Acid_Cool_178
presents he's
#13 Tutorial |
For Hellforge |
This Text Are Only Ment To Edcucational Purpose And Not To Be Used Illegaly, I Take No Response For Illegal Use Of This Text. Move On On Your Risc.
Athour Information |
acid_cool_178@hotmail.com | ||
Age | 17 | |
Web Page | http://acidcool.cjb.net/ | |
Date | Febuary 2K | |
Member in | Hellforge | Flying Horse Cracking Force |
Groups Web Page | Hellforge Login | FHCF Login |
Program Infromation |
Name | eKH CrackMe 1.0 | |||
eKHcrackme1.exe | ||||
Athour | flag eRRatum | |||
Where to Downlaod | Crackmes Webpage | |||
Tools used | W32Dasm |
Downlaod At | ||
1. Player Tools | ||||
2. Programmer Tools | ||||
Size | 194KB | |||
What kind of a program | Crackme | Shareware | ||
Skill | Easy | Not so easy | Hard | X-pert |
Information about the protection |
This protection takes a bit from your name and are generating a serial and comparing it with your entred serial. If wrong then show wrong message if correct then show good message
Before we start |
I won't explain everything in detail!
The Process |
Open eKHcrackme1.exe in W32Dasm and look at the "String Data References" i
founded this ERROR and scrollen up until i could see this code.
:00427B6D E83EBCFDFF call 004037B0
:00427B72 48 dec eax
:00427B73 7C30 jl 00427BA5 <-- If
Less then jump to Bad Code
:00427B75 8D55FC lea edx, dword ptr [ebp-04]
:00427B78 8B83EC010000 mov eax, dword ptr [ebx+000001EC]
:00427B7E E80DE2FEFF call 00415D90
:00427B83 8B45FC mov eax, dword ptr [ebp-04]
:00427B86 50 push eax
:00427B87 8D55F8 lea edx, dword ptr [ebp-08]
:00427B8A 8B83DC010000 mov eax, dword ptr [ebx+000001DC]
:00427B90 E8FBE1FEFF call 00415D90
:00427B95 8B45F8 mov eax, dword ptr [ebp-08]
:00427B98 5A pop edx
:00427B99 E882FEFFFF call 00427A20
:00427B9E 3D4E61BC00 cmp eax, 00BC614E
:00427BA3 7D1E jge 00427BC3 <-- If
Greater Or Equal the jump to Good Code
Lets see, the code must be greater than something and i wonder what, it have to be with
BC614E, and what are the call's doing ?
The firt thing what i did was to NOP the first jump and chane the seccond jump from JGE to
JMP, and that worked just fine. But i want my serial! Not to patch, i'm tierd of that!!
Well, as a newbie i can't find the serial but i have shown you where the code are holding
it's base. The question are where in the base ?
I have lookes at LaZaRuS's homepage and he has written a tutorial about this crackme.
So i won't copy he's text, please go to this page and downlaode the tutorial.
http://come.to/hellforge Tutorials
section --> Tutorial 10
Ending |
Well, i have fail what i began to work with. One step forward and two back, I will return harder!! I promise..
Greetings |
LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss, Potsmoke, DiABLO. Torn@do and all the other i have forgotten