Safengine Shielden v2.3.8.0

[Reasen]

Difficulty : Unknown
Language : Delphi XE8
Platform : Windows x86/x64
OS Version : XP and above
Packer / Protector : Safengine Shielden v2.3.8.0  Max Options + Virtualized button Function using Safengine SDK

Description :

This Safengine Version(last one) have support for virtualize the parts of the executable you want,

i virtualized the button with the function (cracked or not cracked) and packed the executable with it, Good luck!

SafengineCrackMe.zip

Screenshot :

Edited January 23, 2016 by reasen

[White]

Patch it to Success.

set a bp at 005C7464
click the button
set a bp at 0040A550
run
stop at 0040A550 and EDX = 005C74E8 UNICODE "Normalize"
set eax = 1
set new eip to 0040A579
run

Then should come up with the "good boy" message.

[Reasen]

9 hours ago, White said:

Patch it to Success.

set a bp at 005C7464
click the button
set a bp at 0040A550
run
stop at 0040A550 and EDX = 005C74E8 UNICODE "Normalize"
set eax = 1
set new eip to 0040A579
run

Then should come up with the "good boy" message.

What ollydbg configuration you used? i get a crash.

[White]

39 minutes ago, reasen said:

What ollydbg configuration you used? i get a crash.

Phantom option -> protect DRX  <-- disable.

 

[Reasen]

1 hour ago, White said:

Phantom option -> protect DRX  <-- disable.

 

Well, i see that not fix the problem,

as soon i try to put/run(press the button) the app with a BP in hardware, memory or a normal one, appears an error. Some other kind of configuration i missing?
Thanks.

 

Spoiler

 

Edited January 25, 2016 by reasen

[White]

19 hours ago, Reasen said:

Well, i see that not fix the problem,

as soon i try to put/run(press the button) the app with a BP in hardware, memory or a normal one, appears an error. Some other kind of configuration i missing?
Thanks.

First, you should run the target normally, when you can see the targets window. Then just do what I descripted above.

[Sound]

Phantom option -> protect DRX  <-- disable.

 

Strong Od

[collins]

On 2016/1/25 at 11:04 AM, White said:

Patch it to Success.

set a bp at 005C7464
click the button
set a bp at 0040A550
run
stop at 0040A550 and EDX = 005C74E8 UNICODE "Normalize"
set eax = 1
set new eip to 0040A579
run

Then should come up with the "good boy" message.

 

how to find the address "0040A550" ?

 

[White]

On 2016/3/4 at 1:47 PM, collins said:

 

how to find the address "0040A550" ?

 

oh, you should know something about how to trace in its VM routine.

It appears when the first vm routine ends.

[zeger]

bpcnd 00618655 ,“ESI==007798A0”

mov EAX,00778FE3

run

 

Edited July 22, 2016 by zeger

[MaxII]

Hi

Any tutorial on how to patch HWID? I read sound's tutorial but it's in Chinese and I can't read Chinese,  google translate was  bad too.