Jump to content
Tuts 4 You

[Crackme] Simple Crackme 2014 level 1 of 3 (vb6)


Recommended Posts



for run under debugger and bypass crc check just don't allow call _vbaend function (serial check procedure has reference to this function after incorrect serial msgbox :ermm:)


nice crackme but probably used vb anti crack on it !

  • Like 1
Link to comment
Share on other sites

Serial Sample:


Username: RDGMax






Link to comment
Share on other sites

Seriously what the f.uck is with the swf file? How can that be of any use?


Anyway - if anyone is in trouble with the antidebugging here are a few tricks to bypass it. Patch the following data:


01134544 C785 40FFFFFF 00000000 MOV DWORD PTR SS:[EBP-C0],0
0113454E 90 NOP
0113454F 90 NOP
01134550 90 NOP
01134551 90 NOP
01134552 90 NOP
01134553 90 NOP
01134554 90 NOP
01134555 90 NOP
01134556 90 NOP
01134557 |. 68 9E451301 PUSH 0113459E
0113455C \. EB 14 JMP SHORT 01134572 0111F0ED /EB 1C JMP SHORT 0111F10B
0111F0EF |. |53 PUSH EBX
0111F0F0 |. |68 9C581101 PUSH 0111589C 0111F166 /EB 06 JMP SHORT 0111F16E
0111F168 |. |FF15 3C101001 CALL DWORD PTR DS:[<&MSVBVM60.__vbaEnd>] ; MSVBVM60.__vbaEnd
0111F16E |> \8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]


However I really can't bypass the integrity check at startup - anyone had this issue too? Ultimately, the packer seems to create a new process and writte memory into that process using WriteProcessMemory api and then resume the state using Resumethread, that seems to fail with great misery for a modified file.

Edited by xSRTsect
Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...