View Full Version : Can't find __vbaStrComp in OllyDbg ???
ReVeRs
June 30th, 2010, 07:25
hi,
I am trying to crack the CrackersConvert 1.0
But when i want to place a breakpoint 'bpx __vbaStrComp', I could not find it in any of the modules (not even in MSVBVM50 or 60) using Ollydbg.
I tried checking the many other tuts, but they just started off with the breakpoint thing..
Can you help me sort this out???
Darkelf
June 30th, 2010, 10:03
Well, it's there. Do a right-click-> Search for-> Name in all modules and you will find it.
But just as a hint: you don't need it.
Look closer and tell us were you stuck.
And another hint: start looking from 00409C70 downwards.
Regards
darkelf
ReVeRs
June 30th, 2010, 11:22
Thanx for ur info.
Actually i saw this command in one of 'Eternal Bliss' tutorials in RCE. But there he was using SoftICE.
As I only have have Olly, i tried this command in command line, but it didnt work.
Even I tried in 'All Intermodular calls' window also, but in vain.
Anyway thanx again, by the way can you please explain how did you know to start at 00409C70?
ReVeRs
June 30th, 2010, 12:10
Cracked it through SmartCheck!!
I found SmartCheck very much handy than OllyDbg...
Darkelf
June 30th, 2010, 12:44
First of all, congrats!
Second, what do you mean by saying "cracked"?
Did you find out how the serial is created? I mean, the suggestion in the readme to write a keygen seems to be a joke because once you know how the serial is created, the only needed keygen is your brain. A 10-year old can compute the serial just by using his fingers. Don't get me wrong, I don't want to diminish your achievement. It's just me thinking that anything but understanding what exactly is going on there is wasted time (at least in this simple case). Even if this is your first solved crackme you should try to understand it completely.
Regards
darkelf
TempoMat
June 30th, 2010, 12:59
Quote:
I found SmartCheck very much handy than OllyDbg..
|
Yep that might be true until you'll find with time more targets that either freeze SmartCheck or make it deliver less interesting information.
Because you don't have SoftIce(or DriverStudio) you better learn how to use Olly better and efficiently for programs SmartCheck will fail on. There are at times you will even need both Debuggers on VB-Targets.
VB cracking is most times easy but needs patient and time especially when the program is compiled to p-code.
Any ways congrats and happy RCE!!
Elenil
June 30th, 2010, 18:40
bpx is a command in softice in olly its bp (in its command line)
if you use softice make sure the exports of the vb dlls are loaded
esther
June 30th, 2010, 18:47
*I am trying to crack the <deleted>
Hmm I thought it is a crackme,did the admins deleted it?
Darkelf
June 30th, 2010, 19:16
It was a crackme from the Immortal Descendants archive
http://www.woodmann.com/IDArchive/ID-RIP/
It's there under "CrackMe Practices" and it's called CrackersConvert.
I don't know why it was deleted from the first post. I guess it was the threadstarter himself.
Regards
Kayaker
June 30th, 2010, 19:32
My mistake. Thanks for the correction.
ReVeRs
June 30th, 2010, 20:39
Quote:
[Originally Posted by Darkelf;87087]First of all, congrats!
Second, what do you mean by saying "cracked"?
Did you find out how the serial is created? I mean, the suggestion in the readme to write a keygen seems to be a joke because once you know how the serial is created, the only needed keygen is your brain. A 10-year old can compute the serial just by using his fingers. Don't get me wrong, I don't want to diminish your achievement. It's just me thinking that anything but understanding what exactly is going on there is wasted time (at least in this simple case). Even if this is your first solved crackme you should try to understand it completely.
Regards
darkelf |
Yes, i figured out the procedure of making the serial and not just the serial
btw I am trying to understand the same crackme using Olly again
esther
July 1st, 2010, 08:28
Cracking vb you need visual basic winapi manual,just google
*bpx is a command in softice in olly its bp (in its command line)
bp doesn't works ,use bpx instead
Darkelf
July 1st, 2010, 11:31
Huuuh, I don't want to act like a smart-aleck - but that's not true. See:
Code:
BP expression [,condition] Set INT3 breakpoint at address BP EAX+10BP 410010, EAX==WM_CLOSEBP Kernel32.GetProcAddress
BPX label Set breakpoint on each call to external 'label' within the current module BPX CreateFileA
BC expression Delete breakpoint at address BC 410010
MR expression1 [,expression2] Set memory breakpoint on access to range
MW expression1 [,expression2] Set memory breakpoint on write to range
MD Remove memory breakpoint
HR expression Set 1-byte hardware breakpoint on access to address
HW expression Set 1-byte hardware breakpoint on write to address
HE expression Set hardware breakpoint on execute at address
HD [expression] Remove hardware breakpoint(s) at address
Taken from the Olly help file.
Regards
Elenil
July 1st, 2010, 22:36
bpx in olly ? i also wonder why esther wrote that
in case you gonna install softice use "bpx address/or api" or "bpm address/or api x"
esther
July 2nd, 2010, 09:42
*Huuuh, I don't want to act like a smart-aleck
You did LOL
,anywaythe reason I said it didn't work coz I bp the call Kernel32.SetLastError is called
but the destination is ntdll.RtlGetLastWin32Error.
*Elenil
bpx in olly ? i also wonder why esther wrote that
READ THE F* MANUAL.The only difference is that when using bping ,the Intermodular calls the calls
were not highlighted.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.