Thema: 3.Crackme
Einzelnen Beitrag anzeigen
Alt 02.05.09, 15:42   #4 (permalink)
90nop
 
Registriert seit: 07.03.08
90nop Leistung: Facit NTK
Likes: 0
Standard
patch   

Ganz zu Begin sieht man folgendes:
Code:
CPU Disasm
Address   Hex dump          Command                                  Comments
00A81000      68 E020A800   PUSH OFFSET crackme_20090501.00A820E0    ; ASCII "PW leider falsch"
00A81005      FF15 A020A800 CALL DWORD PTR DS:[<&MSVCR90.puts>]
00A8100B      68 F420A800   PUSH OFFSET crackme_20090501.00A820F4    ; ASCII "pause"
00A81010      FF15 AC20A800 CALL DWORD PTR DS:[<&MSVCR90.system>]
00A81016      83C4 08       ADD ESP,8
00A81019      C3            RETN
00A8101A      CC            INT3
00A8101B      CC            INT3
00A8101C      CC            INT3
00A8101D      CC            INT3
00A8101E      CC            INT3
00A8101F      CC            INT3
00A81020  /.  68 FC20A800   PUSH OFFSET crackme_20090501.00A820FC    ; ASCII "PW richtig"
00A81025  |.  FF15 A020A800 CALL DWORD PTR DS:[<&MSVCR90.puts>]
00A8102B  |.  68 F420A800   PUSH OFFSET crackme_20090501.00A820F4    ; ASCII "pause"
00A81030  |.  FF15 AC20A800 CALL DWORD PTR DS:[<&MSVCR90.system>]
00A81036  |.  83C4 08       ADD ESP,8
00A81039  \.  C3            RETN
00A8103A      CC            INT3
00A8103B      CC            INT3
00A8103C      CC            INT3
00A8103D      CC            INT3
00A8103E      CC            INT3
00A8103F      CC            INT3

Einfachste Methode ist hier einfach 00A81000 zu nem JMP der auf die Goodboy zeigt zu patchen.

Code:
CPU Disasm
Address   Hex dump          Command                                  Comments
00A81000      EB 1E         JMP SHORT 00A81020
00A81002      90            NOP
00A81003      90            NOP
00A81004      90            NOP
00A81005      90            NOP
00A81006      90            NOP
00A81007      90            NOP
00A81008      90            NOP
00A81009      90            NOP
00A8100A      90            NOP
00A8100B      90            NOP
00A8100C      90            NOP
00A8100D      90            NOP
00A8100E      90            NOP
00A8100F      90            NOP
00A81010      90            NOP
00A81011      90            NOP
00A81012      90            NOP
00A81013      90            NOP
00A81014      90            NOP
00A81015      90            NOP
00A81016      90            NOP
00A81017      90            NOP
00A81018      90            NOP
00A81019      90            NOP
00A8101A      CC            INT3
00A8101B      CC            INT3
00A8101C      CC            INT3
00A8101D      CC            INT3
00A8101E      CC            INT3
00A8101F      CC            INT3
00A81020  /.  68 FC20A800   PUSH OFFSET crackme_20090501.00A820FC    ; ASCII "PW richtig"
00A81025  |.  FF15 A020A800 CALL DWORD PTR DS:[<&MSVCR90.puts>]
00A8102B  |.  68 F420A800   PUSH OFFSET crackme_20090501.00A820F4    ; ASCII "pause"
00A81030  |.  FF15 AC20A800 CALL DWORD PTR DS:[<&MSVCR90.system>]
00A81036  |.  83C4 08       ADD ESP,8
00A81039  \.  C3            RETN
00A8103A      CC            INT3
00A8103B      CC            INT3
00A8103C      CC            INT3
00A8103D      CC            INT3
00A8103E      CC            INT3
00A8103F      CC            INT3
:)
90nop ist offline   Mit Zitat antworten
 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61