 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Buggy
Advanced Cheater
 Reputation: 0
Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)
|
 Posted: Thu Jan 31, 2008 9:51 am Post subject: VB6 CRACKME |
 |
|
It might be difficult to crack i think/// ahhaahahahahaha
Actually I'm really really sorry about that,, but it access to Device\PhysicalMemory so sometimes it can show a bluescreen..
I think it won't be work on Vista,95,98,ME.I'm really really sorry about this but it shows rarely..... I'm sorry for this and good work!
안티바이러스 버전 정의 날짜 검사 결과
AhnLab-V3 2008.2.1.10 2008.01.31 -
AntiVir 7.6.0.59 2008.01.31 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.01.31 -
AVG 7.5.0.516 2008.01.31 -
BitDefender 7.2 2008.01.31 -
CAT-QuickHeal 9.00 2008.01.30 Win32.Trojan-Downloader.Banload.chi3
ClamAV 0.92 2008.01.31 -
DrWeb 4.44.0.09170 2008.01.31 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5500 2008.01.31 -
Ewido 4.0 2008.01.31 -
FileAdvisor 1 2008.01.31 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 -
Ikarus T3.1.1.20 2008.01.31 -
Kaspersky 7.0.0.125 2008.01.31 -
McAfee 5219 2008.01.30 -
Microsoft 1.3109 2008.01.31 -
NOD32v2 2839 2008.01.31 -
Norman 5.80.02 2008.01.30 -
Panda 9.0.0.4 2008.01.30 -
Prevx1 V2 2008.01.31 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.01.31 -
Symantec 10 2008.01.31 -
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 -
VirusBuster 4.3.26:9 2008.01.30 -
Webwasher-Gateway 6.6.2 2008.01.31 -
추가 정보
File size: 40960 bytes
MD5: 10c42a2db5c5ca1ed5c94dbf397e3d3f
SHA1: 9ee83eeebd42ce10e896d40fa284a19ae1c35c21
PEiD: -
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
| Back to top |
|
 |
HolyBlah
Master Cheater
![]() Reputation: 2
Joined: 24 Aug 2007
Posts: 446
|
| Posted: Thu Jan 31, 2008 2:39 pm Post subject: |
|
|
BP on __vbaStrCmp. PW:50E90DA1.
Nice trike with invisible window, but CE can handle this 
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Jan 31, 2008 5:06 pm Post subject: |
|
|
A little more info on this one, again you seem to make these a little more interesting each time compared to the others that post
Some new methods and extra scans for protection, you make a call to the Windows Management System for the process list via win32_process and scan for the following exes:
CheatEngine.exe
moon lightEngine.exe
MesoEngine.exe
Engine.exe
OllyDebug.exe
OllyDebugger.exe
OllyDbgger.exe
Olly.exe
If any of those processes is found, the program closes immediately via 'End'.
Although I did come up with a different password then Holy did as I assume this is due to something you are doing to calculate the pass? Perhaps different on every machine. Mine was: 383628C8
And on my desktop its: 9088C026, so yea different on each machine. Looking at where it generates the string, this is due to:
When the password check button is pressed, it makes a call to GetVolumeInformation then converts the serial number of your C:\ to hex, which is then compared to the current value of the box via a call to:
MSVBVM60.rtcHexBstrFromVar
So a keygen for this would be a simple program that calls GetVolumeInformation and converts the serial number of C:\ to hex. A simple example of this in C++ and VB6:
C++
| Code: | #include <windows.h>
#include <iostream>
int main()
{
TCHAR tszNameBuff[MAX_PATH]={0};
TCHAR tszFileBuff[MAX_PATH]={0};
DWORD dwSerialNumber = NULL;
GetVolumeInformation( TEXT("C:\\"), tszNameBuff, MAX_PATH, &dwSerialNumber, NULL, NULL, tszFileBuff, MAX_PATH );
std::cout << "The password for your system is: " << std::hex << dwSerialNumber;
std::cin.sync();
std::cin.ignore();
return ERROR_SUCCESS;
} |
VB6
| Code: | Option Explicit
Private Declare Function GetVolumeInformation Lib "Kernel32" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long
Private Sub Command1_Click()
Dim dwSerial As Long
Dim szName As String
Dim szFileSystem As String
'// Prepare String Variables
szName = String$(255, Chr$(0))
szFileSystem = String$(255, Chr$(0))
'// Obtain Volume Information
GetVolumeInformation "C:\", szName, 255, dwSerial, 0, 0, szFileSystem, 255
'// Display Hexed Serial
Text1.Text = Hex(dwSerial)
End Sub |
Some other things you can do for actually cracking this would be hook GetVolumeInformation and force it to return 0 for the serial and have the user just input 0 for the pass. Or, you can also replace the compare and just have it always return successful.
_________________
- Retired. |
|
| Back to top |
|
|
Buggy
Advanced Cheater
Reputation: 0
Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)
|
| Posted: Fri Feb 08, 2008 1:56 am Post subject: |
|
|
Here's a code that I use Windows Management System
| Code: |
Dim oWMI As Object
Set oWMI = GetObject("winmgmts:")
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='CheatEngine.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name=' moon lightEngine.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='MesoEngine.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='Engine.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='OllyDebug.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='OllyDebugger.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='OllyDbgger.exe'").Count > 0 Then End
If oWMI.ExecQuery("SELECT * FROM win32_process WHERE name='Olly.exe'").Count > 0 Then End
|
I think it's not good method 
And I used shorter one getting harddisk information
| Code: |
Private Declare Function GetVolumeInformation Lib "kernel32.dll" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, ByRef lpVolumeSerialNumber As Long, ByRef lpMaximumComponentLength As Long, ByRef lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long
Private Sub Form_Load()
Dim Buggy As Long
GetVolumeInformation "C:\", vbNullString, 0, Buggy, 0&, 0&, vbNullString, 0
Debug.Print Hex$(Buggy) ' Print Serial
|
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
| Back to top |
|
|
Pedram123
Grandmaster Cheater
 Reputation: 0
Joined: 16 Nov 2007
Posts: 639
Location: Denmark
|
| Posted: Fri Feb 15, 2008 3:19 pm Post subject: |
|
|
cool, lemme try it out, XD
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
