This CrackMe teaches a specific method of cracking which is to trace the eax value and patch it.

Link: https://crackinglessons.com/crackme-7/

Software

It was a software that shows registration status.

00 - 0 unregistered

Detect It Easy (die)

Using DIE software I found the entry point.

EntryPoint = ImageBase + AddressOfEntryPoint --> 0x00401353

00 - die

x32dbg

Then using step over (F8) and searching step by step, I found the commands where it is checking if registered or not.

01 - place

Then what I did is:

  1. I removed first JE to avoid it jumping.
  2. By avoiding it jumping, it sets EAX value to 2 which make test result in not zero so zero flag (ZF) is not set to one. Which means we are registered.

02 - patch

That is it, easy.

03 - gg

<
Previous Post
CrackMe5
>
Next Post
Target by TDC