Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, December 07 2021 @ 10:07 AM CET
SafeDisc 3.20 - 4.00 | 9 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
SafeDisc 3.20 - 4.00
Authored by: Human on Wednesday, November 01 2006 @ 03:28 PM CET
try safecast game WIK
it has check for at least 4 runs
1001130D 83F8 04 CMP EAX,4
10011310 72 14 JB SHORT ~df394b.10011326
10011312 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
10011314 E8 47560100 CALL ~df394b.10026960
10011319 83F8 04 CMP EAX,4
1001131C 72 08 JB SHORT ~df394b.10011326
1001131E 57 PUSH EDI ; Wik.0054C802
1001131F 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
10011321 E8 8B560100 CALL ~df394b.100269B1
10011326 56 PUSH ESI ; ~df394b.1006E4E8
10011327 8BCB MOV ECX,EBX ; ~df394b.1006CE70
10011329 E8 33FEFFFF CALL ~df394b.10011161
1001132E EB 05 JMP SHORT ~df394b.10011335


and here is write that will be not executed until both eax are lower than 4


100269B1 55 PUSH EBP
100269B2 8BEC MOV EBP,ESP
100269B4 83EC 1C SUB ESP,1C
100269B7 53 PUSH EBX ; ~df394b.1006CE70
100269B8 56 PUSH ESI ; ~df394b.1006E4E8
100269B9 57 PUSH EDI ; Wik.0054C802
100269BA 8BF1 MOV ESI,ECX ; ~df394b.1006CE8C
100269BC E8 AC960200 CALL ~df394b.1005006D
100269C1 8BD8 MOV EBX,EAX
100269C3 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
100269C6 83C0 FB ADD EAX,-5
100269C9 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
100269CB 8945 08 MOV DWORD PTR SS:[EBP+8],EAX
100269CE E8 C5FFFFFF CALL ~df394b.10026998
100269D3 C1E8 10 SHR EAX,10
100269D6 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
100269D8 8845 E4 MOV BYTE PTR SS:[EBP-1C],AL
100269DB E8 B8FFFFFF CALL ~df394b.10026998
100269E0 C1E8 08 SHR EAX,8
100269E3 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
100269E5 8845 E5 MOV BYTE PTR SS:[EBP-1B],AL
100269E8 E8 ABFFFFFF CALL ~df394b.10026998
100269ED 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
100269EF 8845 E6 MOV BYTE PTR SS:[EBP-1A],AL
100269F2 8D7C1D E4 LEA EDI,DWORD PTR SS:[EBP+EBX-1C]
100269F6 E8 81FFFFFF CALL ~df394b.1002697C
100269FB 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
100269FD 8847 FC MOV BYTE PTR DS:[EDI-4],AL
10026A00 E8 77FFFFFF CALL ~df394b.1002697C
10026A05 C1E8 08 SHR EAX,8
10026A08 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
10026A0A 8847 FD MOV BYTE PTR DS:[EDI-3],AL
10026A0D E8 6AFFFFFF CALL ~df394b.1002697C
10026A12 C1E8 10 SHR EAX,10
10026A15 8BCE MOV ECX,ESI ; ~df394b.1006E4E8
10026A17 8847 FE MOV BYTE PTR DS:[EDI-2],AL
10026A1A E8 5DFFFFFF CALL ~df394b.1002697C
10026A1F C1E8 18 SHR EAX,18
10026A22 6A 08 PUSH 8
10026A24 8847 FF MOV BYTE PTR DS:[EDI-1],AL
10026A27 8B3D B4100510 MOV EDI,DWORD PTR DS:[>; kernel32.VirtualProtect
10026A2D 8365 FC 00 AND DWORD PTR SS:[EBP-4],0
10026A31 58 POP EAX ; ntdll.7C910738
10026A32 8D4D FC LEA ECX,DWORD PTR SS:[EBP-4]
10026A35 51 PUSH ECX ; ~df394b.1006CE8C
10026A36 50 PUSH EAX
10026A37 53 PUSH EBX ; ~df394b.1006CE70
10026A38 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX
10026A3B FF75 08 PUSH DWORD PTR SS:[EBP+8]
10026A3E FFD7 CALL EDI ; Wik.0054C802
10026A40 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C]
10026A43 50 PUSH EAX
10026A44 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
10026A47 53 PUSH EBX ; ~df394b.1006CE70
10026A48 50 PUSH EAX
10026A49 FF75 08 PUSH DWORD PTR SS:[EBP+8]
10026A4C FF76 1C PUSH DWORD PTR DS:[ESI+1C]
10026A4F FF15 B8100510 CALL DWORD PTR DS:[; kernel32.WriteProcessMemory

this target is more safedisc than safecast, due it also creates process that attaches to our exe, next it also has nanomites and we crash on

004B8B2C E8 4F44FEFF CALL Wik.0049CF80 ; JMP to WINMM.timeGetTime
004B8B31 CC INT3
004B8B32 CC INT3
004B8B33 81E3 FF000000 AND EBX,0FF
004B8B39 E8 4244FEFF CALL Wik.0049CF80 ; JMP to WINMM.timeGetTime
004B8B3E CC INT3
004B8B3F 0F8A CC894C24 JPE 24981511
004B8B45 08E8 OR AL,CH
004B8B47 35 44FEFF8B XOR EAX,8BFFFE44
004B8B4C 4C DEC ESP
004B8B4D 24 08 AND AL,8
004B8B4F 53 PUSH EBX
004B8B50 C1E8 10 SHR EAX,10
004B8B53 25 FF000000 AND EAX,0FF
004B8B58 51 PUSH ECX
004B8B59 50 PUSH EAX

 Copyright © 2021 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 1.05 seconds