Comments on: R4ndom’s Tutorial #9: No Strings Attached http://thelegendofrandom.com/blog/archives/654 Programming and Reverse Engineering Wed, 18 Sep 2013 02:04:37 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Ray http://thelegendofrandom.com/blog/archives/654#comment-85087 Ray Mon, 16 Sep 2013 21:01:58 +0000 http://thelegendofrandom.com/blog/?p=654#comment-85087 “The Legend Of Random” is awesome! Thank you for these excellent tutorials! With your guidance I managed to hack one legit piece of software I paid to have on my office PC to be able to use it on my home laptop – no harm done – I am not publishing the patch online – and I was successful though I had covered tutorials just up to number 9 – isn’t that great :) – actually your tutorials are great, not me :) thank you for sharing your knowledge in such a friendly manner!

]]>
By: 眼鏡 オークリー http://thelegendofrandom.com/blog/archives/654#comment-84222 眼鏡 オークリー Tue, 10 Sep 2013 00:59:59 +0000 http://thelegendofrandom.com/blog/?p=654#comment-84222 サングラス オークリー

]]>
By: Nillyhan http://thelegendofrandom.com/blog/archives/654#comment-70532 Nillyhan Sat, 01 Jun 2013 16:36:42 +0000 http://thelegendofrandom.com/blog/?p=654#comment-70532 Bro the pdf download file of it is corrupted….pls help.

]]>
By: captainskybeard http://thelegendofrandom.com/blog/archives/654#comment-69771 captainskybeard Tue, 28 May 2013 13:27:35 +0000 http://thelegendofrandom.com/blog/?p=654#comment-69771 Well I tried it on another system and it works fine. I would definitely like to know what the heck was going on with the first one. It also prevented me from saving my patches, saying it could not find the code in the executable.

]]>
By: captainskybeard http://thelegendofrandom.com/blog/archives/654#comment-69603 captainskybeard Mon, 27 May 2013 17:43:03 +0000 http://thelegendofrandom.com/blog/?p=654#comment-69603 Something is going on here that I can’t figure out. It hasn’t happened for any other tutorial. I am not starting in the crackme6.exe code, I am starting in ntdll_1a instead. I can still “go to” the section at 401000, and set a breakpoint for it which it does hit (but I get a nasty warning when I set it).

When I a search for strings or search for intermodule calls I get totally different results than what was pictured. Any thoughts? Do you think security software on my PC is interfering?

]]>
By: Adwiteeya Agrawal http://thelegendofrandom.com/blog/archives/654#comment-49984 Adwiteeya Agrawal Thu, 02 May 2013 20:45:18 +0000 http://thelegendofrandom.com/blog/?p=654#comment-49984 Great Tutes man!! Thanks a lot :)

]]>
By: infestor http://thelegendofrandom.com/blog/archives/654#comment-15263 infestor Fri, 01 Feb 2013 00:34:16 +0000 http://thelegendofrandom.com/blog/?p=654#comment-15263 looks like the EAX shows the function result as a size in bytes
each letter/sign in a textfield is a byte so
EAX shows how long is our password

]]>
By: maxluvr1981 http://thelegendofrandom.com/blog/archives/654#comment-9701 maxluvr1981 Wed, 12 Dec 2012 18:46:09 +0000 http://thelegendofrandom.com/blog/?p=654#comment-9701 I have done it whola!!! w/extra credit :)

]]>
By: Roadi http://thelegendofrandom.com/blog/archives/654#comment-3334 Roadi Fri, 24 Aug 2012 04:31:25 +0000 http://thelegendofrandom.com/blog/?p=654#comment-3334 “Extra Credit: Patch the crackme so that your password can be any length.”

Since the two ‘ACCESS DENIED’ SetWindowTextA’s will be overwritten by the one of ‘ACCESS GRANTED’, length should be of no concern, considering they all point to the same window handle.

That, or I have misassumed the underworkings of the said API (though, nonetheless, the patch at 0040 129F does ‘work’).

-Roadi

]]>
By: R4ndom http://thelegendofrandom.com/blog/archives/654#comment-2884 R4ndom Wed, 15 Aug 2012 22:58:10 +0000 http://thelegendofrandom.com/blog/?p=654#comment-2884 Because Olly is unable to know ahead of time what data will be in these memory locations, they are not displayed. When you run the app and pause right before them, Olly is able to reliably figure out (or at least assume) what data will be in them, so they can then be displayed correctly.

If you keep the disassembly on those lines of code and step through the program, you will see them change a lot. This is because various values are stored in these memory locations, and Olly is guessing what they are.

]]>