Cheat Engine

Buggy · Posted: Tue Sep 09, 2008 6:06 am Post subject: Crackme Yay

Hi guyz this is a crackme that is a little bit a simple and packed with F*G can be unpACKED with P*iD G***r*c unp**k* (easy and also hint : You use this tool if you wanna see what a program is compiled/protected with.
however, this crackme is simple and easy. Hope you guys have happy ,fun sizzlin' crackin' with this crackme!

edit : i recode it some codes so try this one.. some things unpatched

SunBeam · Posted: Tue Sep 09, 2008 7:01 am Post subject:

You mean FSG and PEiD Generic unpacke (yes, you made a typo - missing "r")? Smile

001301D1 FF63 0C JMP DWORD PTR DS:[EBX+C]

Break, F7 and you're at OEP. Dump and fix IAT with ImpREC or w.e. A suggestion, don't use obvious replies in those message boxes. You leave too many hints..

EDIT: Just so you know, your app doesn't run on my OS if execute normally. I can however bypass the gay ZwQuerySysInfo(hDebugObject) check..

133E30 - RET

--

Stack SS:[0012FB60]=001861A4, (UNICODE "What so proudly we hail'd at the twillight's last gleaming")

--

001346A8 . FF15 7C101300 CALL DWORD PTR DS:[<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp

$ ==> > 001863A4 |Arg1 = 001863A4
$+4 > 001861A4 \Arg2 = 001861A4

--

0013477B . 50 PUSH EAX
0013477C . 51 PUSH ECX
0013477D . 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
00134780 . 53 PUSH EBX
00134781 . 52 PUSH EDX
00134782 . C745 C0 08000000 MOV DWORD PTR SS:[EBP-40],8
00134789 . FF15 58101300 CALL DWORD PTR DS:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox

c0ngrat5 ?

Buggy · Posted: Tue Sep 09, 2008 7:20 am Post subject:

hmm i'm using stupid vista home premium but it works well sometimes it tells me failed to do something and thanks for suggestion and actually i worried about that a little bit too kk but i didn't apply it kkk

SunBeam · Posted: Tue Sep 09, 2008 7:22 am Post subject:

See solution above Smile

Buggy · Posted: Tue Sep 09, 2008 7:26 am Post subject:

did you mean that
'c0ngrat5' was the serial? nope!

hmmm. also i gotta try another APIs that is really compatiable(is the spelling correct?) with every windows..

SunBeam · Posted: Tue Sep 09, 2008 7:40 am Post subject:

No, I mean if I got to that string, then obviously I know the serial. Read the clues in post #2 Smile

Zand · Posted: Tue Sep 09, 2008 7:48 am Post subject:

It doesn't run on my system, even with 133e30 patched... (unpacked)

SunBeam · Posted: Tue Sep 09, 2008 7:56 am Post subject:

Uhm, debug it lol. It doesn't open still, because if pass is wrong, it jumps to vbaEnd T_T.. D'oh.. You don't even have a CHANCE to write a pass T_T.. And he asks me for the pass.. pfft T_T..

LEARN TO CODE. NOT IN VB!

Zand · Posted: Tue Sep 09, 2008 8:02 am Post subject:

No chance to write a pass? Is there a GUI? I still can't get it open. I hear a system error sound and then it closes, looks like it doesn't even get past the vb main..

Buggy · Posted: Tue Sep 09, 2008 8:38 am Post subject:

Hmm maybe my oversense made these problems ..
next time i should not patch entry point and stuffz...
And also it has its main form, too. i cant look for the problem still