Log in

View Full Version : Help with point-h in my computer


Pompeyfan
December 29th, 2003, 04:12
Okay, I have uploaded a screenshot to my website at http://members.optusnet.com.au/~vincewmb/Aussiepompeyfan/Olly.htm, ("http://members.optusnet.com.au/~vincewmb/Aussiepompeyfan/Olly.htm,") and have been trying to follow the tutorial in 33-punto_ h ingles\Punto_H_english.mht.

Following all the steps in the tutorial 33-punto_ h ingles\Punto_H_english.mht, on my system I ended up with my point-h being at 77C72FFC 0FB650 02 MOVZX EDX,BYTE PTR DS:[EAX+2], and I ended up in GDI32, instead of USER32, I am running the latest version of Olly, and have XP pro on my PC, then when I tried following the steps for the Crackme2, I got this far, but not sure what to do from here, I seem to be in a different location to the tutorial, but I can see the serial of 47802 that I entered.

Could I have done something wrong so far?, if I haven't where do I go from here?

Ricardo Narvaja
December 30th, 2003, 01:38
You use the cruehead crackme for discover your point h?

When stop in your point, not stop for an exception?
Do you have non standard keyboard? (two persons with a wireless keyboard has a similar trouble and don't function the tute on your machines)
Instead thousands users are using point h without trouble.

Are you making bad any step?

Ricardo

Pompeyfan
December 30th, 2003, 12:53
No, when I load the cruehead crackme, I get a message that Module cracme has entry point outside of the code, anyway I proceeded, but then when I view names, I don't get the user32 translate message listed.
So I used another crackme, cant recall which one, I just tried a few till I found one with the translate message listed, I did see that your tutorial said you could use any, seems strange the one you suggested wouldn't work for me though.
I'll try it again, maybe I stopped for an exception as you suggest.
Have a pretty standard keyboard, so doubt it is to do with that.

Ricardo Narvaja
December 30th, 2003, 13:59
The point H work in 90 percent of the crackmes, but in not all crackmes point H is easy to found, i suggest found the value in cruehead crackme is more easy in other crackmes, and with the value found in cruehead crackme, you can use in any crackme or program.
I think you have other cruehead crackme, the crackme of the tute is not compressed, look well, cruehead write many crackmes, download of my FTP the right crackme, or mail me and i send you the correct crackme of cruehead for the tute.

Ricardo

Ricardo Narvaja
December 30th, 2003, 15:12
my mail is ricnar22@millic.com.ar

Ricardo

Pompeyfan
December 31st, 2003, 03:14
I've tried this with a few crackmes, but keep bombing out, so I have emailed you asking you to send me the right Cruehead crackme, I must be using the wrong one.
I appreciate your help.

Pompeyfan
December 31st, 2003, 03:56
Okay, I finally got there, as you can see from http://members.optusnet.com.au/~vincewmb/Aussiepompeyfan/Olly.htm, ("http://members.optusnet.com.au/~vincewmb/Aussiepompeyfan/Olly.htm,") but I do think Olly isn't playing completely well on my system, thanks Ricardo for all your help :-)

Ricardo Narvaja
December 31st, 2003, 07:02
well the F1-12 keys in OLLY only work if the window of olly is activated, when you click in the run button, you activate the window.
Click in any part of the OLLY window to activate, and next the F1-F12 are active again.

Ricardo Narvaja

Pompeyfan
December 31st, 2003, 12:45
Ah, well that explains it then, thanks again. I have successfull completed the Cosh crackme tutorial, what version of Idesk should I get for the next tutorial, is it in your ftp folder?

Ricardo Narvaja
December 31st, 2003, 23:26
in my FTP in

D:\FTPROOT\VIEJO CURSO\PROGRAMAS CURSO VIEJO

03-IDesk-260.zip

or 03-Idesk-260.exe

Ricardo Narvaja

Pompeyfan
January 1st, 2004, 03:23
Thanks Ricardo, I've downloaded it to try out later, I must say your tutorials are very well written and easy to follow.

Pompeyfan
January 1st, 2004, 05:29
Hmm, is this file aleady unpacked, as I have unpacked it with Procdump, and then Olly doesn't seem to like it at all, it then gives me the message "the procedure entry point could not be located in the dynamic link library WINMM.DLL"

Ricardo Narvaja
January 1st, 2004, 08:38
Well you not unpack well, the file, the IAT is bad.

For the tute, is not necesary unpack, only reach the registration window, and put on the command bar

Bp [adress of your punto h]

Ricardo

Pompeyfan
January 1st, 2004, 12:26
Okay, well I am new to unpacking, I guess I'd better read up on that a bit before doing it again.
I'll do the tut without unpacking for now then.

Pompeyfan
January 1st, 2004, 18:29
Okay, I have followed the tut to this point for Idesk:

11) The program stops Idesk Module:

00402E0F 8A1E MOV BL,BYTE PTR DS:[ESI]

12) Trace with F8 to exit this routine (retn) and the program go to the check point of serial:

004C9DB6 A3 04B55200 MOV DWORD PTR DS:[52B504],EAX
004C9DBB A1 00B55200 MOV EAX,DWORD PTR DS:[52B500]
004C9DC0 3B05 04B55200 CMP EAX,DWORD PTR DS:[52B504]


But I'm not quite sure what I do at step 12, can you clarify this, I would really appreciate this, as it is the last step of the tut, with the previous tut I just kept pressing run till I got to the right point, this is different.

Ricardo Narvaja
January 2nd, 2004, 02:30
well there are different forms a program works with the serial, in any program put a bpm on acess in the fake serial and RUN is a good option, in others trace till the excution flow return to executable and trace for look the comparation.
The tut is not a lesson for learn all methods for catch serials, is only for show the utilization of point H and similarity with hmemcpy of win98, how stop and how copy the fake serial to the memory.
For a better lessons for catch serials there are thousands of tuts for hmemcpy of w98,now you can use point h , and next continue this tuts for the part of catch the serial.

Ricardo

Pompeyfan
January 2nd, 2004, 05:18
Okay, got it now, I didn't realise how many times I had to press F8, that was why I gave up before, this time I kept going till it took me to the relevant code, and I successfully found the serial:-)
Thanks again for your help.

Fauzt0
June 23rd, 2004, 20:53
I have a question...
is the serial for the crackme of cruehead v1.0 18??
because i think I found a Bug thik so if don't please tell me...
because when u was reading u'r tuto (ricardo) I could'nt find my H point so I read the Crackme code (assamble) and star to trace F7 and take to one point that compare 18 whith ???? so the program stop, I use The 18 as a serial and don't give me the Litle Window that Marks my mistake, Please Help

And I could't find my own

Fauzt0
June 23rd, 2004, 20:55
something I forgot To Mention it How do u know which librari takes u to u'r H point??? In Cruehead is Translate...

but it's no t located on this program...

Ricardo Narvaja
June 24th, 2004, 01:57
Use this plugin for OLLY and this show automatically your POINT H and you can put BPX in the point easily only pressing a button.

This plugin by THE KLUGER is a good option for work with POINT H and the NEW POINT A for VISUAL BASIC 5 and 6, this plugin discover the value of the points and let put directly a bpx and any of this poits or quit if you desire is perfect for work with points.

download

http://tinyurl.com/395zo ("http://tinyurl.com/395zo")

Ricardo Narvaja
PD:The new point a for visual basic has a tut and help for cracking in visual basic a lot read if you don't understand the use of this incredible point