Jump to content
Tuts 4 You

[Crackme] Simple Crackme 2014 level 1 of 3 (vb6)


RDGMax

Recommended Posts

Hi


 


for run under debugger and bypass crc check just don't allow call _vbaend function (serial check procedure has reference to this function after incorrect serial msgbox :ermm:)


 


nice crackme but probably used vb anti crack on it !


  • Like 1
Link to comment

Serial Sample:


 


Username: RDGMax


 


 


Password:


 


E96C0077801EB2307F6DE0A3BA32400C6FB3F44A5277FD4564321578F9F38FE260001589C6358C9158C2E1FD205FC08038EEBC3D91DF48B5719EAD9FAB3582664F742F80EB999B579B1CD85BEF9458B9

Link to comment

Seriously what the f.uck is with the swf file? How can that be of any use?


 


Anyway - if anyone is in trouble with the antidebugging here are a few tricks to bypass it. Patch the following data:


 




01134544 C785 40FFFFFF 00000000 MOV DWORD PTR SS:[EBP-C0],0
0113454E 90 NOP
0113454F 90 NOP
01134550 90 NOP
01134551 90 NOP
01134552 90 NOP
01134553 90 NOP
01134554 90 NOP
01134555 90 NOP
01134556 90 NOP
01134557 |. 68 9E451301 PUSH 0113459E
0113455C \. EB 14 JMP SHORT 01134572 0111F0ED /EB 1C JMP SHORT 0111F10B
0111F0EF |. |53 PUSH EBX
0111F0F0 |. |68 9C581101 PUSH 0111589C 0111F166 /EB 06 JMP SHORT 0111F16E
0111F168 |. |FF15 3C101001 CALL DWORD PTR DS:[<&MSVBVM60.__vbaEnd>] ; MSVBVM60.__vbaEnd
0111F16E |> \8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]




 

However I really can't bypass the integrity check at startup - anyone had this issue too? Ultimately, the packer seems to create a new process and writte memory into that process using WriteProcessMemory api and then resume the state using Resumethread, that seems to fail with great misery for a modified file.


Edited by xSRTsect
Link to comment
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...