CrackMe® Practices for Newbies
CrackMe 2 by CyberBlade [ReFleXZ '99]

Andy's Thread (Task 1)
Sunday, 11-Apr-99 06:56:10

    Since this Crackme will exit if Smartcheck is active,I ran Boundschecker to see what API's it uses.After some searching, i found this set of calls:

    WideCharToMultiByte
    WideCharToMultiByte
    FindWindowA
    WideCharToMultiByte
    WideCharToMultiByte
    ....

    And most Intesesting :) :

    WideCharToMultiByte
    *lpWideCharStr='NUMEGA SMARTCHECK'

    and

    FindWindowA
    *lpClassName=NULL
    *lpWindowName='NUMEGA SMARTCHECK'

    So what I did to disable it (using SICE):

    bpx FindWindowA

    When SICE broke:

    s 0 l ffffffff 'N',0,'U',0,'M'

    (notice the uppercase letters)

    then replaced NUMEGA with NOMEGA

    Andy






    Andy


Message thread:

Andy's Thread (Task 1) (Andy) (11-Apr-99 06:56:10)

Back to main board