Denuvo bypass dll

1. OPTION DOTNAME
2. option casemap:none
3.  
4. include G:\Programs\Soft\Coding\MASM\masm64\Include\win64.inc
5. include G:\Programs\Soft\Coding\MASM\masm64\Include\kernel32.inc
6. include G:\Programs\Soft\Coding\MASM\masm64\Include\user32.inc
7. include G:\Programs\Soft\Coding\MASM\masm64\Include\ADVAPI32.inc
8. include G:\Programs\Soft\Coding\MASM\masm64\Include\temphls.inc
9. include G:\Programs\Soft\Coding\MASM\masm64\Include\unicode_string.inc
10.  
11. includelib G:\Programs\Soft\Coding\MASM\masm64\lib\user32.lib
12. includelib G:\Programs\Soft\Coding\MASM\masm64\lib\kernel32.lib
13. includelib G:\Programs\Soft\Coding\MASM\masm64\lib\comctl32.lib
14. includelib G:\Programs\Soft\Coding\MASM\masm64\lib\gdi32.lib
15. includelib G:\Programs\Soft\Coding\MASM\masm64\lib\advapi32.lib
16.  
17.  
18. OPTION PROLOGUE:rbpFramePrologue
19. OPTION EPILOGUE:rbpFrameEpilogue
20.  
21. .DATA
22.  
23. BYTE_CODE_VM_ARRAY_0 DWORD 1 dup(мои триггеры были)
24.                
25.                
26. BYTE_CODE_VM_ARRAY_1 DWORD 1 dup(мои триггеры были)
27.                  
28.                  
29. BYTE_CODE_VM_ARRAY_2 DWORD 1 dup(мои триггеры были)
30.                  
31.                
32. BYTE_CODE_VM_ARRAY_3 DWORD 1 dup(мои триггеры были)
33.                
34. JMP_S DB "JMP", 0
35. CALL_S DB "CALL",0
36.  
37. COUNTER_0 DB NULL                                  
38.  
39. COUNTER_1 DB NULL
40.  
41. COUNTER_2 DB NULL
42.  
43. COUNTER_3 DB NULL
44.  
45. COUNTER_4 DB NULL
46.  
47. COUNTER_5 DQ NULL
48.  
49. VAR_8CF_Game_Start_2 DW 080h
50.  
51. OTHER_BYTE_CODE_VM_ARRAY_0 DB 1 dup(мои триггеры были)
52. OTHER_BYTE_CODE_VM_ARRAY_1 DB 1 dup(мои триггеры были)
53. OTHER_BYTE_CODE_VM_ARRAY_2 DB 1 dup(мои триггеры были)
54.  
55. .CODE
56. ; ######################################################################CODE
57. DllEntryPoint proc <3> varargs
58.     invoke MessageBox, NULL, &JMP_S, &CALL_S, MB_OK
59.     ret
60. ;-1CF_initterm_2
61. @1CF_initterm_2:
62. inc [COUNTER_1]
63. cmp [COUNTER_1], 1
64. jne @1CF_initterm_20
65. LEA RDX, BYTE_CODE_VM_ARRAY_0+220
66. jmp @1CF_initterm_21
67. @1CF_initterm_20:
68. LEA RDX, [R11+RAX]
69. @1CF_initterm_21:
70. MOV RBX, 0FFFFFFFFE3DC265Eh
71. LEA RDX, [RDX+07693FFD2h]
72. LEA RBX, [RDX+RBX]
73. XOR EDX, EDX
74. MOV EAX, [RBX-05A702630h]
75. lea rcx, JMP_S
76. ;-1CF_initterm_2
77. ;-2CF_initterm_2
78. @2CF_initterm_2:
79. LEA RDX, BYTE_CODE_VM_ARRAY_0+360
80. MOV RBX, 0FFFFFFFFE3DC265Eh
81. LEA RDX, [RDX+07693FFD2h]
82. LEA RBX, [RDX+RBX]
83. XOR EDX, EDX
84. MOV EAX, [RBX-05A702630h]
85. lea rcx, JMP_S
86. ;-2CF_initterm_2
87. ;-3CF_initterm_2
88. @3CF_initterm_2:
89. MOV R9D, [BYTE_CODE_VM_ARRAY_2+16]
90. lea rcx, JMP_S
91. ;-3CF_initterm_2
92. ;-4CF_initterm_2
93. cmp [COUNTER_0], 2
94. je @4CF_initterm_20
95. MOV R12D, [RSI-0410D0782h]
96. @4CF_initterm_20:
97. inc [COUNTER_0]
98. cmp [COUNTER_0], 3
99. jne @4CF_initterm_21
100. MOV R12D, [BYTE_CODE_VM_ARRAY_2+108]
101. @4CF_initterm_21:
102. lea rcx, JMP_S
103. ;-4CF_initterm_2
104. ;-5CF_initterm_2
105. MOV EAX, [BYTE_CODE_VM_ARRAY_2+20]
106. PUSH RBP
107. lea rcx, JMP_S
108. ;-5CF_initterm_2
109. ;-1CF_Game_Start_2
110. MOV EAX, [BYTE_CODE_VM_ARRAY_1+104]
111. PUSH RBP
112. lea rcx, JMP_S
113. ;-1CF_Game_Start_2
114. ;-2CF_Game_Start_2
115. LEA RDX, BYTE_CODE_VM_ARRAY_2-20
116. MOV RBX, 0FFFFFFFFE3DC265Eh
117. LEA RDX, [RDX+07693FFD2h]
118. LEA RBX, [RDX+RBX]
119. XOR EDX, EDX
120. MOV EAX, [RBX-05A702630h]
121. lea rcx, JMP_S
122. ;-2CF_Game_Start_2
123. ;-3CF_Game_Start_2
124. LEA RDX, BYTE_CODE_VM_ARRAY_0+84
125. MOV RBX, 0FFFFFFFFE3DC265Eh
126. LEA RDX, [RDX+07693FFD2h]
127. LEA RBX, [RDX+RBX]
128. XOR EDX, EDX
129. MOV EAX, [RBX-05A702630h]
130. lea rcx, JMP_S
131. ;-3CF_Game_Start_2
132. ;-4CF_Game_Start_2
133. OR R14D, [BYTE_CODE_VM_ARRAY_2-12]
134. lea rcx, JMP_S
135. ;-4CF_Game_Start_2
136. ;-5CF_Game_Start_2
137. inc [COUNTER_2]
138. cmp [COUNTER_2], 4
139. jne @5CF_Game_Start_20
140. MOV R12D, [BYTE_CODE_VM_ARRAY_1+32]
141. jmp @5CF_Game_Start_21
142. @5CF_Game_Start_20:
143. MOV R12D, [R15-0222F85BEh]
144. @5CF_Game_Start_21:
145. lea rcx, JMP_S
146. ;-5CF_Game_Start_2
147. ;-6CF_Game_Start_2
148. inc [COUNTER_3]
149. cmp [COUNTER_3], 6
150. jne @6CF_Game_Start_20
151. MOV R11D, [BYTE_CODE_VM_ARRAY_3-16]
152. jmp @6CF_Game_Start_21
153. @6CF_Game_Start_20:
154. MOV R11D, [RDI-0222F85BEh]
155. @6CF_Game_Start_21:
156. lea rcx, JMP_S
157. ;-6CF_Game_Start_2
158. ;-7CF_Game_Start_2
159. LEA RDX, BYTE_CODE_VM_ARRAY_3+12
160. PUSH RAX
161. NOT RAX
162. OR RAX, 0FFFFFFFFFFFF0000h
163. AND [RSP], RAX
164. POP RAX
165. OR AX, [RDX]
166. lea rcx, JMP_S
167. ;-7CF_Game_Start_2
168. ;-8CF_Game_Start_2
169. XOR DX, [VAR_8CF_Game_Start_2]
170. lea rcx, CALL_S
171. lea rcx, JMP_S
172. lea rcx, JMP_S
173. ;-8CF_Game_Start_2
174. ;-9CF_Game_Start_2
175. ADD R8B, [OTHER_BYTE_CODE_VM_ARRAY_0]
176. lea rcx, JMP_S
177. ;-9CF_Game_Start_2
178. ;-10CF_Game_Start_2
179. xor rbp, rbp
180. cmp COUNTER_4, 0
181. jne @10CF_Game_Start_20
182. lea rbp, OTHER_BYTE_CODE_VM_ARRAY_0
183. @10CF_Game_Start_20:
184. cmp COUNTER_4, 0
185. je @10CF_Game_Start_21
186. mov rbp, [COUNTER_5]
187. @10CF_Game_Start_21:
188. inc [COUNTER_4]
189. MOV AL, [rbp]
190. inc rbp
191. mov [COUNTER_5], rbp
192. lea rcx, JMP_S
193. ;-10CF_Game_Start_2
194.  
195. DllEntryPoint Endp
196. ; ######################################################################CODE
197. ;settings линковщика /SUBSYSTEM:WINDOWS /ENTRY:DllEntryPoint /DLL  /MERGE:.rdata=.text /DYNAMICBASE:NO
198. END