home *** CD-ROM | disk | FTP | other *** search
- Tutorial for nOp3x v2a
- by Sanhedrin
-
- Tools
- Wdasm
-
-
- The quick 2 step method of cracking without softice.
-
- Step 1
-
- Disassemble the crackme and go to the program's entry point. A few
- lines down you will notice:
-
- * Reference To: USER32.DialogBoxParamA, Ord:0000h
- |
- :0040101D E82B010000 Call 0040114D<---call the nag screen
- :00401022 E911010000 jmp 00401138<---end program
- :00401027 C8000000 enter 0000, 00
- :0040102B 817D0C11010000 cmp dword ptr [ebp+0C], 00000111
-
- So we can't just NOP the nag screen, because the next line will kick us out of the program.
- Look a few lines further:
-
- * Referenced by a (U)nconditional or (C)onditional Jump at Address:
- |:00401065(C)
- |
- :0040106B 6A00 push 00000000
- :0040106D FF7508 push [ebp+08]
-
- * Reference To: USER32.EndDialog, Ord:0000h
- |
- :00401070 E8E4000000 Call 00401159
- :00401075 6A00 push 00000000
- :00401077 68BC104000 push 004010BC
- :0040107C 6A00 push 00000000
- :0040107E 6A02 push 00000002
- :00401080 FF3500204000 push dword ptr [00402000]
-
- * Reference To: USER32.DialogBoxParamA, Ord:0000h
- |
- :00401086 E8C2000000 Call 0040114D
- :0040108B 6A00 push 00000000
- :0040108D FF7508 push [ebp+08]
-
- The jump reference at 0040106B originates from the 'take the program for a test drive...' button
- in the nag box.
-
- Step 2
-
- Therefore, just change the first call at 0040101D to jump to 0040106B and the NAG is gone.
-
- 0040101D E82B010000 Call 0040114D
-
- to
-
- 0040101D EB4C Jmp 0040106B
- 0040101F 90 NOP
- 00401020 90 NOP
- 00401021 90 NOP
-
-
-
-
- Greets to tC and BJanes (sorry I haven't gotten back to you, work has been crazy lately)
-
- Thanks to all of those coders that make these crackmes, and of course to Eternal Bliss.
-
-
- Sanhedrin
- stachi@geocities.com
-
-
-
-
