Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


"The Game"
Goto page Previous  1, 2, 3
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Wed Oct 01, 2008 8:25 pm    Post subject: Reply with quote

Interesting, what compiler are you using? It encodes a million pointers and stores them in TLS.

RtlDecodePointer is just funny because it looks like they did

void * RtlDecodePointer(void * ptr) {
__asm {
pop ebp
jmp RtlEncodePointer
}
}

Since they do exactly the same thing (xor'ing the pointer with a random per-process 32 bit mask).

_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6223
Location: /dev/null

PostPosted: Thu Oct 02, 2008 2:20 am    Post subject: Reply with quote

Using Intel's C++ Compiler.
Back to top
View user's profile Send private message MSN Messenger
nog_lorp
Grandmaster Cheater
Reputation: 0

Joined: 26 Feb 2006
Posts: 743

PostPosted: Sat Oct 04, 2008 1:25 am    Post subject: Reply with quote

And you don't use TLS intentionally?

~nog_lorp

_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish


Last edited by nog_lorp on Thu Oct 09, 2008 2:29 am; edited 1 time in total
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%

PostPosted: Sat Oct 04, 2008 2:01 am    Post subject: Reply with quote

It's not being used with the actual decryption\encryption routines.
On a side note: ~nog_lorp Razz

Regarding APIs in use: don't forget to mention VirtualProtect =P

As for getting things done correctly with olly:
  • Don't set\remove software breakpoints after the first copy of the memory has been made
  • Don't break on the decryption routine, break on it's calls (or use hardware breakpoints as an alternative)
Make sure to keep those right or you'll trigger the integrity check(4E14, with olly Razz).

As for cracking: break on the decryption routine, use ECX and set the following:
[[ECX+10]] <- [ECX+4] xor [ECX+8] xor 5000
Can also be done with Cheat Engine(change the EIP[to change the data]\EAX[@ return]).

~Cheers!


Last edited by DoomsDay on Sat Oct 04, 2008 4:59 pm; edited 2 times in total
Back to top
View user's profile Send private message
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4021
Location: Romania

PostPosted: Sat Oct 04, 2008 4:28 pm    Post subject: Reply with quote

Or just use IDA and play with xrefs Wink Faster and gets the job done. As for the integrity check, try to find it Wink Again, with IDA..
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Goto page Previous  1, 2, 3
Page 3 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites