cyriel's cm01
| Download cm01.zip, 6 kb (password: crackmes.de) Browse contents of cm01.zip My first cm... A bit original(I hope so). Na packers/protectors, 1 easy anti-debug protection.
Difficulty: 2 - Needs a little brain (or luck) | Send a message to cyriel » View profile of cyriel » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| rdk3020 28. Oct 2008 | Hi cyriel, I find interesting your keyfindme. But I believe your program has an design mistake at the very end: 00BE13BA . 6A 00 PUSH 0 ; /pBytesWritten = NULL 00BE13BC . 6A 04 PUSH 4 ; |BytesToWrite = 4 00BE13BE . 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14] ; | 00BE13C2 . 50 PUSH EAX ; |Buffer 00BE13C3 . 68 D4134000 PUSH 4013D4 ; |Address = 4013D4 00BE13C8 . 51 PUSH ECX ; |hProcess => FFFFFFFF 00BE13C9 . 885424 23 MOV BYTE PTR SS:[ESP+23],DL ; | 00BE13CD . FF15 1830BE00 CALL DWORD PTR DS:[<&KERNEL32.WriteProcessMemory>] ; \WriteProcessMemory 00BE13D3 > 68 00007E00 PUSH 7E0000 00BE13D8 . FFD5 CALL EBP When @ 00BE13C3 you PUSH 4013D4 (The destination address) to WriteProcessMemory. You are pushing a CONSTANT ADDRESS (an address valid only at a particular run time) not an OFFSET. And that CONSTANT is supposed to modify PUSH 7E0000 @ 00BE13D3. To correctly push the address of the "Well done :)" string for the CALL EBP (printf) @ 00BE13D8. But hey I am a newb so please tell me if my statements are not correct. |
|---|
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.