It needs some knowledge, and please dont swear too much because this crackme will make you go really crazy if you dont know uhm Windows features :)

Difficulty: 3 - Getting harder
Platform: Windows 2000/XP only
Language: Assembler

Published: 06. Aug, 2006
Solution by red477, published 11. aug, 2006

Solution by deroko, published 11. aug, 2006

deroko has rated this crackme as quite nice.

Discussion and comments

08. Aug 2006
Though i am not able to get to the very kernel till now, I think it is really a nice one.
08. Aug 2006
so accepted solution is patch? I got it patched :P
08. Aug 2006
forgot to say, very good crackme, interesting and enjoyable.
10. Aug 2006
@Author, I think there is something wrong with the keygen routine, here:
004014E0 > 803C31 30 CMP BYTE PTR DS:[ECX+ESI],30
004014E4 . 72 0C JB SHORT grinder.004014F2
004014E6 . 803C31 39 CMP BYTE PTR DS:[ECX+ESI],39
004014EA . 77 06 JA SHORT grinder.004014F2
004014EC . 802C31 1E SUB BYTE PTR DS:[ECX+ESI],1E
I think there should be another instruction here:

Nice crackme, and after being confirmed about my doubt, I may submit my patch solution and probably a keygen.
14. Aug 2006
thx men for the time you spent :)

Great Deroko solved my crackme. This is a pleasure for me :)
14. Aug 2006
tnx man, pleasure is all mine =)
05. Sep 2006
we have another way to disable thread, instead of noppind CreateThread or patching jumps:

1- Patching thread code to "RETN 04" at 00401819
2- Patching thread CreationFlags to "Create_Suspended" at 004012F9, PUSH 0 -> 04

