home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Reverse Code Engineering RCE CD +sandman 2000
/
ReverseCodeEngineeringRceCdsandman2000.iso
/
RCE
/
E_bliss
/
crackme.txt
< prev
next >
Wrap
Text File
|
2000-05-25
|
3KB
|
99 lines
<How to find the right serial in Brad Soblesky┤s crackme>
Hi there!
This is my first attempt of writing a tutorial for a crackme, lucky for
me I chose an easy one :) It might be good for real newbies to check it
out.
The crack
Fireupp the crackme, and enter a fake serial. Now switch to si(softice)
and set some breakpoints, we use the most commons ones,
:bpx getdlgitemtexta
:bpx getwindowtexta
Then go out of si and press ok. If you did everything right you should
now be in si again. So press F11 once to get to the break, and then F12
to get into the code. Lets look what happens.
You should land right here:
:0040155C 8D45F4 lea eax, dword ptr [ebp-0C]
<If we do "d eax" here, we can se the fake serial>
:0040155F 50 push eax
<Pushes the fake serial into the stack>
* Reference To: KERNEL32.lstrlenA, Ord:0308h
|
:00401560 FF1504204000 Call dword ptr [00402004]
:00401566 8945F0 mov dword ptr [ebp-10], eax
<Check if we entered a serial>
:00401569 837DF001 cmp dword ptr [ebp-10], 00000001
:0040156D 7316 jnb 00401585 <if we did, jump>
:0040156F 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"CrackMe"
|
:00401571 682C304000 push 0040302C
* Possible StringData Ref from Data Obj ->"Enter Registration Number"
|
:00401576 6834304000 push 00403034
:0040157B 8B4DE0 mov ecx, dword ptr [ebp-20]
* Reference To: MFC42.Ordinal:1080, Ord:1080h
|
:0040157E E87B050000 Call 00401AFE
:00401583 EB3C jmp 004015C1
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040156D(C)
|
<After the jump we land here:>
:00401585 8D4DE4 lea ecx, dword ptr [ebp-1C]
:00401588 51 push ecx
:00401589 8D55F4 lea edx, dword ptr [ebp-0C]
:0040158C 52 push edx
<Push real serial into ecx and the fake into edx>
<Do a "d ecx" here and you can se the real serial.>
* Reference To: KERNEL32.lstrcmpA, Ord:02FCh
<calls the lstrcmpa funktion, it compares the 2 strings with each other>
|
:0040158D FF1500204000 Call dword ptr [00402000]
<test the outcom of the compare>
:00401593 85C0 test eax, eax
<If serial is bad, jump to bad boy, if not just go on>
:00401595 7516 jne 004015AD
:00401597 6A40 push 00000040
* Possible StringData Ref from Data Obj ->"CrackMe"
|
:00401599 6850304000 push 00403050
* Possible StringData Ref from Data Obj ->"Correct way to go!!"
|
:0040159E 6858304000 push 00403058
:004015A3 8B4DE0 mov ecx, dword ptr [ebp-20]
So, that wasnt so difficult was it ? If you did "d ecx" where i
told you the serial would be you would se: <BrD-SoB> = real serial.
If you got any questions about this tutorial, send them to:
ingetalls@hotmail.com
Bye! /tarq