this is my old solution back from the end of 2024, i just found that on my drive - so i decided to share. this writeup was never accepted on crackmes.one as the author has likely abandoned the site
replace the condition at 75 ? C7 04 24 ? ? ? ? E8 ? ? ? ? E8 with jn, enter any password to get "access granted" message.
if we look into generate_password function we can see that it calls getpid function at E8 ? ? ? ? 89 45 ? 8B 45 ? 89 44 24, which returns the pid of the current process
then it prepends it with "Format" const which equals to EndIsNear-
now its evident how password generation works. we can manually find process pid in task maanger and enter our password. that works 👍
we can find generate_password function and call it manually, printing what it returns. as shown in this minimal example:
#include <windows.h>
#include <cstdio>
typedef void(__cdecl *tTargetFunc)(char *buffer);
BOOL APIENTRY DllMain(HMODULE hModule, DWORD reason, LPVOID)
{
if (reason == DLL_PROCESS_ATTACH)
{
DWORD base = (DWORD)GetModuleHandleA(NULL);
const char pattern[] = "\x55\x89\xE5\x83\xEC\x28\xE8";
for (DWORD i = 0; i < 0x50000; i++) {
if (memcmp((void*)(base + i), pattern, 7) == 0) {
char buffer[256] = {0};
((tTargetFunc)(base + i))(buffer);
printf("%s\n", buffer);
break;
}
}
}
return TRUE;
}
mf