Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <windows.h>
- #include <stdio.h>
- #include <fcntl.h>
- #include <io.h>
- #include <iostream>
- #include <fstream>
- #include <vector>
- #include "detours.h"
- #include <string>
- #include <Wincrypt.h>
- int hConHandle;
- long lStdHandle;
- #define dll extern "C" __declspec(dllexport)
- using namespace std;
- static const WORD MAX_CONSOLE_LINES = 1000;
- // Aedes Protection
- string name = "Metin2Deluxe",
- version = "1.1.0.0",
- date = "18/03/2012";
- #pragma region Prototipi Funzioni
- dll void showInfo();
- dll void get_pack(void);
- dll void sub_get(void);
- dll BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
- dll void RedirectIOToConsole();
- dll void FixExtractor();
- dll void RedirectIOToConsole( void );
- dll void get_name();
- dll void lzo_func_1();
- dll void lzo_func_2();
- dll void lzo_func_3();
- dll void lzo_func_4();
- dll int xtea(int,int,LPBYTE,int);
- dll void block_get();
- dll int check(int,int,char*);
- dll void xxtea();
- dll void pong_func();
- dll void block_ref();
- dll void block_switch();
- #pragma endregion Prototipi Funzioni
- #pragma region Dichiarazioni
- DWORD fileName_add;
- // GetPack
- DWORD push_0070F89B = 0x0070F89B;
- DWORD call_005769F0 = 0x005769F0;
- DWORD call_00576B90 = 0x00576B90;
- DWORD call_00640230 = 0x00640230;
- DWORD push_0073E6B4 = 0x0073E6B4;
- DWORD call_0065932E = 0x0065932E;
- DWORD push_0073E6AC = 0x0073E6AC;
- DWORD push_0073E6A4 = 0x0073E6A4;
- DWORD call_00571070 = 0x00571070;
- DWORD call_005D6BA0 = 0x005D6BA0;
- DWORD call_00571290 = 0x00571290;
- DWORD call_0073E6A0 = 0x0073E6A0;
- DWORD call_00571460 = 0x00571460;
- DWORD call_0063F020 = 0x0063F020;
- DWORD call_005DF7D0 = 0x005DF7D0;
- int count = 0;
- // end - GetPack Ref;
- // SubGet - Ref
- DWORD call_005D3FC0 = 0x005D3FC0;
- DWORD call_005D63F0 = 0x005D63F0;
- // End SubGet - Ref
- char* control_1 = ".pyc";
- char* control_2 = ".txt";
- char* info,*info2, *info3, *info4, *info5, *info6;
- // Start Lzo_func_1 Ref;
- DWORD call_005D7F80 = 0x005D7F80;
- DWORD call_00407800 = 0x00407800;
- DWORD call_0063F640 = 0x0063F640;
- DWORD push_0074C518 = 0x0074C518;
- DWORD call_004069F0 = 0x004069F0;
- DWORD call_005D8120 = 0x005D8120;
- DWORD call_005DA2D0 = 0x005DA2D0;
- DWORD call_005714D0 = 0x005714D0;
- DWORD push_0073E6A0 = 0x0073E6A0;
- DWORD call_0074C518 = 0x0074c518;
- DWORD addy_74C520 = 0x74C520;
- BYTE addy_74C524 = 0x74C524;
- // End Lzo_func_1 ref;
- DWORD call_0063EFDD = 0x0063EFDD;
- DWORD call_00428900 = 0x00428900;
- DWORD call_005767B0 = 0x005767B0;
- #pragma endregion Dichiarazioni
- #pragma region Archivi
- /* Standart */
- char *magic = "MCOZ";
- char *pong = "83da635ds12312ss";
- char* est_1 = ".eue";
- char* est_2 = ".dlx";
- DWORD index_est = *(int *)(est_2);
- byte key_1[] = {0xff , 0x37 , 0x3f , 0x3f , 0xf3 , 0x4E , 0xf1 , 0x25 , 0x4D , 0x2D , 0x5f , 0x30 , 0x52 , 0x37 , 0xf1 , 0xf5};
- byte key_2[] = {0x22 , 0xB8 , 0xB4 , 0x04 , 0x64 , 0xB2 , 0x6E , 0x1F , 0xAE , 0xEA , 0x18 , 0x00 , 0xA6 , 0xF6 , 0xFB , 0x1C};
- char* packName;
- /* MIllenium Word
- char *magic = "THIA";
- char *pong = "abdi@lswkdsg33.1";
- char* est_1 = ".mln";
- char* est_2 = ".wrl";
- DWORD index_est = *(int *)(est_2);
- byte key_1[] = {0x4D , 0x31 , 0x37 , 0x37 , 0x33 , 0x4E , 0x31 , 0x55 , 0x4D , 0x2D , 0x57 , 0x30 , 0x52 , 0x37 , 0x44 , 0x35};
- byte key_2[] = {0x22 , 0xB8 , 0xB4 , 0x04 , 0x64 , 0xB2 , 0x6E , 0x1F , 0xAE , 0xEA , 0x18 , 0x00 , 0xA6 , 0xF6 , 0xFB , 0x1C};
- */
- /*
- ArisOnline
- byte key_1[] = {0x32, 0x47, 0xDF, 0x98, 0x79, 0x87, 0x7D, 0xA7, 0x93, 0x21, 0x28, 0x79, 0x8D, 0xA3, 0x23, 0x20};
- byte key_2[] = {0x22 , 0xB8 , 0xB4 , 0x04 , 0x64 , 0xB2 , 0x6E , 0x1F , 0xAE , 0xEA , 0x18 , 0x00 , 0xA6 , 0xF6 , 0xFB , 0x1C};
- /*
- Metin2Deluxe ( .Net )
- char *pong = "1234abcd5678efgh";
- char* est_1 = ".dlx";
- char* est_2 = ".eue";
- byte key_1[] = {0xff , 0x37 , 0x3f , 0x3f , 0xf3 , 0x4E , 0xf1 , 0x25 , 0x4D , 0x2D , 0x5f , 0x30 , 0x52 , 0x37 , 0xf1 , 0xf5};
- byte key_2[] = {0x22 , 0xB8 , 0xB4 , 0x04 , 0x64 , 0xB2 , 0x6E , 0x1F , 0xAE , 0xEA , 0x18 , 0x00 , 0xA6 , 0xF6 , 0xFB , 0x1C};
- */
- DWORD call_005728A0 = 0x005728A0;
- DWORD jmp_005DF8E7 = 0x005DF8E7;
- DWORD call_005700B0 = 0x005700B0;
- DWORD jmp_572057 = 0x572057;
- DWORD call_005D4090 = 0x005D4090;
- #pragma endregion Archivi
- dll void start_crypto(){
- DetourFunction((BYTE*) 0x729C80, (BYTE*)pong_func);
- DetourFunction((BYTE*) 0x5E06C8, (BYTE*)get_name);
- DetourFunction((BYTE*) 0x005E06C0, (BYTE*)lzo_func_1);
- DetourFunction((BYTE*) 0x005DF8BE, (BYTE*)lzo_func_2);
- DetourFunction((BYTE*) 0x00572040, (BYTE*)lzo_func_3);
- DetourFunction((BYTE*) 0x005700B0, (BYTE*)lzo_func_4);
- DetourFunction((BYTE*) 0x48f7e0,( BYTE* )get_pack);
- DetourFunction((BYTE*) 0x1E05D240, (BYTE*)block_get);
- DetourFunction((BYTE*) 0x1E05D4E0, (BYTE*)block_ref);
- DetourFunction((BYTE*) 0x0041D9D3, (BYTE*)block_switch);
- ifstream ReadFile;
- ReadFile.open("info.txt");
- string out;
- if (ReadFile.is_open()) {
- ReadFile >> out;
- if (out == "Show" || out == "show"){
- RedirectIOToConsole();
- showInfo();
- }
- }
- ReadFile.close();
- }
- dll void showInfo(){
- cout << "\t\t\tDrAg0n Protection v" << version << endl<< endl<< endl;
- cout << "Version compiled for - " << name << endl;
- cout << "Protection Compiled in date " << date << endl;
- cout << "Coded by DrAg0n" << endl;
- cout << "Skype = dragon_9330" << endl;
- }
- dll BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
- {
- switch (fdwReason)
- {
- case DLL_PROCESS_ATTACH:
- start_crypto();
- break;
- case DLL_PROCESS_DETACH:
- ExitProcess(0);
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- }
- return TRUE; // succesful
- }
- dll __declspec (naked) void get_pack(){
- __asm{
- PUSH -1
- PUSH push_0070F89B
- MOV EAX,DWORD PTR FS:[0]
- PUSH EAX
- MOV DWORD PTR FS:[0],ESP
- SUB ESP,0x148
- MOV EAX,DWORD PTR DS:[0x7C2DE8]
- XOR EAX,ESP
- LEA ECX,[ESP+4]
- PUSH ECX
- MOV DWORD PTR SS:[ESP+0x148],EAX
- MOV EAX,DWORD PTR SS:[ESP+0x160]
- PUSH 0
- PUSH EAX
- CALL call_005769F0
- ADD ESP,0x0C
- TEST AL,AL
- JNE L0022
- PUSH 0
- CALL call_00576B90
- ADD ESP,0x4
- JMP L0083
- L0022:
- MOV EDX,DWORD PTR SS:[ESP+0x4]
- MOV info2, EDX
- PUSH ESI
- PUSH 0x2E
- PUSH EDX
- ritorno:
- CALL call_00640230
- MOV ESI,EAX
- ADD ESP,0x8
- TEST ESI,ESI
- JE L0079
- PUSH push_0073E6B4
- PUSH ESI
- CALL call_0065932E
- ADD ESP,0x8
- TEST EAX,EAX
- JE L0049
- inizio:
- PUSH control_1
- PUSH ESI
- CALL call_0065932E
- ADD ESP,0x8
- TEST EAX,EAX
- JE L0049
- PUSH control_2
- PUSH ESI
- CALL call_0065932E
- ADD ESP,0x8
- TEST EAX,EAX
- JNE L0079
- L0049:
- LEA ECX,[ESP+0x0C]
- CALL call_00571070
- MOV ECX,DWORD PTR SS:[ESP+0x8]
- LEA EAX,[ESP+04]
- PUSH EAX
- PUSH ECX
- MOV ECX,DWORD PTR DS:[0x7D0710]
- LEA EDX,[ESP+0x14]
- PUSH EDX
- MOV DWORD PTR SS:[ESP+0x160],0
- MOV DWORD PTR SS:[ESP+0x10],0
- CALL sub_get
- CALL check
- TEST AL,AL
- LEA ECX,[ESP+0x0C]
- JE L0077
- CALL call_00571290
- PUSH EAX
- MOV EAX,DWORD PTR SS:[ESP+0x08]
- PUSH EAX
- PUSH push_0073E6A0
- CALL DWORD PTR DS:[0x7317B0]
- ADD ESP,0x0C
- LEA ECX,[ESP+0x0C]
- MOV ESI,EAX
- MOV DWORD PTR SS:[ESP+0x154],-1
- CALL call_00571460
- MOV EAX,ESI
- JMP L0082
- L0077:
- MOV DWORD PTR SS:[ESP+0x154],-1
- CALL call_00571460
- L0079:
- PUSH 0
- CALL call_00576B90
- ADD ESP,0x4
- L0082:
- POP ESI
- L0083:
- MOV ECX,DWORD PTR SS:[ESP+0x148]
- MOV DWORD PTR FS:[0],ECX
- MOV ECX,DWORD PTR SS:[ESP+0x144]
- XOR ECX,ESP
- CALL call_0063F020
- ADD ESP,0x154
- RETN
- }
- fine:
- __asm MOV info,ESI
- cout << info << endl;
- __asm JMP inizio
- log2:
- cout << info2 << endl;
- __asm JMP ritorno
- }
- dll __declspec (naked) void sub_get(){
- __asm{
- PUSH EBX
- MOV EBX,DWORD PTR SS:[ESP+0x0C]
- PUSH EBP
- MOV EBP,DWORD PTR SS:[ESP+0x0C]
- PUSH ESI
- PUSH EDI
- MOV EDI,DWORD PTR SS:[ESP+0x1C]
- MOV ESI,ECX
- MOV EAX,DWORD PTR DS:[ESI+0x8]
- TEST EAX,EAX
- PUSH EDI
- PUSH EBX
- PUSH EBP
- JNE L0027
- CALL call_005D3FC0
- TEST AL,AL
- JNE L0030
- PUSH EDI
- PUSH EBX
- PUSH EBP
- MOV ECX,ESI
- CALL call_005D63F0
- POP EDI
- POP ESI
- POP EBP
- POP EBX
- RETN 0x0C
- L0027:
- CALL call_005D63F0
- TEST AL,AL
- JE L0036
- L0030:
- POP EDI
- POP ESI
- POP EBP
- MOV AL,1
- POP EBX
- RETN 0x0C
- L0036:
- PUSH EDI
- PUSH EBX
- PUSH EBP
- MOV ECX,ESI
- CALL call_005D3FC0
- POP EDI
- POP ESI
- POP EBP
- POP EBX
- RETN 0x0C
- }
- }
- DWORD jmp_005E06C9 = 0x005E06C9;
- dll __declspec (naked) void get_name(){
- cout << packName;
- }
- dll __declspec (naked) void lzo_func_1(){
- __asm{
- PUSH EBP
- MOV EBP,DWORD PTR SS:[ESP+0x18]
- TEST EBP,EBP
- PUSH ESI
- PUSH EDI
- MOV packName,EDI
- MOV ESI,ECX
- JE L0012
- PUSH 0x20
- PUSH EBP
- LEA ECX,[ESI+0x1BEC]
- CALL call_00407800
- MOV BYTE PTR DS:[ESI+0x35D],0
- L0012:
- MOV EDX,DWORD PTR SS:[ESP+0x18]
- MOV EAX,EDX
- LEA EDI,[EAX+0x1]
- JMP L0017
- LEA ECX,[ECX]
- L0017:
- MOV CL,BYTE PTR DS:[EAX]
- INC EAX
- TEST CL,CL
- JNE L0017
- PUSH EBX
- SUB EAX,EDI
- PUSH EAX
- PUSH EDX
- LEA ECX,[ESI+0x1BC8]
- CALL call_00407800
- MOV EBX,DWORD PTR SS:[ESP+0x18]
- PUSH 0x0FF
- LEA EAX,[ESI+0x14D]
- PUSH EBX
- PUSH EAX
- CALL call_0063F640
- PUSH 104
- LEA EDI,[ESI+0x24D]
- PUSH EBX
- PUSH EDI
- CALL call_0063F640
- ADD ESP,0x18
- DEC EDI
- L0040:
- MOV AL,BYTE PTR DS:[EDI+0x1]
- INC EDI
- TEST AL,AL
- JNE L0040
- MOV ECX,DWORD PTR DS:[index_est]
- MOV DWORD PTR DS:[EDI],ECX
- MOV DL,BYTE PTR DS:[0x74C524]
- MOV EAX,EBX
- MOV BYTE PTR DS:[EDI+0x4],DL
- LEA EDX,[EAX+0x1]
- L0050:
- MOV CL,BYTE PTR DS:[EAX]
- INC EAX
- TEST CL,CL
- JNE L0050
- SUB EAX,EDX
- PUSH EAX
- LEA EDI,[ESI+0x1BAC]
- PUSH EBX
- MOV ECX,EDI
- CALL call_00407800
- PUSH 0x4
- PUSH est_1
- MOV ECX,EDI
- CALL call_004069F0
- MOV AL,BYTE PTR SS:[ESP+0x20]
- MOV ECX,ESI
- MOV BYTE PTR DS:[ESI+0x35C],AL
- CALL call_005D8120
- TEST AL,AL
- POP EBX
- JE L0099
- MOV ECX,ESI
- CALL call_005DA2D0
- TEST AL,AL
- JE L0099
- MOV EDX,DWORD PTR SS:[ESP+0x10]
- TEST EBP,EBP
- SETNE CL
- PUSH ECX
- PUSH EDX
- MOV ECX,ESI
- CALL call_005DF7D0
- MOV AL,BYTE PTR DS:[ESI+0x35C]
- TEST AL,AL
- JE L0104
- CMP DWORD PTR DS:[EDI+0x18],0x10
- JB L0089
- MOV EDI,DWORD PTR DS:[EDI+0x4]
- JMP L0090
- L0089:
- ADD EDI,0x4
- L0090:
- PUSH 0
- PUSH 0
- LEA EAX,[ESI+0x140]
- PUSH EAX
- PUSH EDI
- LEA ECX,[ESI+0x4]
- CALL call_005714D0
- TEST EAX,EAX
- JNE L0106
- L0099:
- POP EDI
- POP ESI
- XOR AL,AL
- POP EBP
- RETN 0x14
- L0104:
- MOV ECX,ESI
- CALL call_005D7F80
- L0106:
- POP EDI
- POP ESI
- MOV AL,0x1
- POP EBP
- RETN 0x14
- }
- }
- dll __declspec (naked) void lzo_func_2(){
- __asm{
- CMP EAX,magic
- JNE 0x005DFAC3
- PUSH OFFSET key_1
- PUSH ESI
- LEA EAX,[ESP+0x14]
- MOV BYTE PTR SS:[EBP+0x14C],0x1
- MOV ECX,DWORD PTR DS:[0x7D0C1C]
- PUSH EAX
- CALL call_005728A0
- JMP jmp_005DF8E7
- }
- }
- dll __declspec (naked) void lzo_func_3(){
- __asm{
- PUSH EDX
- PUSH EBX
- SUB EAX,4
- PUSH EAX
- PUSH EDI
- MOV DWORD PTR SS:[ESP+0x2030],0
- CALL call_005700B0
- JMP jmp_572057
- }
- }
- dll __declspec (naked) void lzo_func_4(){
- __asm{
- MOV EAX,DWORD PTR SS:[ESP+0x10]
- MOV ECX,EAX
- AND ECX,0x80000007
- JNS L0007
- DEC ECX
- OR ECX,0xFFFFFFF8
- INC ECX
- L0007:
- JE L0012
- SUB EAX,ECX
- ADD EAX,0x8
- MOV DWORD PTR SS:[ESP+0x10],EAX
- JMP L0013
- L0012:
- MOV DWORD PTR SS:[ESP+0x10],EAX
- L0013:
- PUSH EBX
- MOV EBX,EAX
- SAR EBX,0x3
- TEST EBX,EBX
- JLE L0041
- PUSH EBP
- MOV EBP,DWORD PTR SS:[ESP+0x14]
- PUSH ESI
- MOV ESI,DWORD PTR SS:[ESP+0x14]
- PUSH EDI
- MOV EDI,DWORD PTR SS:[ESP+0x14]
- LEA ECX,[ECX]
- L0025:
- MOV EAX,DWORD PTR DS:[ESI]
- MOV ECX,DWORD PTR DS:[ESI+0x4]
- PUSH EDI // DwSize
- PUSH EBP // lzoData
- PUSH EAX // Pointer to [InData]
- PUSH ECX // OutBuffer
- CALL xtea
- ADD ESP,0x10
- ADD EDI,0x8
- ADD ESI,0x8
- DEC EBX
- JNE L0025
- MOV EAX,DWORD PTR SS:[ESP+0x20]
- POP EDI
- POP ESI
- POP EBP
- L0041:
- POP EBX
- RETN
- }
- }
- bool first = false;
- dll int xtea(int a1, int a2, LPBYTE key, int a4){
- int result;
- unsigned int sum = -957401312;
- unsigned int delta = 0x61C88647;
- unsigned int v5;
- unsigned int v6;
- signed int v7;
- v5 = a2;
- v6 = a1;
- v7 = 32;
- for(int i = 0; i < v7; i++){
- v6 -= (sum + *(DWORD*)(key + 4 * ((sum >> 11) & 3))) ^ (v5 + (16 * v5 ^ (v5 >> 5)));
- sum += delta;
- v5 -= (sum + *(DWORD*)(key + 4 * (sum & 3))) ^ (v6 + (16 * v6 ^ (v6 >> 5)));
- }
- result = a4;
- *(DWORD*)a4 = v5;
- *(DWORD*)(a4 + 4) = v6;
- return result;
- }
- __declspec (naked) void xxtea(){
- __asm{
- MOV EDX,DWORD PTR SS:[ESP+0x8]
- MOV ECX,DWORD PTR SS:[ESP+0x4]
- PUSH EBX
- PUSH EBP
- PUSH ESI
- MOV ESI,DWORD PTR SS:[ESP+0x18]
- PUSH EDI
- MOV EAX,0xC6EF3720
- MOV EDI,0x20
- LEA EBX,[EBX]
- L0010:
- MOV EBX,EDX
- SHR EBX,0x5
- MOV EBP,EDX
- SHL EBP,0x4
- XOR EBX,EBP
- MOV EBP,EAX
- SHR EBP,0x0B
- AND EBP,0x00000003
- MOV EBP,DWORD PTR DS:[EBP*0x4+ESI]
- ADD EBP,EAX
- ADD EBX,EDX
- XOR EBX,EBP
- SUB ECX,EBX
- MOV EBX,ECX
- SHR EBX,0x5
- MOV EBP,ECX
- SHL EBP,0x4
- XOR EBX,EBP
- ADD EAX,0x61C88647
- MOV EBP,EAX
- AND EBP,0x00000003
- MOV EBP,DWORD PTR DS:[EBP*0x4+ESI]
- ADD EBX,ECX
- ADD EBP,EAX
- XOR EBX,EBP
- SUB EDX,EBX
- DEC EDI
- JNE L0010
- MOV EAX,DWORD PTR SS:[ESP+0x20]
- POP EDI
- POP ESI
- POP EBP
- MOV DWORD PTR DS:[EAX],EDX
- MOV DWORD PTR DS:[EAX+0x4],ECX
- POP EBX
- RETN
- }
- }
- __declspec (naked) void xxea_2(){
- __asm{
- MOV EDX,DWORD PTR SS:[ESP+0x8]
- MOV ECX,DWORD PTR SS:[ESP+0x4]
- PUSH EBX
- PUSH EBP
- PUSH ESI
- MOV ESI,DWORD PTR SS:[ESP+0x18]
- PUSH EDI
- MOV EAX,0xC6EF3720
- MOV EDI,0x20
- LEA EBX,[EBX]
- L0010:
- MOV EBX,EDX
- SHR EBX,0x5
- MOV EBP,EDX
- SHL EBP,0x4
- XOR EBX,EBP
- MOV EBP,EAX
- SHR EBP,0x0B
- AND EBP,0x00000003
- MOV EBP,DWORD PTR DS:[EBP*0x4+ESI]
- ADD EBP,EAX
- ADD EBX,EDX
- XOR EBX,EBP
- SUB ECX,EBX
- MOV EBX,ECX
- SHR EBX,0x5
- MOV EBP,ECX
- SHL EBP,0x4
- XOR EBX,EBP
- ADD EAX,0x61C88647
- MOV EBP,EAX
- AND EBP,0x00000003
- MOV EBP,DWORD PTR DS:[EBP*0x4+ESI]
- ADD EBX,ECX
- ADD EBP,EAX
- XOR EBX,EBP
- SUB EDX,EBX
- DEC EDI
- JNE L0010
- MOV EAX,DWORD PTR SS:[ESP+0x20]
- POP EDI
- POP ESI
- POP EBP
- MOV DWORD PTR DS:[EAX],EDX
- MOV DWORD PTR DS:[EAX+0x4],ECX
- POP EBX
- RETN
- }
- }
- __declspec (naked) void xtea_lzo(){
- __asm{
- MOV EDX,DWORD PTR SS:[ESP+0x8]
- MOV ECX,DWORD PTR SS:[ESP+0x4]
- PUSH EBX
- PUSH EBP
- PUSH ESI
- MOV ESI,DWORD PTR SS:[ESP+0x18]
- PUSH EDI
- MOV EAX,0xC6EF3720
- MOV EDI,0x20
- LEA EBX,[EBX]
- L0010:
- MOV EBX,EDX
- SHR EBX,0x5
- MOV EBP,EDX
- SHL EBP,0x4
- XOR EBX,EBP
- MOV EBP,EAX
- SHR EBP,0x0B
- AND EBP,0x00000003
- MOV EBP,DWORD PTR DS:[EBP*0x4+ESI]
- ADD EBP,EAX
- ADD EBX,EDX
- XOR EBX,EBP
- SUB ECX,EBX
- MOV EBX,ECX
- SHR EBX,0x5
- MOV EBP,ECX
- SHL EBP,0x4
- XOR EBX,EBP
- ADD EAX,0x61C88647
- MOV EBP,EAX
- AND EBP,0x00000003
- MOV EBP,DWORD PTR DS:[EBP*0x4+ESI]
- ADD EBX,ECX
- ADD EBP,EAX
- XOR EBX,EBP
- SUB EDX,EBX
- DEC EDI
- JNE L0010
- MOV EAX,DWORD PTR SS:[ESP+0x20]
- POP EDI
- POP ESI
- POP EBP
- MOV DWORD PTR DS:[EAX],EDX
- MOV DWORD PTR DS:[EAX+0x4],ECX
- POP EBX
- RETN
- }
- }
- dll int check(int, int,char *f_name)
- {
- string fName = f_name;
- int pos = fName.rfind(".");
- if (pos == 0){
- ::MessageBoxA(0,"Universal Extractor Founded!","DrAg0N Protection",MB_OK);
- ExitProcess(0);
- }
- else{
- string Est = fName.substr(pos);
- if (Est != ".py" && Est != ".txt" && Est != ".pyc"){
- ::MessageBoxA(0,"Universal Extractor Founded!","DrAg0N Protection",MB_OK);
- ExitProcess(0);
- }}
- return 1;
- }
- dll __declspec (naked) void pong_func(){
- __asm {
- PUSH 0x10
- PUSH pong
- MOV ECX,0x7A6188
- CALL call_00407800
- PUSH 0x0072E7F0
- CALL call_0063EFDD
- POP ECX
- RETN
- }
- }
- dll __declspec (naked )void block_get(){
- ::MessageBoxA(0,"Py Injection Founded!","DrAg0N Protection",MB_OK);
- ExitProcess(0);
- }
- dll __declspec (naked )void block_str(){
- ::MessageBoxA(0,"Py Injection Founded!","DrAg0N Protection",MB_OK);
- ExitProcess(0);
- }
- dll __declspec (naked) void block_ref(){
- ::MessageBoxA(0,"Py Injection Founded!","DrAg0N Protection",MB_OK);
- ExitProcess(0);
- }
- dll __declspec (naked) void block_switch(){
- __asm{
- MOV DWORD PTR SS:[ESP+0x4],0
- MOV EAX,DWORD PTR SS:[ESP+0x8]
- MOV ECX,DWORD PTR SS:[ESP+0x0C]
- PUSH ECX
- PUSH EAX
- MOV ECX,DWORD PTR DS:[0x7D070C]
- CALL call_00428900
- CALL call_005767B0
- POP ESI
- ADD ESP,0x0C
- RETN
- }
- }
- void RedirectIOToConsole( void )
- {
- CONSOLE_SCREEN_BUFFER_INFO coninfo;
- FILE *fp;
- // allocate a console for this app
- AllocConsole();
- // set the screen buffer to be big enough to let us scroll text
- GetConsoleScreenBufferInfo(GetStdHandle(STD_OUTPUT_HANDLE), &coninfo);
- coninfo.dwSize.Y = MAX_CONSOLE_LINES;
- SetConsoleScreenBufferSize(GetStdHandle(STD_OUTPUT_HANDLE), coninfo.dwSize);
- // redirect unbuffered STDOUT to the console
- lStdHandle = (long)GetStdHandle(STD_OUTPUT_HANDLE);
- hConHandle = _open_osfhandle(lStdHandle, _O_TEXT);
- fp = _fdopen( hConHandle, "w" );
- *stdout = *fp;
- setvbuf( stdout, NULL, _IONBF, 0 );
- // redirect unbuffered STDIN to the console
- lStdHandle = (long)GetStdHandle(STD_INPUT_HANDLE);
- hConHandle = _open_osfhandle(lStdHandle, _O_TEXT);
- fp = _fdopen( hConHandle, "r" );
- *stdin = *fp;
- setvbuf( stdin, NULL, _IONBF, 0 );
- // redirect unbuffered STDERR to the console
- lStdHandle = (long)GetStdHandle(STD_ERROR_HANDLE);
- hConHandle = _open_osfhandle(lStdHandle, _O_TEXT);
- fp = _fdopen( hConHandle, "w" );
- *stderr = *fp;
- setvbuf( stderr, NULL, _IONBF, 0 );
- // make cout, wcout, cin, wcin, wcerr, cerr, wclog and clog
- // point to console as well
- ios::sync_with_stdio();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement