Bypass MessageBox Without Unpacking

Bypass MessageBox without unpacking, task complete.

File Information

Submitter 2days

Submitted 07/14/2023

Category CrackMe

View File

It searches for a file named '2days.txt'. If it is not found, it will display the message box; otherwise, no message box will be shown.

The only funny thing is your -inf/10 easy challenge, you are here since 2008 and you are making this kind of crap? that's a shame.

Edited July 26, 20232 yr by X0rby

TRUE BYPASS

version.dll

visual studio 2022 vc++

12 hours ago, bon said:

TRUE BYPASS

version.dll

visual studio 2022 vc++

 

Perfect ++ 💯 The condition shows the text box has been replaced by nop altogether . Just put the version.dll file in it.

.DLL Hijack bypass all protect  😁

bb2018.dll = Patcher 

version.dll = loader 

Hook Api = Bypasser

First, use x64dbg debug to find patch points.  Change from 84 to FE.

First, we need to find the module .dll will notice that there.A lot of dlls, 
but I'm going to use version.dll.

Example Code Patch :

DWORD64 MR.BB2018 = Module + (DWORD64)0x2F931; // rva Patch

PVOID rva1 = reinterpret_cast<PVOID>(MR.BB2018);
BYTE rva2[] = { 0xFE };

WriteProcessMemory(hProcess, rva1, rva2, sizeof(rva2), NULL);

Tools :

X64dbg : https://github.com/x64dbg/x64dbg/releases

Visualstudio : https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes

hijack dll Source Code Generator. support x86/x64 : https://github.com/strivexjun/AheadLib-x86-x64/releases/tag/1.2

 

I'm still naive about the reverse. If it's a mistake, apologize. 😁
 

Edited August 15, 20232 yr by bb2018

try learning  x64dbg script 👍

DeleteBPX
bp VirtualProtect
SetBreakpointCommand VirtualProtect, "vtp"
erun
vtp:
rtr 2
step
rtu
 
step
find cip,"E9EF"
cmp $result,0
je ER
 
bp $result
erun
bc
sti
sto 8
sti
memset cip+19603, EB,1//bypass cmp to jmp
log "OEP:{a@cip}" 
mov 1004A8D64, #62 6F 6E 00#//set caption
run
exit
ER:

Edited August 16, 20232 yr by bon

Sir, can anyone share the source code of proxy hook dll.
If the application is packed with vmprotect or themida, will the hook dll still work? 

 

Respected Admin, I am a newbie, I have been trying to learn this for a long time. 

Please approve my content.

Thanks in advance.

23 hours ago, ReverseKill said:

If the application is packed with vmprotect or themida, will the hook dll still work? 

That is not difficult, even with protections.

(EDIT: The error reply here has been removed.)

It indicates that you have not mastered the essentials of DLL hijacking. Any protections, even the latest version of VMP or TMD, whether it is x86 or x64, can be hijacked, and can even be completed with or without a DLL...

Edited August 17, 20232 yr by boot
Correcting error reply...

11 hours ago, ReverseKill said:

Sir, can anyone share the source code of proxy hook dll.
If the application is packed with vmprotect or themida, will the hook dll still work? 

First of all, you have to write a programming language. Other things are not that difficult. If you understand written languages such as C, C#, C++, Golang, Python, Delphi, Autoit and many other languages, you can choose one and try writing them.

Second of all, you have to focus on what you want to learn.
And practice as much as you can, and you'll get the answers you need.

If you need more answers, you can just ask Chat-GPT 4. 😁

Chat-GPT can write code automatically just by asking what you want 😁

Edited August 17, 20232 yr by bb2018

On 8/17/2023 at 8:31 AM, bb2018 said:

First of all, you have to write a programming language. Other things are not that difficult. If you understand written languages such as C, C#, C++, Golang, Python, Delphi, Autoit and many other languages, you can choose one and try writing them.

Second of all, you have to focus on what you want to learn.
And practice as much as you can, and you'll get the answers you need.

If you need more answers, you can just ask Chat-GPT 4. 😁

Chat-GPT can write code automatically just by asking what you want 😁

Thanks for replying. Who knows if an answer like this might be helpful to someone. 

Edited August 27, 20232 yr by ReverseKill
correcting reply

On 8/17/2023 at 6:29 AM, boot said:

That is not difficult, even with protections.

(EDIT: The error reply here has been removed.)

It indicates that you have not mastered the essentials of DLL hijacking. Any protections, even the latest version of VMP or TMD, whether it is x86 or x64, can be hijacked, and can even be completed with or without a DLL...

Thanks for letting me know that I haven't mastered the essentials of DLL hijacking. If I could, I wouldn't be here asking.

Edited August 27, 20232 yr by ReverseKill
correcting error reply

On 8/17/2023 at 11:47 PM, ReverseKill said:

Thanks for letting me know that I haven't mastered the essentials of DLL hijacking. If I could, I wouldn't be here asking.

So what he's saying is, look, I've got this knowledge. So study hard! Show off, show off. If you think you can help someone else. Then reply. Please provide some practical tips or help. Instead of showing off every day