Home > Cloud Computing > Cloud Security

Anti-debugging CM

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Author: riusksk
Time: 2009-10-27,13: 01
Chain: http://bbs.pediy.com/showthread.php? T = 100167

[Break text title] defend against a anti-debugging CM
[Author] riusksk (quange)
[Author email] riusksk@qq.com
[Author's homepage] http://riusksk.blogbus.com
[Cracking tool] OD
[Cracking platform] Windows Vista
[Software name] KGM1Tal.exe
[Software size] 4.00 KB
[Software Download] CM.rar
[Protection mode] No shell
[Software Overview] CM written by foreigners
[Cracking statement] It is purely an interest and has no other purpose. If any error occurs, please point it out!
[Cracking process] cracking
Open CM, enter the username riusksk, password: 78787878, and click "register". The system prompts "Try Again, something did not work right. "So after loading F9 with OD, use the" super character reference + "plug-in to search for a string and double-click the string" Try Again, something did not work right. ", search up,:
004014CE/$ BE 23304000 mov esi, KGM1Tal. 00403023
004014D3 |. A1 4A304000 mov eax, dword ptr ds: [40304A]
004014D8 |. 8A5E 09 mov bl, byte ptr ds: [ESI + 9]
004014DB |. 38D8 cmp al, BL
004014DD |. 75 16 jnz short KGM1Tal. 004014F5
004014DF |. B8 6C304000 mov eax, KGM1Tal. 0040306C; great job!
004014E4 |. 8BD8 mov ebx, EAX
004014E6 |. 83C3 0B add ebx, 0B
004014E9 |. 6A 00 PUSH 0;/Style = MB_ OK | MB_APPLMODAL
004014EB |. 50 push eax; | Title => "Great Job! "
004014EC |. 53 push ebx; | Text => "You have completed Key Gen Me #1 ."
004014ED |. 6A 00 PUSH 0; | hOwner = NULL
004014EF |. E8 B4000000 CALL <JMP. & user32.MessageBoxA>; MessageBoxA
004014F4 |. C3 RETN
004014F5 |> 6A 00 PUSH 0;/Style = MB_ OK | MB_APPLMODAL
004014F7 |. 68 C2304000 PUSH KGM1Tal. 004030C2; | not this time.
004014FC |. 68 99304000 PUSH KGM1Tal. 00403099; | try again, something did not work right.
00401501 |. 6A 00 PUSH 0; | hOwner = NULL
00401503 |. E8 A0000000 CALL <JMP. & user32.MessageBoxA>; MessageBoxA
00401508 |. 6A 00 PUSH 0;/ExitCode = 0
0040150A. E8 A5000000 CALL <JMP. & kernel32.ExitProcess>; ExitProcess
Because 004014CE comes from 004012ED, go to 004012ED and search up. Here:
004012AE. FF35 3C304000 push dword ptr ds: [40303C];/Count = 1E (30 .)
004012B4. 68 00304000 PUSH KGM1Tal. 00403000; | Buffer = KGM1Tal. 00403000
004012B9. 68 EC030000 PUSH 3EC; | ControlID = 3EC (1004 .)
004012BE. FF75 08 push dword ptr ss: [EBP + 8]; | hWnd
004012C1. E8 D6020000 CALL <JMP. & user32.GetDlgItemTextA>; GetDlgItemTextA, get the username
004012C6. FF35 40304000 push dword ptr ds: [403040];/Count = 14 (20 .)
004012CC. 68 23304000 PUSH KGM1Tal. 00403023; | Buffer = KGM1Tal. 00403023
004012D1. 68 ED030000 PUSH 3ED; | ControlID = 3ED (1005 .)
004012D6. FF75 08 push dword ptr ss: [EBP + 8]; | hWnd
004012D9. E8 BE020000 CALL <JMP. & user32.GetDlgItemTextA>; GetDlgItemTextA, get password
004012DE. E8 4F000000 CALL KGM1Tal. 00401332
004012E3. 68 53304000 PUSH KGM1Tal. 00403053; zwatrqlcghpsxyenvbjdfkmu
004012E8. E8 C9000000 CALL KGM1Tal. 004013B6
004012ED. E8 DC010000 CALL KGM1Tal. 004014CE
However, if you are disconnected from GetDlgItemTextA or 004012DE, the prompt box Indicating the previous failure will still pop up. Therefore, I will switch to message breakpoint here.
Reload CM, run F9, and view the window:
Certificate ----------------------------------------------------------------------------------------------------------------------------------------------------

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
usaa cm cm applock cm ss cm updater teamviewer cm vistaprint cm cm theme manager

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More