Matrix Posted October 24, 2007 Posted October 24, 2007 (edited) Hi Freinds pleaes Unpackme & write Tutorial Tnx Sh4DoVV.rar Edited October 24, 2007 by Matrix
Apakekdah Posted November 13, 2007 Posted November 13, 2007 Dunno this is can run or not. dumpe1_.rar
pavka Posted November 14, 2007 Posted November 14, 2007 Serial fishing not a unique way of cracking Example: protected Dotfix Niceprotect 2.8 CRACKME_protected.rar
Apakekdah Posted November 14, 2007 Posted November 14, 2007 @Sonny27 ah... finally... yeah, i though so to @pavka can u share Dotfix Niceprotect 2.8
Apakekdah Posted November 14, 2007 Posted November 14, 2007 i've found only few stolen bytes PUSH EBPMOV EBP,ESPPUSH -1PUSH 402508PUSH 401CF6MOV EAX,DWORD PTR FS:[0]PUSH EAXMOV DWORD PTR FS:[0],ESPSUB ESP,68PUSH EBXPUSH ESIPUSH EDIMOV DWORD PTR SS:[EBP-18],ESPXOR EBX,EBXMOV DWORD PTR SS:[EBP-4],EBXPUSH 2CALL NEAR DWORD PTR DS:[402198]POP ECXCALL NEAR DWORD PTR DS:[402190]MOV ECX,DWORD PTR DS:[403174]MOV DWORD PTR DS:[EAX],ECXCALL NEAR DWORD PTR DS:[40218C]MOV ECX,DWORD PTR DS:[403170]MOV DWORD PTR DS:[EAX],ECXMOV EAX,DWORD PTR DS:[402188]XOR EAX, EAXCMP DWORD PTR DS:[403090],EBX it's realy hard to restore stolen bytes
pavka Posted November 14, 2007 Posted November 14, 2007 @Apakekdah I think that it was not difficult ! In comparison with the last versions a little that has changed! It was added hardly more garbage
Apakekdah Posted November 15, 2007 Posted November 15, 2007 (edited) @pavka yeah... too much junk code. the problem is i dont have app compiled with VC++ 6 MFC edit: aha... Finally crackme_protected_dump1_.rar please test it Edited November 15, 2007 by Apakekdah
Sonny27 Posted November 15, 2007 Posted November 15, 2007 (edited) Runs fine again, Apakekdah @pavka: Yes, of course, but I Edited November 15, 2007 by Sonny27
pavka Posted November 16, 2007 Posted November 16, 2007 @ApakekdahIt is not necessary to use ImpRec:) It is superfluous work For IAT MSVC type it is not necessary to restore IAT, it is enough to expose correct values IAT RVA in dump
pavka Posted November 17, 2007 Posted November 17, 2007 @ApakekdahMake dump on OEP and put IAT RVA ==25E0004025E0 00002658 <-----IAT RVA004025E4 00000000004025E8 00000000004025EC 00002830004025F0 00002014004025F4 000027C0004025F8 00000000004025D4 58 26 00 00 X&..004025E4 00 00 00 00 00 00 00 00 30 28 00 00 14 20 00 00 ........0(.. ..004025F4 C0 27 00 00 00 00 00 00 00 00 00 00 66 28 00 00 А'..........f(..00402604 7C 21 00 00 44 26 00 00 00 00 00 00 00 00 00 00 |!..D&..........00402614 6A 29 00 00 00 20 00 00 08 28 00 00 00 00 00 00 j)... ..(......00402624 00 00 00 00 FE 29 00 00 C4 21 00 00 00 00 00 00 ....ю)..Д!......00402634 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................00402644 2C 29 00 00 38 29 00 00 44 29 00 00 58 29 00 00 ,)..8)..D)..X)..00402654 00 00 00 00 63 16 00 80 52 0F 00 80 41 04 00 80 ....c.ЂR.ЂA.Ђ00402664 D0 09 00 80 4F 14 00 80 5C 09 00 80 12 0D 00 80 Р..ЂO.Ђ\..Ђ..Ђ00402674 B4 14 00 80 B6 14 00 80 A5 0A 00 80 EF 0F 00 80 ґ.Ђ
Apakekdah Posted November 21, 2007 Posted November 21, 2007 @pavkahow can i find IAT RVA ? Should i find it manual or there is another trick to do that ?
pavka Posted November 26, 2007 Posted November 26, 2007 Delphi protected 2.9CrackMe3_protected2.9.rar
pavka Posted December 13, 2007 Posted December 13, 2007 protected Dotfix Niceprotect 3.0KeyGen_protected3.0.rar
sdy100 Posted December 13, 2007 Posted December 13, 2007 (edited) 00454C68 > $ 55 PUSH EBP00454C69 . 8BEC MOV EBP,ESP00454C6B . 83C4 F0 ADD ESP,-1000454C6E . B8 804A4500 MOV EAX,KeyGen_protected3.0.00454A8000454C73 . E8 6C18FBFF CALL KeyGen_protected3.0.004064E400454C78 . A1 D8604500 MOV EAX,DWORD PTR DS:[4560D8]00454C7D . 8B00 MOV EAX,DWORD PTR DS:[EAX]00454C7F . E8 4CD8FFFF CALL KeyGen_protected3.0.004524D000454C84 . 8B0D BC614500 MOV ECX,DWORD PTR DS:[4561BC] 00454C8A . A1 D8604500 MOV EAX,DWORD PTR DS:[4560D8]00454C8F . 8B00 MOV EAX,DWORD PTR DS:[EAX]00454C91 . 8B15 543B4500 MOV EDX,DWORD PTR DS:[453B54] 00454C97 . E8 4CD8FFFF CALL KeyGen_protected3.0.004524E800454C9C . A1 D8604500 MOV EAX,DWORD PTR DS:[4560D8]00454CA1 . 8B00 MOV EAX,DWORD PTR DS:[EAX]00454CA3 . E8 C0D8FFFF CALL KeyGen_protected3.0.0045256800454CA8 . E8 67F9FAFF CALL KeyGen_protected3.0.0040461400454CAD . 8D40 00 LEA EAX,DWORD PTR DS:[EAX]unpacked2.rar Edited December 13, 2007 by sdy100
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now