[crackme] Crack me #1 By Genoc!de

[hibernator]

Hi all,

It is a simple app with a nagscreen .

Try to remove nag secreen

Best of luck !!

P.S. This is 4 beginners only , LOL

Crack me#1.rar

[NikolayD]

DDD I don't see nag. Just run crackme it sure simple )))

[hibernator]

This is the nag screen . Probably it pops up when you run the crackme .

[NikolayD]

Think i'm joking?! ) See it http://rghost.ru/private/38396608/3793d2a6b243684d5ccb3ed61fc4f2b3

[C0M3ND4D0R]

Just take NOP......the API MessageBox

It is further promotion, than a crackme.

Thanks

[hibernator]

  On 5/31/2012 at 2:05 PM, NikolayD said:

Think i'm joking?! ) See it http://rghost.ru/pri...ccb3ed61fc4f2b3

Whoa , whoa !! I don't know how that happened Everything ran as expected on my computer . This piece of code was supposed to give the nag "invoke MessageBox,hWnd, addr Remove, addr NAG, MB_APPLMODAL " Thanks

[hibernator]

  On 5/31/2012 at 2:36 PM, C0M3ND4D0R said:

Just take NOP......the API MessageBox

It is further promotion, than a crackme.

Thanks

Yup , but there is a quicker way than NOPing . Any other ideas would be greately appreciated.

I am a still a newbie though . Thanks

Edited May 31, 2012 by genocide

[kakamail]

The same with NikolayD, no nag! I know 2 method is nop and change push 0 to push 1.

Another can be used but when you know how the message is called

Edited May 31, 2012 by kakamail

[hibernator]

  On 5/31/2012 at 3:14 PM, genocide said:

Whoa , whoa !! I don't know how that happened Everything ran as expected on my computer . This piece of code was supposed to give the nag "invoke MessageBox,hWnd, addr Remove, addr NAG, MB_APPLMODAL " Thanks

  On 5/31/2012 at 4:59 PM, kakamail said:

The same with NikolayD, no nag! I know 2 method is nop and change push 0 to push 1.

Another can be used but when you know how the message is called

I am sorry but I still can't figure out the cause of the problem . Here is the source code . You may want to compile it yourself and run again

[hibernator]

[C0M3ND4D0R]

  On 5/31/2012 at 7:01 PM, genocide said:

Download Source failed...

[hibernator]

  On 5/31/2012 at 10:38 PM, C0M3ND4D0R said:

Download Source failed...

Better late then never Sorry I was busy ! . Please help me find the bug

Crack me Source.rar

[DeadAndGone]

I can't compile the source because i don't have a compileren installed yet.

But, (im not sure), it seems you should invoke the messagebox at WndProcedure at initializing.

[C0M3ND4D0R]

Thank you for providing the source.....

I have not had much time to analyze despite being written in MASM, I do not use WinASM. I use RadASM.

so try:

LRESULT CALLBACK WndProcedure (HWND hWnd, uMsg UINT, WPARAM wParam, lParam LPARAM);

create a return...NAG was not removed, will give a return FALSE, to stop the application.

if( NAG )

return FALSE

can be an alternative.

Hug

[sama]

the place where you call MessageBox is wrong (message can not be displayed due the fact that at this moment there is no valid handle of the window)

if you call it from:

.ELSEIF eax==WM_CREATE	   invoke MessageBoxA,hWnd, addr Remove, addr NAG, MB_APPLMODAL		   ; My nag screen!

here you got what you want, at least i hope.

Edited June 3, 2012 by sama

[Teddy Rogers]

The [crackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

[Apuromafo]

if wana remove only with Nop or FNOP

004013B5 D9D0 FNOP

004013B7 D9D0 FNOP

004013B9 D9D0 FNOP

004013BB D9D0 FNOP

004013BD D9D0 FNOP

004013BF D9D0 FNOP

004013C1 D9D0 FNOP

004013C3 D9D0 FNOP

004013C5 D9D0 FNOP

004013C7 D9D0 FNOP

maybe in fact maybe work better with other push before (push 0) or changing maybe to a push 0 to push 40

[hibernator]

Well, back after quite some time Thanks goes to all. I think an elegant way to remove MBs is to open by CFF Explorer and change the "MessageBoxA" to "GetMessageA". Read it somewhere in ARTeams ezine