Sherwood's thread TASK 1
Thursday, 18-Mar-99 00:47:51 Hi everyone, I have been following along with the last few crackme's and have learnt a lot, but have been a bit quiet. thought it was time I had a go. Task 1. Despite the warnings that W32Dasm could not help with this crackme, I couldn't help having a look and found the list of modules called quite helpful. The one that caught my eye was lstrcmpA. I set BPX lstrcmpA and tried a serial. It didn't pop, but lately all the serials seem to have to be a minimum length, so I added a few more numbers and tried again, and again. It finally popped with a length of 22 characters. One F12 took me back to conquer, after the lstrcmpa call. Looking just before the call, there are two parameters pushed. One is your attempt, the other is the actual serial. mov ebx, 4031A8 401D71 PUSH EBX <---------REAL serial 401D72 PUSH 403835 <------FAKE 401D77 call 'string compare' so the real serial is held at 4031A8, and happens to be 22 characters long. Now for task 2, lstrcmpa wouldn't pop for me on this one, I am yet to find another way in. Later, Sherwood. Sherwood |
Sherwood's thread TASK 1 (Sherwood) (18-Mar-99 00:47:51) |