Cracking Digital Insight Win32ASM Crackme 2.0

Introduction

It's morning, I'm tired after coding for a few hours. Being the bored
motherfucker I am, I payed a visit to http://crackmes.cjb.net and downloaded
Eddie Van Camper's crackme in order to crack it. Now I'm writing a tutorial
about it so you'll have some stuff to read :)

Tools used...

Well the only tool I used to crack this simple crackme was Interactive
Disassembler (IDA).

Cracking...

We launch IDA and open WIN32CM2.EXE . It's a small executable (4Kb) so it's
pretty fast disassembled and ready for our exploration. We see a small
start code that gets the module handle's into a variable, calls WinMain
and exits. We go into WinMain. Looks like the crackme registers a class
with classname "AtomDlg", creates a window and goes into a message loop.
Let's look in the WndProc (we get the WndProc from the class information).

At start, the window procedure compares its uMsg parameter to 1
(WM_CREATE).. We emulate Windows in our minds now, so we follow the
WM_CREATE code. We see the crackme uses an API, RegisterWindowMessage,
to create a new message, and stores it in virtual address 0x403014,
then continues with the regular WndProc stuff.

Wandering around the crackme, we arrive an interesting code section. In
this section, the crackme processes the new message it created (Virtual
address 0x40116C). We see it calls GlobalGetAtomName, with parameters
of wParam and a buffer, and a maximum length of 16 bytes. Then it compares
the buffer to the string "I Am Registered", notice this comparison is
case insensitive. If the string matches, we are registered, and solved this
crackme.

Now we need to write some kind of programme that will:
a) Initialize a global atom called "I Am Registered"
b) Get the special message value from the crackme's memory
c) Send this message to the crackme, with wParam set to the atom value

From here it's trivial to write such a programme.

P.S. : For you guys who wonder what those APIs mean, read about them
in MSDN.

Next time, DEATH