Adventures in reverse-engineering a crackme on Crackmes.de
In this post I'll show how to reverse this crackme. This crackme is classified as level 5, but is not that complicated. Just require some knowledge. I use a new shiny copy of Windows 10 as enviroment for reversing, please note that the result may vary basing on the OS you're using. The approach I used is quite "pragmatic" (basically, I change stuff and see what happens ) and may not be suitable for larger/more complex protection where a deeper knowledge of the protection is needed. First of all, try to launch it. Crash. That's good. Note that the author "certified" it for running on OSs up to Windows 7 so this crash is nothing special. We'll try to understand the reason later. Fire OllyDBG, open it and the process terminate itself before entrypoint is reached. Good enough. Now, suppose you don't know what a " TLS Callback " is, just look at the call-stack. Someone called TerminateProcess before the program reached the entrypoint.