CrackMe® Practices for Newbies ~ Moderated

My Shiny New Thread
Friday, 29-Jan-99 14:40:23
    212.211.2.21 writes:

    Hi EB,

    OK, a new project.

    This is going to be my approach:

    1. I started off with a quick deadlisting and ran the program, just to get the feel of it. I notice a call to ReadFile straight away, and see immediately that it is looking for 'crkme4.dat'.

    2. I look at the list of arguments to the call of ReadFile and see it expects 30h bytes at least.

    3. OK. Now to create a file called crkme4.dat with 48 bytes in it.

    4. I notice in the deadlisting that the read is followed by some code which contains a couple of jumps to code which contains references to 'incorrect file' strings. There are three main calls before this, and these seem to be the heart of the check. The main part of the code looks like

    00401066 mov al, ds:byte_40205B
    0040106B mov ds:byte_402071, al
    00401070 mov esi, offset fbuffer
    00401075 push 4
    00401077 push esi
    00401078 push esi
    00401079 call sub_401116
    0040107E mov edi, offset fbuffer
    00401083 add edi, 0Ch
    00401086 xor al, al
    00401088 mov ecx, 4
    0040108D repe stosb
    0040108F mov esi, offset byte_40204B
    00401094 push 5
    00401096 push esi
    00401097 push esi
    00401098 call sub_401116
    0040109D call sub_4011C1

    This is followed by our good guy/bad guy checks.

    Looking at the 401116 and 4011C1 routines these seem to be the checking bits, and so I will now be investigating these with SoftIce, to see what happens with the file buffer that was read in (the 30h bytes read into 40203b.

    Later,

    Cronos.



    Cronos


Message thread:

My Shiny New Thread (Cronos) (29-Jan-99 14:40:23)

Back to main board


Message subject:

Name: (optional)

Email address: (optional)

Type your message here:




Back to main board

Copyright © InsideTheWeb, Inc. 1997-1999
All rights reserved.