home *** CD-ROM | disk | FTP | other *** search
/ KeyGen Studio 2002 / KeyGen_Studio_2002.iso / Tutorials / Code Inside / Tut39.txt < prev    next >
Encoding:
Text File  |  2001-09-21  |  5.0 KB  |  126 lines
  1. **************************************************************************************************************
  2.                     Win32Asm CrackMe 3
  3. **************************************************************************************************************
  4.  
  5. Author:        Acid_Cool_178
  6. Protection:    CD-Check
  7. URL:        http://members.nbci.com/_XMCM/norskehf/crackmes/asm/ac_crackme_03.zip
  8. Tools:        W32Dasm v8.93
  9.         Hex-Editor
  10.  
  11.  
  12. --->    Intro...
  13.  
  14. Welcome to my next Tutorial !!!
  15. Well, another CD-Check CrackMe, with a little bug (Well actually a big bug) ;)
  16.  
  17.  
  18. --->    Let's Begin...
  19.  
  20. Ok, open the CrackMe and you'll get a Message Box saying:
  21.  
  22. "Sorry, CD-Rom are NOT in Your CD-Rom Drive"
  23. "Nah"
  24.  
  25. Hmm, press the Button "Ok" and, whoops... we'll get the same Message Box again =/
  26. Press "Ok" and again the same Message Box...
  27. Here's the first bug, this CrackMe keeps looping ;)
  28. Ok, get out of the CrackMe (CTRL+ALT+DEL or some program like ProcDump to Kill the task).
  29. And disassemble the CrackMe in W32Dasm.
  30. Now click on "Strn Ref" (String Data References) and double click no the line:
  31.  
  32. "Sorry, CD-Rom are NOT in Your "
  33.  
  34. And you'll see this:
  35.  
  36. --------------------------------------------------------------------------------------------------------------
  37.  
  38. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  39. |:00401014(C)
  40. |
  41. :0040102B 6A00                    push 00000000            <---------------
  42.                                         |
  43. * Possible StringData Ref from Data Obj ->"Sorry, CD-Rom are NOT in Your "    |
  44.                                         ->"CD-Rom Drive"            |
  45.                                   |                        |
  46. :0040102D 6800304000              push 00403000                    |
  47.                                         |
  48. * Possible StringData Ref from Data Obj ->"Nah"                    | - Good Message Box
  49.                                   |                        |
  50. :00401032 682B304000              push 0040302B                    |
  51. :00401037 6A00                    push 00000000                    |
  52.                                         |
  53. * Reference To: USER32.MessageBoxA, Ord:01BBh                    |
  54.                                   |                        |
  55. :00401039 E80E000000              Call 0040104C            <---------------
  56. :0040103E EB00                    jmp 00401040            <--- Jump to next Instruction
  57.  
  58. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
  59. |:00401029(U), :0040103E(U)
  60. |
  61. :00401040 EBC3                    jmp 00401005            <--- Jump to GetDriveTypeA
  62.  
  63. --------------------------------------------------------------------------------------------------------------
  64.  
  65. Notice the (C)onditional jump from Offset 00401014 :)
  66. (Btw also notice the "jmp 00401040" it jumps actually to nowhere and just continues, then it
  67. jumps back to 00401005, weird ;).
  68. Let's take a look at 00401014, so scroll a bit up and you'll see this:
  69.  
  70. --------------------------------------------------------------------------------------------------------------
  71.  
  72. :00401005 685C304000              push 0040305C
  73.  
  74. * Reference To: KERNEL32.GetDriveTypeA, Ord:00F0h
  75.                                   |
  76. :0040100A E849000000              Call 00401058
  77. :0040100F 83F805                  cmp eax, 00000005        <--- Compare EAX with 00000005 (CD-Rom?)
  78. :00401012 7402                    je 00401016            <--- If equal Jump to the Good Message Box
  79. :00401014 7515                    jne 0040102B            <--- If not equal Jump to the Bad Message Box
  80.  
  81. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  82. |:00401012(C)
  83. |
  84. :00401016 6A00                    push 00000000            <---------------
  85. :00401018 6838304000              push 00403038                    |
  86.                                         |
  87. * Possible StringData Ref from Data Obj ->"Well DoneCongratZ, NC Crackme "    |
  88.                                         ->"1 are completedc:\"            |
  89.                                   |                        |
  90. :0040101D 682F304000              push 0040302F                    | - Good Message Box
  91. :00401022 6A00                    push 00000000                    |
  92.                                         |
  93. * Reference To: USER32.MessageBoxA, Ord:01BBh                    |
  94.                                   |                        |
  95. :00401024 E823000000              Call 0040104C            <---------------
  96. :00401029 EB15                    jmp 00401040            <--- Jump to the Jump to GetDriveTypeA, hmm :)
  97.  
  98. --------------------------------------------------------------------------------------------------------------
  99.  
  100. As you can see (If you read my previous Tutorial for Acid_Cool_178's Win32Asm CrackMe 2) then it
  101. goes exactly the same ;)
  102. I'm not going to explain it all twice ;) i'll just say try to do it yourself with the help of
  103. my previous Tutorial :)
  104. But notice this other jump (jmp 00401040) at Offset 00401029, it jumps back to the beginning of GetDriveTypeA.
  105. And so it keeps looping :)
  106. You can easily patch that, to make it jump to ExitProcess, but i'll leave that up to you ;)
  107. That's All...
  108.  
  109.  
  110. --->    Greetings...
  111.  
  112. To be honest i'm getting a bit sick of these greetings everytime ;P
  113. So i'll just say:
  114.  
  115. Greetings to everyone i know, and to everyone who knows me, and You... ;P
  116.  
  117.  
  118.             Don't trust the Outside, trust the InSiDe !!!
  119.  
  120.                       Cya...
  121.  
  122.                     CoDe_InSiDe
  123.  
  124.  
  125. Email:    code.inside@home.nl
  126. Homepage: http://codeinside.cjb.net