Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

WinLicense v3.2.2 (Window Function Through an External Plugin)

This is a WinLicense 3.2.2/sample, set by default, without adding an SDK in the source code, only adding a window function through an external plugin. I don't know if bypass can be cracked, I tested it and it doesn't. Shedding may be more complicated.Please use your own way to crack it. Whether it's molting, bypass, or keygen, they are all the best methods. No need to upload your proposal, posting a picture is the best answer. I will strive to learn towards your achievements. HWID:1031-E184-1D1E-92A8-AA82-151F-E2BC-34EE NAME:Mr.Leng .RegistCode:2FGP7NTY-22AMY4QL-XXEHAOKD-ZJKHKDKR-VY66SHXY-YTEQXVBF-GAXAEFIA-7BQWOTA5-5CE344K4-VBGMG25R-5TGP26WS-AIKQB3S5-5LDUHEHX-S6KSKH3H-OPPHIFAX-N6WPWIAM

 

1.png.6697fe555dc51b56e70ceae6a892be5d.png

3.png.844e6d41df1c4fffee988d508465e15b.png

 

WinLicense3.2.2_sample.rar

 

File Information

Submitter lengyue

Submitted 02/07/2025

Category CrackMe

View File

WinLicense v3.2.2 (Window Function Through an External Plugin)

Solved by karan

Go to solution
  • 2 weeks later...

This plugin is much more powerful than the original WinLicense. 80-90% of people can’t get around it!

  • 3 weeks later...

This is a sample encrypted by default and without anti-debugging enabled.WinLicense3.22.rar
6FF2-7FBC-317A-E404-40AC-57D7-D049-706D

Edited by Noob boy

  • 2 weeks later...
  • Solution

Among the anti-debug techniques, there's an interesting one worth noting.

A dummy thread is created and then it calls Sleep(0x32).
(The goal is for the created thread to be detected by tools like x64dbg.)

Then, it calls NtQueryObject with the ObjectBasicInformation class using the thread handle.

If the returned HandleCount is greater than 1, it determines that debugging is in progress.

 

void dummy()
{
	Sleep(8000);
}

bool CheckCreateThreadHandleCount()
{
	HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)dummy, NULL, 0, NULL);
	if (hThread == NULL)
	{
		return false;
	}

	Sleep(0x32);

	PUBLIC_OBJECT_BASIC_INFORMATION objInfo;

	NTSTATUS status = NtQueryObject(hThread, ObjectBasicInformation, &objInfo, sizeof(objInfo), NULL);

	if (!NT_SUCCESS(status))
	{
		CloseHandle(hThread);
		return false;
	}

	std::cout << "Handle Count: " << objInfo.HandleCount << std::endl;

	if (objInfo.HandleCount > 1)
	{
		CloseHandle(hThread);
		return true;
	}

	CloseHandle(hThread);
	return false;
}

 

  • Author
21 hours ago, karan said:

Among the anti-debug techniques, there's an interesting one worth noting.

A dummy thread is created and then it calls Sleep(0x32).
(The goal is for the created thread to be detected by tools like x64dbg.)

Then, it calls NtQueryObject with the ObjectBasicInformation class using the thread handle.

If the returned HandleCount is greater than 1, it determines that debugging is in progress.

 

void dummy()
{
	Sleep(8000);
}

bool CheckCreateThreadHandleCount()
{
	HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)dummy, NULL, 0, NULL);
	if (hThread == NULL)
	{
		return false;
	}

	Sleep(0x32);

	PUBLIC_OBJECT_BASIC_INFORMATION objInfo;

	NTSTATUS status = NtQueryObject(hThread, ObjectBasicInformation, &objInfo, sizeof(objInfo), NULL);

	if (!NT_SUCCESS(status))
	{
		CloseHandle(hThread);
		return false;
	}

	std::cout << "Handle Count: " << objInfo.HandleCount << std::endl;

	if (objInfo.HandleCount > 1)
	{
		CloseHandle(hThread);
		return true;
	}

	CloseHandle(hThread);
	return false;
}

 

You are wonderful.

time to add new anti-dbg trick into ScyllaHide plugin :) !?!?

 

2 hours ago, boot said:

I have also released a simple demo version plugin.

This is a protected example.

Could you upload it to mediafire, mega or google drive? i am not from china and i have not been able to download your examples. If you can upload the plugin and the protected example would be great, thank you.

  • 1 month later...
On 3/12/2025 at 2:41 PM, Noob boy said:

This is a sample encrypted by default and without anti-debugging enabled.WinLicense3.22.rar
6FF2-7FBC-317A-E404-40AC-57D7-D049-706D

@bootHi~ Expert, can Lengyue's WinLicense v3.2.2 be bypassed? If not, can you try my default encryption version?

On 3/21/2025 at 8:15 AM, karan said:

Then, it calls NtQueryObject with the ObjectBasicInformation class using the thread handle.

If the returned HandleCount is greater than 1, it determines that debugging is in progress.

smth is wrong with your code

I tried sample consle app and it prints 2 when  being ran without debugger and  4  when unde4 MS VS...

are you sure this is reliable new anti-debug way?

On 5/7/2025 at 6:20 AM, jackyjask said:

smth is wrong with your code

I tried sample consle app and it prints 2 when  being ran without debugger and  4  when unde4 MS VS...

are you sure this is reliable new anti-debug way?

bool CheckCreateThreadHandleCount()
{
	PUBLIC_OBJECT_BASIC_INFORMATION objInfo = {};
	HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)dummy, NULL, 0, NULL);
	if (hThread == NULL)
	{
		return false;
	}

	NTSTATUS status = NtQueryObject(hThread, ObjectBasicInformation, &objInfo, sizeof(objInfo), NULL);

	if (!NT_SUCCESS(status))
	{
		CloseHandle(hThread);
		return false;
	}

	DWORD HandleCount = objInfo.HandleCount;

	Sleep(0x32);

	objInfo = {};

	

	status = NtQueryObject(hThread, ObjectBasicInformation, &objInfo, sizeof(objInfo), NULL);

	if (!NT_SUCCESS(status))
	{
		CloseHandle(hThread);
		return false;
	}

	std::cout << "Handle Count: " << objInfo.HandleCount << std::endl;

	if (objInfo.HandleCount != HandleCount)
	{
		CloseHandle(hThread);
		return true;
	}

	CloseHandle(hThread);
	return false;
}

 

thanks, I see updated algo above, I'll give it a try today

 

OK, 2nd function OK but IMHO it's risky to use it, here is why:

NtQueryObject:

- This function may be changed or removed from Windows without further notice.

- This function has no associated header file or import library. You must use the LoadLibrary or GetProcAddress function to dynamically link to Ntdll.dll.

- not clear what Windows versions supports it (no info in MSDN)

- if you try the ObjectTypeInformation type you'll get error 0xc000004

 

Minimum supported clientWindows 2000.

 

OK! sounds better

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.