![]() ![]() Immediately after that, the routine then calls IsDebuggerPresent and sets a flag if a debugger is detected: 00409C41 mov eax, Ġ0409C4A mov, 1įinally, if the flag is set, the crackme kills the registration window: 00409CB9 mov dword ptr, 0 hWnd The AntiRevIDP(void) then loads the procedure IsDebuggerPresent: 00409C20 mov, eaxĠ0409C38 mov, eax This nasty routine builds the String IsDebuggerPresent by sampling characters from the hardcoded string. The routine dynamically loads the kernel32.dll: 00409BCD mov dword ptr, 0 dwFlagsĠ0409BD5 mov dword ptr, 0 hFileĠ0409BDD mov dword ptr, offset LibFileName "kernel32.dll" The first anti-debugging check is in subroutine AntiRevIDP(void), at offset 00409B8E. The crackme has a couple of anti-debugging checks that need addressing first. Goal is to get to correct input, thanks for reversing! Anti-Debugging Hey reversers, welcome to my third crack me. The crackme is written in C/C++ and runs on Windows. The crackme s!mple Crack Me v0.3 by simple_re has been published February 14, 2013. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |