downloadbrowseiSSoGoo's .dll .disaster

Download dll_disaster_issogoo.zip, 25 kb (password: crackmes.de)
Browse contents of dll_disaster_issogoo.zip

Task:
In this Crackme I wanted to show you how you could use some 'leftovers' to exploit a program.
Your task is to find the right place to 'inject' your .dll file and let the program show the goodboy-message.

Rules:
The rules are simple: Don't change anything (neither the .exe nor the .dll that are included)!
No Patching, no loaders, no WriteProcessMemory etc.
I wrote my own solution and it's less than 20-30 lines of code (Assembler).

Notes:
This one is easy, so it's doable for beginners, too. It has a 2/10 rating, but I thinks somewhere between 1 and 2.

Tested under:
'Win7 SP1 x64' and 'WinXP SP3'

Contact:
issogoo(at)gmail.com

Difficulty: 2 - Needs a little brain (or luck)
Platform: Windows
Language: Assembler

Published: 09. Apr, 2013
Downloads: 170

Rating

Waiting for at least 3 votes
(we have only 2).

Rate this crackme:

Send a message to iSSoGoo »

View profile of iSSoGoo »

Solutions

There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!

Submit your solution »

Discussion and comments

iSSoGoo
Author
12. Apr 2013		Mhh, sounds interesting, but there are two problems:

1. It's against the rule "Don't change anything"! You are only allowed to change things on the "User-Side" (The Textbox and the button).

2. Even if you were allowed to change the value at that address to zero (or whatever you want) it won't work ;)
iSSoGoo
Author
12. Apr 2013		2. ...at leat "MOV [00403282], 0" would not result in "00000000" ;)
zairon
Moderator
12. Apr 2013		I accidentally removed the first message, sorry.
The user suggested to solve the crackme using a "MOV [00403282], 0" patch
redoC
12. Apr 2013		I can confirm that dll leftovers are often treacherous :o)))

inject_here.dll:DllMain() ...
dwSerial = DWORD[0x403282] + 0x00CAFFEE;
sprintf (szSerial, "%08X", dwSerial);
SetDlgItemText (hDlg, 2001, szSerial);
iSSoGoo
Author
12. Apr 2013		@redoC

Well done ;) You even dodged my little Anti-Debugging protection, or used the right plugin ;)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.