Another gui-based crackme written in visual studio 2017 win32 api.

Objectives:

  • Remove the 2 nag screens – one at startup and one at close of program.
  • In the About screen – change status to Registered.

Link: https://crackinglessons.com/crackme-3/

Software

The software had 2 nag screens while opening the program and when closing it. And about page showed unregistered

00 - nag screen 1

01 - about

Detect It Easy

Using DIE software I found the entry point.

EntryPoint = ImageBase + AddressOfEntryPoint --> 0x00401370

02 - die entry point

x32dbg

Removing nag screens

Using x32dbg and animate over funcitonality, I found the command that calls the nag screen.

03 - nag screen caller

The highlighted lines were simply opening nag screens.

04 - opener messagebox

So I removed them and set them to nop.

05 - no nag

Now to find closing nag screen we can do two things. We can check intermodular calls and filter for MessageBox or we can pause the program and check for call stack. I checked intermodular calls.

07 - memory

08 - messagebox

And second messagebox was the closing nag.

09 - sus

Simply deleted it and set to nop.

10 - no more nag

Registering user

To show registered message on about page, we can again do two things. We can check intermodular calls and filter for MessageBox or we can pause the program and check for call stack. I checked intermodular calls.

First messagebox was the one checking for registration.

11 - suspicious

Simply patched it.

12 - patched

Then exported it.

13 - patching

14 - PATCHED

And we are registered.

15 - GG

<
Previous Post
CrackMe2
>
Next Post
CrackMe4