Cheat Engine

&Vage · Posted: Sat Dec 12, 2009 6:25 pm Post subject: Crackme

http://massmirror.com/5a5d2dacf430debec436cedfdcec48b1.html

&Vage · Posted: Tue Dec 15, 2009 3:24 pm Post subject:

Lol no one?

SunBeam · Posted: Tue Jan 05, 2010 6:20 am Post subject:

SEH?

Nice..

haha01haha01 · Posted: Wed Jan 06, 2010 11:30 am Post subject:

DoomsDay · Posted: Wed Jan 06, 2010 12:29 pm Post subject:

Cracking is easy... I'll find the time to dig into that password later...
As for a patching solution:
mov [403096],401760 (instead of 401740)

haha01haha01 · Posted: Wed Jan 06, 2010 1:33 pm Post subject:

Okay, I managed to download it. That's one complicated shit over there, lol.

It looks like everything is happening at 401030, but all that function looks so random. It loops n times and in each loop it:
1.grabs a byte from an offset decided in the previous loop (EAX as base+EDI as offset)
2.do some sort of a pointless loop that makes ESI = the byte we took before -1 (unless that byte is over 1C, in which case it jumps to stage 4)
3.pushing EDI as argument and calling the ESIth DWORD from an array of functions (one of them writing the 40173F that later turns into 401740 into the CONTEXT structure in the stack)
4.add some byte (the result of the function from stage 3?) to EDI

So basically in that function almost everything is decided by the result of the previous loop, even the functions to call and all. and we need that when it reaches the function at 401320 (was round #5 for me, not sure if it's constant, pretty sure it's not) EDI will be 15 instead of 11 (then the correct pointer is written and were correct).

&Vage · Posted: Fri Jan 08, 2010 3:49 pm Post subject: