At only 11k, this crackme is a real pain. It's a puzzle from you must supply an input file that coerces the crackme into displaying a message box (the usual user32!MessageBoxA). There is some anti-debug. The calculation is based on the bytes of the executabe memory image, so it will change if BPX's are present. The code itself has int3 and a handler for int3, making you wonder how much the cme behavior will intersect with your debugger. The DRx registers are used as the area for calculations, an obstacle for BPM. It also depends on the trap flag being set in certain places, so single-stepping is not an easy option. Though I lost alot of time on it, it forced me to learn alot about my debugger (making it pass and handle certain exceptions, tracing SEH, etc.) For some reason, I find jE!'s comments very entertaining:
U must buid KEY-file, which forces cr0ckme to show msgbox: WOW! CONGRATULATIONZ! main cr0ckme idea is playing with SEHs.. (look at comment in code below) after i imagined some fun-way to call MessageBox.. fun is fun, but what for U!? btw, maybe i will call it 'READY-STACK' & write another cr0ckme on this idea! so i mostly removed my-fun! U must discover that fun-way first! (info leaved should be enough.. U need fUntaziE+LogiQ, have U!?) then you need discover main ck0ckme idea.. o-o-o!
No comments:
Post a Comment
thanks for commenting!