Comments on: Tutorial #8: Frame Of Reference

By: equal

equal — Mon, 16 Sep 2013 03:22:47 +0000

Im having trouble when loading the Crackme3_patched version at the dawn part of the tutorial, the windows is showing an error like this “Unable to terminate process ‘Crackme_patched1′.Operating system reports error ERROR_INVALID_HANDLE”. Please someone help me and advance thank you
Thanks a lot also to r4ndom

By: Artur Szymczak

Artur Szymczak — Thu, 12 Sep 2013 09:17:22 +0000

Ok, responding to myself… I was using short data for registration (ajes and 1234) and this moves me to first BP at 401243. But if I use data provided by R4ndom, then it really shows bad guy message.

By: Artur Szymczak

Artur Szymczak — Wed, 11 Sep 2013 14:55:37 +0000

Sorry, but it still doesn’t work as R4ndom said in tutorial.

By: Artur Szymczak

Artur Szymczak — Wed, 11 Sep 2013 14:51:42 +0000

For those, who are looking orginal crackme, I think, I have found it here: http://www.woodmann.com/crackz/Tutorials/Cruehds.htm Try crackme1.exe

By: Artur Szymczak

Artur Szymczak — Wed, 11 Sep 2013 14:43:40 +0000

Hi,

there is problem with this crackme, or tutorial, because you wrote:
“Set another breakpoint on the JE instruction and re-start (or run) the app. Click on “Help”->”Register” in the crackme program, enter a username and a serial, and click OK.”

And according your tutorial:
“Woah! Wait a second! We got the bad boy message and Olly never broke? That means Olly never reached our breakpoint! What is going on here.”

But in my case, program stoped at BP at JE (addres: 00401243). Am I missing something?

By: Raider

Raider — Tue, 07 May 2013 10:58:02 +0000

Great tutorial, but the patch isn’t complete.

By: Deq

Deq — Wed, 17 Apr 2013 10:48:31 +0000

Same for me.

By: Khargas1337

Khargas1337 — Sat, 23 Mar 2013 19:41:30 +0000

It said “Great Work” to me at the first JE and why it says “Not mate” in the post ?

By: Lex

Lex — Thu, 31 Jan 2013 01:58:18 +0000

R4ndom,

You sorta thru me off this one, although i follow what you were sayingm i was looking to emulate it to the “t” as everyone else mentioned the bad boy message never appeared agin after first break, but hey man, i can complain u are the best teaching it right now

By: Anonymous

Anonymous — Tue, 15 Jan 2013 15:51:39 +0000

I think you missed out a step at the end where you patch the JE instruction. It sounds like you’re saying that we somehow need to patch the flags register so that the Z flag is modified every time the program is run:

“Now the problem is that since we changed the flag on the fly, when the app is run again it will not change that flag again, so we will get the bad message. What we need to do is somehow save that change so that every time the program is run, we can force it to make that jump. This is where patching comes in.”