CrackMe VB6
bY MaCcrAck 99
Tutorial by Lucifer48 [Immortal Descendants]
(August 18th, 1999)
Smartcheck gives you one single useful information:
- register_Click
InputBox ;interesting...
Label1.Caption <- "NEIN" (String)
MsgBox returns Integer:1 ;NĂ· Probier's nochmal
So i put a bpx MSVBVM60!rtcInputBox, Soft-ice breaks here:
XXXX:0040208E CALL [MSVBVM60!rtcInputBox] ;diplay the dialog box
XXXX:00402094 LEA EDX,[EBP-00A8]
XXXX:0040209A LEA ECX,[EBP-24]
XXXX:0040209D MOV [EBP-00A0], EAX ;d EAX: m y s e r i a l (wide chars)
XXXX:004020A3 MOV DWORD PTR [EBP-00A8],00000008 ;identifier of variant ?
The comparison is just below this (above) code snippet:
XXXX:004020E0 LEA ECX,[EBP-24] ;pointer on 12 bytes
XXXX:004020E3 LEA EDX,[EBP-00B8] ;pointer on 12 bytes
XXXX:004020E9 MOV DWORD PTR [EBP-00B0],00401C50 ;put the address of the serial in [EDX+8]
XXXX:004020F3 PUSH ECX
XXXX:004020F4 PUSH EDX
XXXX:004020F5 MOV DWORD PTR [EBP-00B8],00008008
XXXX:004020FF CALL [MSVBVM60!__vbaVarTstEq] ;VARiant TeST EQual (very important bpx)
XXXX:00402105 TEST AX,AX
XXXX:00402108 JZ 004021B4 ;jmp = bad serial
If a do d ECX (in XXXX:004020F3):
XXXX:0043F75C 08 00 00 00 84 00 00 00-44 0F 51 00 ........D.Q.
^^ ^^ ^^ ^^ (address of my dummy serial)
If a do d EDX (in XXXX:004020F4):
XXXX:0063F6C8 08 00 00 00 00 00 00 00-50 1C 40 00 ........P.@.
^^ ^^ ^^ ^^ (address of the right serial)
Then, a simple d 401C50 is enough to see the good serial.
Serial/ 3484
Jo! Richtig!
Greetings: All ID members (Volatility, Torn@do, ...), Eternal Bliss, ACiD BuRN,
Duelist, LaZaRuS, people on #cracking4newbies, french crackers, and other crackme makers.
(c) Lucifer48. All rights reversed