Reverse Code Engineering RCE CD +sandman 2000

home *** CD-ROM | disk | FTP | other *** search

/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / E_bliss / kz-cm1.txt < prev next >

Wrap

Text File | 2000-05-25 | 4KB | 94 lines

░ ░ ░ ░ ▄▓ ▄▄ ░░ ▄▄▄▄■ ░░▀ ■▄▄▄ ▄▄ ▐█▓▌ ▄▀▀ ▀■ ▀ ░░ ▀ ■▀ ▀▀▄ ██▌ ■ ▄▄▀▀ ▄▄██▀██▄▄ ▄▄▄███▄▄ ▀▄▄ ■ ▄▄▄███▄▄▐██ ▄▄████▄▄ ▀▄▄ ▄▀▀ ▄███▀ ▀██▓▄ ▄████▀ ▀██▓▄ ▀▄ ▄▄▀ ▄████▀ ▀██▓██ ▄████▀ ▀██▓▄ ▀▀ ▄ ▐███▌ ░ ▐██▓▌ ▐████▌ ░ ▐██▓▌ ▄ ▀▀ ▐████▌ ░ ▐████▌ ▐████▌ ▐██▓▌ ■██▄▄▓▌ ████ ░▒░ ████ █████▄▄▄ ▀▀▀▀ ▐█▄▄█▓ █████ ░ █████ █████▄▄▀▀▀▀▀▀▀ ▐████ ░░ ▓██▌ ░▒▓▒░ ▐███ ▄▄▄▄▄ ▀▀▀████▄ ████▌ ▓███▌ ▐████ ▓███▌ ░░░░░░ ░ ███▌ ░ ▐▓███ ░▒▓▒░ ▓███▌▓███▌ ░░░ ▐████ ▐▓██ ▓███▌ ▄▀▀ ▐████ ▓███▌ ░░░░░░░ ▓██▌ ▐▓███ ░▒░ ▓███▌▐▓███ ░ ▓███▌ ▐▓██ ▐▓███ ▓███▌ ▐▓███ ▐▓███ ▐▓▓██▌ ░ ▐▓███▌ ▓▓██▌ ▐▓███ ▓███▌ ▓▓██▌ ░ ▐▓███ ▓▓██▌ ▓▓▓██▌ ■▓▓▓▓██ ░ ▓█████■ ▀▓▓█▄ ▄▓██▀ ▐▓████ ▄ ▀▓██▄ ▄▓██▀ ▀▓██▄ ▀▓███▄ ▀▀▀██▄ ▄▓█▀▀▀ ▀▀█▀▀ ▄▓▓▓▀▀ ▀▀█▀▀ ▀▀▀▀ js ▀▀▀▀▀▄▄ ░ inside ▄▄▀▀▀▀▀ ░ ▀▄ ░ ░░ ▄▀ ░░ ░ ░░ Tutor : duelist Date Wrote : May 1, 1999 Who : Newbies Target : Klefz Crackme #1 Size : 19kb Tools Used : SoftIce Method : Code Sniffing -=* Protection *=- This one is written in VB 4, and it has an hardcoded serial, and quoting Klefz - "That one has got a lame protection" :) -=* Preparing! *=- Before continuing into this tuturial, please make sure you have the following lines in your winice.dat: EXP=C:\windows\system\vb40032.dll AF4="^s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7;" The first one makes sure that softice recognizes functions inside VB4's runtime DLL, the second one searches for the string compare routine inside the VB4's DLL. -=* Approaching! *=- 1) Fire up the crackme exe, enter any code you like... 2) Switch to softice (Control + D) and "bpx hmemcpy" 3) Click 'TEST!' and when you break into softice press F12 * 7 times, so that you get into VB40032.DLL 4) Clear the hmemcpy breakpoint by "bc *" 4) Now, click ALT + F4 (still into softice), to make it search for the memory location where the string compare routine resides. 5) You will get something like "Pattern found at xxxx:xxxxxxxx" do a "bpx xxxx:xxxxxxxx", this way softice will break whenever the string compare function inside VB's DLL is called... 6) Press F5 (or Control + D) and you'll be back in softice right away: :0F00D9EA 56 PUSH ESI ; string1, the correct code (!) :0F00D9EB 57 PUSH EDI ; string2, our wrong code... :0F00D9EC 8B7C2410 MOV EDI,[ESP+10] :0F00D9F0 8B74240C MOV ESI,[ESP+0C] :0F00D9F4 8B4C2414 MOV ECX,[ESP+14] :0F00D9F8 33C0 XOR EAX,EAX :0F00D9FA F366A7 REPZ CMPSW ; compare the strings 7) So, if you "d esi" just after you break, you will get "x.y.z.q.w.e.r.t.y.o.p", which is the correct code (in unicode format), just remove the points between the letters and you have the valid code, which is "xyzqwertyop"... -=* Final Notes *=- I wrote this tuturial mainly to show newbies that are 'afraid' of cracking VB, that it is sometimes easier than cracking programs written in other language, just a little bit different! signing off, duelist [isd]