| Here's a simple keygen I wrote. It copies the serial to your clipboard so you can paste. https://cdn.discordapp.com/attachments/687103642377125907/831090391574642688/Keygen_for_sansuu.zip |
==> |
| LRESULT __stdcall sub_4013F0(HWND hWndParent, UINT Msg, WPARAM wParam, LPARAM lParam)
{
int v4; // ST27C_4
CHAR String; // [esp+B90h] [ebp-810h]
unsigned int v7; // [esp+1390h] [ebp-10h]
int savedregs; // [esp+13A0h] [ebp+0h]
sub_41FC80();
v7 = (unsigned int)&savedregs ^ __security_cookie;
if ( Msg 0x10 )
{
if ( Msg != 273 )
return DefWindowProcW(hWndParent, Msg, wParam, lParam);
sub_401350(v7);
sub_4012C0();
if ( sub_401210 || sub_401160 )
{
MessageBoxA(hWndParent, "Try harder! Muahahahaha..", "Exploit Pack - http://exploitpack.com", 0x40u);
exit(0);
}
if ( (unsigned __int16)wParam == 100 )
{
v4 = GetWindowTextLengthW(hWnd);
GetWindowTextA(hWnd, &String, v4 + 1);
JUMPOUT(&loc_41CD62);
}
}
else
{
switch ( Msg )
{
case 0x10u:
DestroyWindow(hWndParent);
break;
case 1u:
dword_423400 = (int)CreateWindowExA(
0,
"button",
"Crack me!",
0x50000000u,
10,
10,
300,
25,
hWndParent,
(HMENU)0x64,
hInstance,
0);
hWnd = CreateWindowExA(0, "edit", &Src, 0x50800000u, 10, 45, 300, 25, hWndParent, (HMENU)0x65, hInstance, 0);
dword_4233FC = CreateWindowExA(
0,
"edit",
"Solved? Email: ",
0x50000800u,
10,
75,
300,
225,
hWndParent,
(HMENU)0x66,
hInstance,
0);
SetFocus(hWnd);
break;
case 2u:
PostQuitMessage(0);
break;
default:
return DefWindowProcW(hWndParent, Msg, wParam, lParam);
}
}
return 0;
} |
==> |
| Easy! I did it without any byte patching. I just add a breakpoint at 0x7515 in file offset. Changed eax to the value of [ebp-5C] and then it's done! easy! |
==> |
| key is "cr4ckingL3ssons".
here is patched version: https://drive.google.com/open?id=1RtMqnCZyfhWbmqA0vFQwNLYrlQ8fFcPy |
==> |