then the first 1. indeed.


Do a little more research on what VB uses to compare variables other then strcmp. There are a few. The one in this case was __vbaVarTstEq.

If you look just before this call you will see a million strcat calls as well, making me assume he did something that either is a loop to mid a certain string, or just did

Code:
Dim blah as String
blah = "I" + "D" + "1" + "0" + "T" + "c" + "r" + "a" + "c" + "k" + "e" + "r"

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
coder sal
Master Cheater
Reputation: 0

Joined: 11 May 2007
Posts: 304

PostPosted: Mon Feb 04, 2008 6:56 pm    Post subject: Reply with quote

Wow someone really needs to explain this to me, if you can, can you make a little vid and then upload it on tinypic and gimme link of you cracking this program. I'm really interested.
Back to top
View user's profile Send private message
Cx
Master Cheater
Reputation: 0

Joined: 27 Jul 2007
Posts: 367

PostPosted: Mon Feb 04, 2008 8:17 pm    Post subject: Reply with quote

x0r wrote:
Cx wrote:
There's like a million things you could have done.

1. Change PEB.BeingDebugged to 0
2. Hook IsDebuggerPresent

Close to a million!

Of course a million is an exaggeration.
Those are the two logical things, but there are plenty more.
NOP out the check, change the return value check (so that it will continue if PEB.BeingDebugged is 1), use an anti-IsDebuggerPresent Olly plugin...............

_________________

armed with this small butterfly net
i will face the world alone
& never be lonely.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Tue Feb 05, 2008 12:18 am    Post subject: Reply with quote

Code:
mov eax, dword ptr fs:[0x18]
mov eax, dword ptr ds:[eax+0x30]
mov byte ptr ds:[eax+0x2], 0x0

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
haha01haha01
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/

PostPosted: Tue Feb 05, 2008 8:32 am    Post subject: Reply with quote

coder sal wrote:
Wow someone really needs to explain this to me, if you can, can you make a little vid and then upload it on tinypic and gimme link of you cracking this program. I'm really interested.

cracking this is the same as i told u, but instead breakpointing __vbaStrCmp u should BP __vbaStrCheckEq or something like that.

oh, and u need to bypass isdbg. (which is way easier then cracking the software itself)
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Tue Feb 05, 2008 5:29 pm    Post subject: Reply with quote

Wiccaan wrote:
Code:
mov eax, dword ptr fs:[0x18]
mov eax, dword ptr ds:[eax+0x30]
mov byte ptr ds:[eax+0x2], 0x0


Code:
mov       eax, [FS:30h]
mov       byte [eax+2], 0
Back to top
View user's profile Send private message
coder sal
Master Cheater
Reputation: 0

Joined: 11 May 2007
Posts: 304

PostPosted: Tue Feb 05, 2008 6:35 pm    Post subject: Reply with quote

haha01haha01 wrote:
coder sal wrote:
Wow someone really needs to explain this to me, if you can, can you make a little vid and then upload it on tinypic and gimme link of you cracking this program. I'm really interested.

cracking this is the same as i told u, but instead breakpointing __vbaStrCmp u should BP __vbaStrCheckEq or something like that.

oh, and u need to bypass isdbg. (which is way easier then cracking the software itself)


Forget it I asked for a video because its confusing. The VBASTRCMP thing I tried and didn't work same for the new one. I do it wrong, explain to me for 5 hours I won't get it, I need to see someone actually doing it. If you can make a tiny video and just upload it to tinypic. If you can't then whatever, thanks for helping anyway. DON'T TRY to explain it to me with words, I just feel stupider every time.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites