2days Posted July 26, 2023 Share Posted July 26, 2023 View File Bypass MessageBox Without Unpacking Bypass MessageBox without unpacking, task complete. Submitter 2days Submitted 07/15/2023 Category CrackMe 3 1 Link to comment Share on other sites More sharing options...
X0rby Posted July 26, 2023 Share Posted July 26, 2023 It searches for a file named '2days.txt'. If it is not found, it will display the message box; otherwise, no message box will be shown. 2days_nag.mp4 2 1 Link to comment Share on other sites More sharing options...
X0rby Posted July 26, 2023 Share Posted July 26, 2023 (edited) The only funny thing is your -inf/10 easy challenge, you are here since 2008 and you are making this kind of crap? that's a shame. Edited July 26, 2023 by X0rby 1 Link to comment Share on other sites More sharing options...
Solution bon Posted August 7, 2023 Solution Share Posted August 7, 2023 TRUE BYPASS version.dll visual studio 2022 vc++ 2 1 Link to comment Share on other sites More sharing options...
Barestra Posted August 8, 2023 Share Posted August 8, 2023 12 hours ago, bon said: TRUE BYPASS version.dll visual studio 2022 vc++ Perfect ++ 💯 The condition shows the text box has been replaced by nop altogether . Just put the version.dll file in it. 3 Link to comment Share on other sites More sharing options...
bb2018 Posted August 14, 2023 Share Posted August 14, 2023 (edited) .DLL Hijack bypass all protect 😁 bb2018.dll = Patcher version.dll = loader Hook Api = Bypasser First, use x64dbg debug to find patch points. Change from 84 to FE. First, we need to find the module .dll will notice that there.A lot of dlls, but I'm going to use version.dll. Example Code Patch : DWORD64 MR.BB2018 = Module + (DWORD64)0x2F931; // rva Patch PVOID rva1 = reinterpret_cast<PVOID>(MR.BB2018); BYTE rva2[] = { 0xFE }; WriteProcessMemory(hProcess, rva1, rva2, sizeof(rva2), NULL); Tools : X64dbg : https://github.com/x64dbg/x64dbg/releases Visualstudio : https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes hijack dll Source Code Generator. support x86/x64 : https://github.com/strivexjun/AheadLib-x86-x64/releases/tag/1.2 I'm still naive about the reverse. If it's a mistake, apologize. 😁 Edited August 15, 2023 by bb2018 3 1 2 Link to comment Share on other sites More sharing options...
bon Posted August 16, 2023 Share Posted August 16, 2023 (edited) try learning x64dbg script 👍 DeleteBPX bp VirtualProtect SetBreakpointCommand VirtualProtect, "vtp" erun vtp: rtr 2 step rtu step find cip,"E9EF" cmp $result,0 je ER bp $result erun bc sti sto 8 sti memset cip+19603, EB,1//bypass cmp to jmp log "OEP:{a@cip}" mov 1004A8D64, #62 6F 6E 00#//set caption run exit ER: Edited August 16, 2023 by bon 2 1 Link to comment Share on other sites More sharing options...
ReverseKill Posted August 16, 2023 Share Posted August 16, 2023 Sir, can anyone share the source code of proxy hook dll. If the application is packed with vmprotect or themida, will the hook dll still work? Respected Admin, I am a newbie, I have been trying to learn this for a long time. Please approve my content. Thanks in advance. Link to comment Share on other sites More sharing options...
boot Posted August 17, 2023 Share Posted August 17, 2023 (edited) 23 hours ago, ReverseKill said: If the application is packed with vmprotect or themida, will the hook dll still work? That is not difficult, even with protections. (EDIT: The error reply here has been removed.) It indicates that you have not mastered the essentials of DLL hijacking. Any protections, even the latest version of VMP or TMD, whether it is x86 or x64, can be hijacked, and can even be completed with or without a DLL... Edited August 17, 2023 by boot Correcting error reply... Link to comment Share on other sites More sharing options...
bb2018 Posted August 17, 2023 Share Posted August 17, 2023 (edited) 11 hours ago, ReverseKill said: Sir, can anyone share the source code of proxy hook dll. If the application is packed with vmprotect or themida, will the hook dll still work? First of all, you have to write a programming language. Other things are not that difficult. If you understand written languages such as C, C#, C++, Golang, Python, Delphi, Autoit and many other languages, you can choose one and try writing them. Second of all, you have to focus on what you want to learn. And practice as much as you can, and you'll get the answers you need. If you need more answers, you can just ask Chat-GPT 4. 😁 Chat-GPT can write code automatically just by asking what you want 😁 Edited August 17, 2023 by bb2018 Link to comment Share on other sites More sharing options...
ReverseKill Posted August 17, 2023 Share Posted August 17, 2023 (edited) On 8/17/2023 at 8:31 AM, bb2018 said: First of all, you have to write a programming language. Other things are not that difficult. If you understand written languages such as C, C#, C++, Golang, Python, Delphi, Autoit and many other languages, you can choose one and try writing them. Second of all, you have to focus on what you want to learn. And practice as much as you can, and you'll get the answers you need. If you need more answers, you can just ask Chat-GPT 4. 😁 Chat-GPT can write code automatically just by asking what you want 😁 Thanks for replying. Who knows if an answer like this might be helpful to someone. Edited August 27, 2023 by ReverseKill correcting reply Link to comment Share on other sites More sharing options...
ReverseKill Posted August 17, 2023 Share Posted August 17, 2023 (edited) On 8/17/2023 at 6:29 AM, boot said: That is not difficult, even with protections. (EDIT: The error reply here has been removed.) It indicates that you have not mastered the essentials of DLL hijacking. Any protections, even the latest version of VMP or TMD, whether it is x86 or x64, can be hijacked, and can even be completed with or without a DLL... Thanks for letting me know that I haven't mastered the essentials of DLL hijacking. If I could, I wouldn't be here asking. Edited August 27, 2023 by ReverseKill correcting error reply Link to comment Share on other sites More sharing options...
Noob boy Posted September 13, 2023 Share Posted September 13, 2023 On 8/17/2023 at 11:47 PM, ReverseKill said: Thanks for letting me know that I haven't mastered the essentials of DLL hijacking. If I could, I wouldn't be here asking. So what he's saying is, look, I've got this knowledge. So study hard! Show off, show off. If you think you can help someone else. Then reply. Please provide some practical tips or help. Instead of showing off every day Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now