I suggest you to forget about these cryptos if you don't know them already (you will probably lose too much valuable time on trying to learn them all at one shot).
What you should do in my opinion is not reversing the checksum scheme but
find its place of execution.
I would consider the following: (separate ideas, not ordered)
1. Check if the main file size is being verified (by itself or separate process/thread). Is it? Then WHERE?
2. Check if the main file is being read (by itself/process/thread). WHERE?
3. Backtrace the code. This is my favorite method and the most effective if it comes to my experience (e.g. all nowadays anti-xxx tricks can be analyzed this way with easy). The disadvantage is that your memory (brain memory) must be very deep since you have to perform back-step-trace. If you aren't experienced with such an analysis then you can still perform it by noticing everything what happens on a sheet... but usually it's a serious amount of different information (APIs/offsets/data/calls/jmps and finally: the contexture).
Try the first two and let us know about the results, sheriff
By the way, the following fragment is my ExeTools 2005 Golden Quote: (you did not edit your post)
Quote:
I was stoned when i checked my dump!!! Check the attachment!!
I could not upload the attachment, so here are the cryptos.
|
If the software isn't big can you upload it somewhere (dump+data needed to run it... We may take a look on it)?
JMI: what about an idea of adding a sticky with similar stuff (like Golden Thread/Post/Answer)? You can even add some voting system...
Regards.