Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   CrackMe #1. Can you defeat it? (https://forum.exetools.com/showthread.php?t=8315)

anorganix 10-15-2005 21:49
CrackMe #1. Can you defeat it?
 
Hi guys!
I'm not sure where to post this, but here it goes. I hope that it's not too lame for you...

Grab it from:
http://rapidshare.de/files/6307482/anx_CrackMe.zip.html

Enjoy! :D

hosiminh 10-16-2005 00:20
crackmes.de ?!

Quote:
00454983 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-C]

Stack SS:[0012FDE8]=00962440, (ASCII "45223981423944832649321")
EAX=00000000

MaRKuS-DJM 10-16-2005 01:13
this is a very easy one. you can sniff serials from the address hosiminh posted. dunno how this improves knowledge...

anorganix 10-16-2005 02:31
He, he, that was a fast one!

Good job...

I got my attention on defeating (or at least try to) programs like LordPE dump, DeDe, GUW32, ImpRec, Win32Intro, PEiD unpack.

Try dumping the CrackMe from memory with LordPE or try using it with ImpRec, and you will understand my point.

WerEsT 10-16-2005 03:08
anorganix

0012FDE8 008D2440 ASCII "4239498145623523235352"
0012FDEC 008D3B9C ASCII "2535323253265418949324"
0012FDF0 008D4AE8 ASCII "4239498145623523235352"

=)

Darus 10-16-2005 15:50
i use imprec for dump and import rebuilding and have no problems ???
edit :
oh ok i dump and rebuild at oep so your anti imprec doesn't work
anti-xxx by FindWindow
Code:
008D2450                          47 55 57 33 32 20 76 31          GUW32 v1
008D2460  18 00 00 00 2B 00 00 00 00 00 00 00 19 00 00 00  ...+..........
008D2470  5B 20 4C 6F 72 64 50 45 20 44 65 6C 75 78 65 20  [ LordPE Deluxe
008D2480  5D 20 62 79 20 79 6F 64 40 00 00 00 37 00 00 00  ] by [email protected]...
008D2490  00 00 00 00 25 00 00 00 44 65 44 65 20 33 2E 35  ....%...DeDe 3.5
008D24A0  30 2E 30 32 20 28 63 29 20 31 39 39 39 2D 32 30  0.02 (c) 1999-20
008D24B0  30 32 20 62 79 20 44 61 46 69 78 65 74 00 00 00  02 by DaFixet...
008D24C0  1B 00 00 00 00 00 00 00 0A 00 00 00 50 45 69 44  ...........PEiD
008D24D0  20 76 30 2E 8C 00 00 00 47 00 00 00 00 00 00 00  v0.Œ...G.......
008D24E0  37 00 00 00 49 6D 70 6F 72 74 20 52 45 43 6F 6E  7...Import RECon
008D24F0  73 74 72 75 63 74 6F 72 20 76 31 2E 36 20 46 49  structor v1.6 FI
008D2500  4E 41 4C 20 28 43 29 20 32 30 30 31 2D 32 30 30  NAL (C) 2001-200
008D2510  33 20 4D 61 63 6B 54 2F 75 43 46                3 MackT/uCF

anorganix 10-17-2005 04:36
Just my bad luck!
 
Looks like my "DetectDumper" does not work at all...

Stay alert, I'm gonna release CrackMe #2 soon :D

Best Regards.

Darus 10-17-2005 17:10
take time :)
your anti dumper must be in the loader of the packer to be effective (a little bit ;))
and before the decompression to prevent dumping.
You can modify pe header too.
Read tuts about antiXXX


All times are GMT +8. The time now is 01:40.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX