Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Crackme

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Fri Oct 24, 2008 2:11 pm    Post subject: Crackme Reply with quote
Before you begin: I know how it looks (and I meant it to look like that).

Level: easy+

Enjoy yourselves Smile

P.S.
Note that this crackme was tested on windows XP only - it might not work on other systems
Back to top
View user's profile Send private message
Sinok
Cheater
Reputation: 0

Joined: 21 Mar 2008
Posts: 34
PostPosted: Sat Oct 25, 2008 7:13 am    Post subject: Reply with quote
What am I supposed to do?
lol
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Sat Oct 25, 2008 7:19 am    Post subject: Reply with quote
Make it show the 'good boy' message, of course!
Back to top
View user's profile Send private message
opcode0x90
Cheater
Reputation: 0

Joined: 05 Aug 2006
Posts: 27
PostPosted: Sat Oct 25, 2008 8:20 am    Post subject: Reply with quote
Code:

004010D7  |.  BF 00304000   MOV EDI,CrackMe.00403000                          ;  ASCII "An error has occured! exiting"
004010DC  |.  F743 68 70000>TEST DWORD PTR DS:[EBX+68],70
004010E3    ^ 75 CE         JNZ SHORT CrackMe.004010B3 <-- NOP here
004010E5  |.  F643 02 01    TEST BYTE PTR DS:[EBX+2],1
004010E9    ^ 75 C8         JNZ SHORT CrackMe.004010B3 <-- and here
004010EB  |.  33DD          XOR EBX,EBP
004010ED  |.  B9 23304000   MOV ECX,CrackMe.00403023                          ;  ASCII "Hope you enjoyed =]"


Encrypted strings and redirected EIP with SetThreadContext eh?

NOP the jmps at 004010E3 and 004010E9.
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Sat Oct 25, 2008 10:49 am    Post subject: Reply with quote
These are just anti debug tricks Razz
The message is still being overwritten - you're half way there Wink
Back to top
View user's profile Send private message
opcode0x90
Cheater
Reputation: 0

Joined: 05 Aug 2006
Posts: 27
PostPosted: Sun Oct 26, 2008 5:00 am    Post subject: Reply with quote
If the correct message is "Hope you enjoyed =]" it cant be much simpler.

0040100B 49 DEC ECX
0040100C ^ 79 FC JNS SHORT CrackMe.0040100A
0040100E 0F89 B3000000 JNS CrackMe.004010C7
00401014 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8] ; CrackMe.<ModuleEntryPoint>

Redirect JNS CrackMe.004010C7 to JNS CrackMe.004010EB it will display that string and bypass the NtGlobalFlag check altogether.

You should give a clear goal when submitting a crackme.
Back to top
View user's profile Send private message
DoomsDay
Grandmaster Cheater
Reputation: 0

Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
PostPosted: Sun Oct 26, 2008 7:49 am    Post subject: Reply with quote
I'll try to make it easier to understand next time
By the way, nice redirection method Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites