Muad'Dib's Crackme #1
Level: Easy
Date: 10/14/1999
File: md-cm1.zip (3.92KB)
OK...Lets get right into it...I'll asume some cracking knowledge but you should get along fine if you don't have any. First of all, run the program. A standard windows message box comes up. Now, if you know anything about the windows API you'll know that the call is MessageBoxA. Since this is a small program, I'll be using Win32DASM. Dissassemble the program and search for the function MessageBoxA. You'll get this code:
* Referenced by a CALL at Addresses:
:00401208 , :00401254
:004012BF 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"Please register!"
:004012C1 682D304000 push 0040302D
* Possible StringData Ref from Data Obj ->"I want your money! Please send "
->"me $20 to get rid of this screen!"
:004012C6 683E304000 push 0040303E
:004012CB 6A00 push 00000000
* Reference To: USER32.MessageBoxA, Ord:01BBh
:004012CD E842000000 Call 00401314 ;CALL IT!
That part that I commented as "CALL IT!" is the important part. All we have to do is NOP that out...Well...Here's how we do it. There's this number :004012CD...That's the code address. Next to it you see this: E842000000. That's what we need to get rid of. So open up your favorite hex editor and search for that....It's normally smart to search for things around it so I normally do this: 6A00E842000000 as my search string (the thing before it too). Change E842000000 to 909090909090 (a 90 in hex is NOP, meaning no process). Now run the program again. Poof! No nag! If you write a patcher, send it to me along with source and I will post it along with your name, email (if you want), and URL.