Hello everybody
I am newbie in this.
I´ve been playing with a CRACKME file of Cruehead

i am debugging it with ollydebugger
I´ve run it with F8 but is gets trapped in a loop and doesnt goes out.
If i run it with F9 it opens the window and everything ok

i dont know why it goes this way, why i cant reach the window and why it gets trapped in the loop

thank you for your answers
atte
Ivan

analyze the loop code:
look at how it would jump out of the loop,
perhaps if the last JNZ does not jump, I don't know
Then place breakpoints in the instructions where the loop gets out: Destinations of conditional jumps out of the loop,
the next instruction after the loop,

Then click F9 and let it go,
catch it when Olly breaks

The loop eventually ends, otherwise the program would hang for ever

Thank you NAIDES for your answer.

I have upload the file to:
http://www.divshare.com/download/708298-845

it is a small crack me, if i run it with F8 pressed in olly debugger it get trapped in a loop and doesnt show the program window, but if i run it with F9 it run ok, even more if i run it with animate step over (CTR+F8) it also run.

What does F9 or CTR+F8 do! that F8 pressed alone doesnt???

F8 on it's own executes the code slower than CTRL+F8 or F9 does, so therefore maybe look for a timer?

f9 executes the application

f8 or ctrl+f8 steps over one single instruction at a time

i believe you need to understand Windows messageLoop

if it is a simple windows application that uses RegisterClass() and CreateWindow()

i simply believe you are talking about being stuck in MessageLoop

Getmessage() Translatemessage() DispatchMessage() Loop arent you ?


go find the wndproc read about RegisterWindowClass break on WndProc somewhere and you have to do it all by yourself if you would want to survive in this field there is simply NO BETTER ALTERNATIVE

yes squidge, but that is not all the true, i left F8 pressed 5 minutes and it doesnt get out of that routine and the window doesnt appear.

someone is telling me that it is because olly is a ring 3 debugger.
but i dont know too much about the topic

I looked at the program.
Blabberer has it right.
The program IS in an infinite loop, because it is waiting for something to happen from the user. A click of a mouse? some keyboard activity?
It reads this events by looking at messages APIs. As soon as you click on the Help signd at the menu, it will break out of the loop.
You just ran into the all famous Windows message pump

thank you very much for your answers.

I understand that APIS reads information from the file itself or from the user.

But when i run it with F8 pressed i cant reach the menu, i only see the debugged program in the task bar but i t doesnt show as a window, so i cant reach any of the menus.
but when i press CTR+F8 or F9 the window appear.

WHY?

look NAIDES that i dont give the crackme any information (mouse click or keyboard)

since naides chipped in with his confirmation

i can say you can never break out of that messageloop if you are single stepping

while ctrl+f8 , f9 ,ctrl+f7 , ctrl+f11,f12, alt+f7,alt+f8 ctrl+f4 (pointing to some place out of loop) all will make the window appear because
the loop is designed like that

how this works ?

you click or move the mouse or hit a key on your keyboard or scroll your touch pad

windows gets that information and then puts it in a queue for everyone who is interested to fetch it

every application that is running a messageloop will peek that queue and if it finds a message is waiting for it will fetch it and forward it to its own wndproc where it is processed or not processed if it processed it the wndproc will return processed and windows will discard that message
else windows will keep it till every application out there has peeked it and either processed it or disowned it

I really need to learn a lot of , i will investigate about it.

One last question, how can i run this little program STEP BY STEP
until i reach the window of the application,
i dont want to RUN IT F9 or animate it CTR+F8 because i dont see the process.
i had run other crackmes and i can reach the window with F8 but with this
one i coudnt do that, so where i need to do a click or move the mouse to reach the window and see the menus of the program.

thank you again.

Ivan.
Take a look at the Ricardo Narvaja Tutorials, some of them tackle this particular crackme.

No it is not cheating, just a way to get yourself started in reversing apps.
By blindly tracing the program from the beginning, you will not defeat it.

For instance place a break point on GetDlgItemTextA and you will catch the crackme reading your user name and password

Actually i am at lesson 12 of Ricardo´s tutorials, i asked him and he tell me that when you trace like that, you may enter in ring 0 and olly can debug in ring 3 so it gets stucked there, thats sound pretty good, but there must be a way or a program that let me debug this process in a STEP BY STEP manner (entering all the rings or whatever).

Can somebody tell me the difference between ring 3 and ring 0?
and which program can debug all the rings?

arrgh you forced me to download this

1) you cannot break out of an infinite loop
2) there is nothing thats going to ring 0 in this particular form of application
3) it is a while(true) code so as long as your applications wndproc doesnt return false the infinite loop will be spinning infinitely and you can keep pressing f8 till all hell breaks loose and all the icebergs melt and flood our mother earth you cannot i REPEAT you cannot get out of that loop
4)windows on normal conditions guarentee you that only one application can have focus to input
5)what you are trying to do is getting focus on two different application at the same time
6) if you keep pressing f8 ollydbg has the focus and your crackme looses focus and no keypresses go to its wndproc
7) to understand this in the same way you are trying
drag drop and size ollydbg to half of the screen
8) make your crackme occupy another half of the screen
9) now select ollydbg and keep pressing f8
you will see the crackme is being painted and the window appearing in the other half but its window (if you have default appearance in faint faded blue colour while ollydbgs will be bright blue)
10) if you hover your mouse simultaneously with right hand over the crackme while keeping f8 pressed with your left hand over the crackme you will see the file , help etc getting highlighted but if you try click the menu the left hand that keeps pressing f8 will loose focus and ollydbg will not trace

it is as simple as that

you have to hunt for your wndproc -> run this application -> set breaks on your wndproc and deal from there simply keeping f8 pressed doesnt mean anything

if you are adamant that you will only keep pressing f8 write a bot that SendMessages VK_KEY F8 to ollydbg PM_DISASM window and then play with your crackme that way ollydbg keeps spinning and your crackme also keeps spinning and

when you are pressing f8 only one of it spins and the other is suspended waiting for action from the one that is spinning

oh here is a flash movie if my words dont make sense

Saint Blabberer!!!!

oh gawd naides dont make me saint i wouldnt want to live without F#%@*^!

uau """till all hell breaks loose and all the icebergs melt and flood our mother earth you cannot...""" jajajajajja
ok now i understand a little better

THANK YOU VERY MUCH ALL YOU GUYS (blabberer, for the swf animation too)
until my next doubt!!!

blabbers answers often LIKE %saint%



0xf001