View Full Version : CRC,checksum??!
ramin_rad2000
April 25th, 2004, 10:52
there is function which is needed to be patched and it is like:
func abxxxxx
aaaaaaaa mov eax,[xxyxxyyx]
bbbbbbbb test eax,eax
cccccccc je xxxxxxxx
... here goes the rest
.
.
.
.
xxxxxxxx xor eax,eax
yyyyyyy ret
the program first calls this function 3 times and all these 3 times eax is 0, so it jumps to xxxxxxxx[XOR do nothing ok?]then again after a while it goes to xxxxxxxx,and this time I need to change this 'xor' to 'or' in order to crack it.
when i do it in sice after 3rd time[at the beginning of fourth time]it works
but the problem is, when i chang the first word of xor instruction 33 to OB(or) in HIEW the prog crashes after 3rd call!well i don't know of crc or checksum plz help me.
regards
%UNDEFINED%
April 25th, 2004, 12:22
I have no idea what you are trying to explain with this...
ramin_rad2000
April 25th, 2004, 12:38
Quote:
| [Originally Posted by %UNDEFINED%]I have no idea what you are trying to explain with this... |
67DC1412 mov eax,[67DCEC1D]
67DC1418 test eax,eax
67DC141A je 67DC142E
.
.
.
.
.
67DC142E xor eax,eax
67DC1430 retn 08
is that clear,suppose it as a function which i need to patch.it was called 3 times first and eax was 00000000 at 67DC1418 and it jumped to 67DC142E(je)(because eax was already zero 'xor' made no change right?)i changed xor to or at 67DC142E in fourth time with sice and it all worked out then.but when i tried to change this xor to or with hiew the prog crashed after 3rd call.
I am saying that this change didn't change program flow but there must be a crc check there,i only changed one word( 33 to 0b).how can i defeat this.
Kayaker
April 25th, 2004, 19:35
I'm not so sure a program crashing after a 3rd call to a changed routine is a positive indication of a crc check, but.. How about setting a BPM R(ead) breakpoint on 67DC142E, if there's a check it must read those bytes to take them into account and the break may indicate the checksum routine.
ramin_rad2000
April 26th, 2004, 02:33
Quote:
| [Originally Posted by Kayaker]I'm not so sure a program crashing after a 3rd call to a changed routine is a positive indication of a crc check, but.. How about setting a BPM R(ead) breakpoint on 67DC142E, if there's a check it must read those bytes to take them into account and the break may indicate the checksum routine. |
I tried it but i didn't work
Do you know how to reverse crc?
ramin_rad2000
April 26th, 2004, 03:18
Kayaker if is uses CreatfileA and then ReadfileA then do you think that bpm works?
Kayaker
April 26th, 2004, 12:38
Quote:
| [Originally Posted by ramin_rad2000]if is uses CreatfileA and then ReadfileA... |
Well, does it? CreateFileA, ReadFile, OpenFile, MapViewOfFile, _hread, _lcreat, _lopen,... are a few options. It's up to you to decide if any likely API's are being used in a crc check and adapt your strategy to suit.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.