A littile bit of how I did task #1
Thursday, 18-Mar-99 06:48:16 Greetings everybody, Since the cat is now out of the bag and it is becoming, unfortunately, a free for all, I hope what I will say here will be of some use some newbis. Using W32dasm, first I took a look at the import function list and located a promissing function called lstrcmpA and placed a break on it. Then I took a look at the Dialog References and found one, Dialog: CRACKME1, CONTROL_ID:00CA, and I placed a break on it.Then ruan the program and started gamme one. W23dasm stopped at 401d43. A few instructions further I found: 401d50 cmp ax 16 401d54 jne00401da3 This jump couses the program to by pass the lstrcmpA location. This convinced me that the 16h is the length of the seraial number. I entered a serial number of 16h (22) characters and restared the porgram. Sure this time it stopped at the lstrcmpA function at 401d77 and there you have it: EBX holds the real serial nuber and memory location403935 has your fake number. The reason you know these two locations are the ones to look at, is the fact that both were pushed before the call to compare was made, and If you are using W23dasm it will display an API window showing both numbers. Best regards, Joseph Joseph |
Joseph's Thread Task1 finishe (Joseph) (17-Mar-99 06:14:49) |