API tools faq
paste
Riremito

Asprotect v1.23 import fixer

Riremito
Nov 5th, 2023
1,294
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 5.98 KB | None | 0 0
raw download clone embed print report
  1. // ASProtect 1.23 IAT fix tool
  2. #include"../Share/Simple/Simple.h"
  3.  
  4. enum IAT_RESULT {
  5.     IAT_ZERO,
  6.     IAT_NORMAL_API,
  7.     IAT_FIXED,
  8.     IAT_UNKNOWN,
  9.     IAT_ERROR,
  10. };
  11.  
  12. // ASProtect API Stub
  13. AobScan aob_emulation_call(L"68 ?? ?? ?? ?? C3");
  14. AobScan aob_jmp(L"E9");
  15. AobScan aob_push_byte_push_dword_jmp(L"6A ?? 68 ?? ?? ?? ?? E9");
  16. AobScan aob_push_byte_push_dword_emulation_call(L"6A ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? C3");
  17. // ASProtect API Emulation
  18. AobScan aob_emulation_GetCommandLineA(L"6A 00 E8 ?? ?? ?? ?? FF 35 ?? ?? ?? ?? 58 8B 05 ?? ?? ?? ?? C3");
  19. AobScan aob_emulation_LockResource(L"55 8B EC 8B 05 ?? ?? ?? ?? 8B 45 08 5D C2 04 00");
  20. AobScan aob_emulation_GetCurrentProcessId_GetCurrentProcess(L"A1 ?? ?? ?? ?? C3");
  21. AobScan aob_emulation_GetProcAddress(L"55 8B EC 8B 55 0C 8B 45 08 8B 0D ?? ?? ?? ?? 8B 09 3B C8 75 09 8B 04 95 ?? ?? ?? ?? EB 07 52 50 E8 ?? ?? ?? ?? 5D C2 08 00");
  22. AobScan aob_emulation_GetModuleHandleA(L"55 8B EC 8B 45 08 85 C0 75 13 81 3D ?? ?? ?? ?? ?? ?? ?? ?? 75 07 A1 ?? ?? ?? ?? EB 06 50 E8 ?? ?? ?? ?? 5D C2 04 00");
  23.  
  24. IAT_RESULT FixIAT(DWORD dwAddress) {
  25.  
  26.     DWORD dwRealAddress = *(DWORD *)dwAddress;
  27.  
  28.     if (dwRealAddress == 0) {
  29.         return IAT_ZERO;
  30.     }
  31.  
  32.     HMODULE hDll = 0;
  33.     if (GetModuleHandleExW(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, (LPCWSTR)dwRealAddress, &hDll)) {
  34.         return IAT_NORMAL_API;
  35.     }
  36.  
  37.     BYTE *mem = (BYTE *)dwRealAddress;
  38.  
  39.     // FIX PLZ
  40.     try {
  41.         // push + ret
  42.         if (aob_emulation_call.Compare(dwRealAddress)) {
  43.             dwRealAddress = *(DWORD *)&mem[1];
  44.             *(DWORD *)dwAddress = dwRealAddress;
  45.             return IAT_FIXED;
  46.         }
  47.  
  48.         // jmp
  49.         if (aob_jmp.Compare(dwRealAddress)) {
  50.             dwRealAddress = (DWORD)&mem[0] + *(signed long int *)&mem[1] + 0x05;
  51.             *(DWORD *)dwAddress = dwRealAddress;
  52.             return IAT_FIXED;
  53.         }
  54.  
  55.         // push + push + jmp
  56.         if (aob_push_byte_push_dword_jmp.Compare(dwRealAddress)) {
  57.             dwRealAddress = (DWORD)&mem[7] + *(signed long int *)&mem[8] + 0x05 - 0x07;
  58.             *(DWORD *)dwAddress = dwRealAddress;
  59.             return IAT_FIXED;
  60.         }
  61.  
  62.         // push + push + push + ret
  63.         if (aob_push_byte_push_dword_emulation_call.Compare(dwRealAddress)) {
  64.             dwRealAddress = *(DWORD *)&mem[8] - 0x07;
  65.             *(DWORD *)dwAddress = dwRealAddress;
  66.             return IAT_FIXED;
  67.         }
  68.  
  69.         // API Emulation
  70.         if (aob_emulation_GetCommandLineA.Compare(dwRealAddress)) {
  71.             *(DWORD *)dwAddress = (DWORD)GetCommandLineA;
  72.             return IAT_FIXED;
  73.         }
  74.  
  75.         if (aob_emulation_LockResource.Compare(dwRealAddress)) {
  76.             *(DWORD *)dwAddress = (DWORD)LockResource;
  77.             return IAT_FIXED;
  78.         }
  79.  
  80.         if (aob_emulation_GetCurrentProcessId_GetCurrentProcess.Compare(dwRealAddress)) {
  81.             if (*(DWORD *)(*(DWORD *)&mem[1]) == GetCurrentProcessId()) {
  82.                 *(DWORD *)dwAddress = (DWORD)GetCurrentProcessId;
  83.                 return IAT_FIXED;
  84.             }
  85.             if (*(DWORD *)(*(DWORD *)&mem[1]) == -1) {
  86.                 *(DWORD *)dwAddress = (DWORD)GetCurrentProcess;
  87.                 return IAT_FIXED;
  88.             }
  89.         }
  90.  
  91.         if (aob_emulation_GetProcAddress.Compare(dwRealAddress)) {
  92.             *(DWORD *)dwAddress = (DWORD)GetProcAddress;
  93.             return IAT_FIXED;
  94.         }
  95.  
  96.         if (aob_emulation_GetModuleHandleA.Compare(dwRealAddress)) {
  97.             *(DWORD *)dwAddress = (DWORD)GetModuleHandleA;
  98.             return IAT_FIXED;
  99.         }
  100.     }
  101.     catch (...) {
  102.         return IAT_ERROR;
  103.     }
  104.  
  105.  
  106.     return IAT_UNKNOWN;
  107. }
  108.  
  109. std::vector<DWORD> list_unknown_iat;
  110.  
  111. bool ASProtect_IAT_Fixer(DWORD dwIAT_Addr, DWORD dwIAT_Size, int &fixed) {
  112.     int count_fixed = 0;
  113.     int count_unknown = 0;
  114.     int count_error = 0;
  115.  
  116.     list_unknown_iat.clear();
  117.  
  118.     for (DWORD dwAddress = dwIAT_Addr; dwAddress <= dwIAT_Addr + dwIAT_Size; dwAddress += sizeof(DWORD)) {
  119.         IAT_RESULT ir = FixIAT(dwAddress);
  120.  
  121.         if (ir == IAT_FIXED) {
  122.             count_fixed++;
  123.         }
  124.         else if (ir == IAT_UNKNOWN) {
  125.             list_unknown_iat.push_back(dwAddress);
  126.             count_unknown++;
  127.         }
  128.         else if (ir == IAT_ERROR) {
  129.             count_error++;
  130.             return false;
  131.         }
  132.     }
  133.     return true;
  134. }
  135.  
  136.  
  137. enum SubControl {
  138.     STATIC_IAT_ADDRESS = 101,
  139.     STATIC_IAT_SIZE,
  140.     EDIT_IAT_ADDRESS,
  141.     EDIT_IAT_SIZE,
  142.     BUTTON_FIX,
  143.     EDIT_RESULT,
  144. };
  145.  
  146. bool OnCreate(Alice &a) {
  147.     a.StaticText(STATIC_IAT_ADDRESS, L"IAT Address (DWORD)", 30, 30);
  148.     a.StaticText(STATIC_IAT_SIZE, L"IAT Size (DWORD)", 30, 60);
  149.  
  150.     a.EditBox(EDIT_IAT_ADDRESS, 150, 30, L"", 100);
  151.     a.EditBox(EDIT_IAT_SIZE, 150, 60, L"", 100);
  152.     a.Button(BUTTON_FIX, L"FIX!!!", 270, 90);
  153.     a.TextArea(EDIT_RESULT, 5, 150, 390, 140);
  154.     return true;
  155. }
  156.  
  157. bool OnCommand(Alice &a, int nIDDlgItem) {
  158.     if (nIDDlgItem == BUTTON_FIX) {
  159.         std::wstring wIAT_Addr, wIAT_Size;
  160.         wIAT_Addr = a.GetText(EDIT_IAT_ADDRESS);
  161.         wIAT_Size = a.GetText(EDIT_IAT_SIZE);
  162.  
  163.         DWORD dwIAT_Addr = 0, dwIAT_Size = 0;
  164.         swscanf_s(wIAT_Addr.c_str(), L"%X", &dwIAT_Addr);
  165.         swscanf_s(wIAT_Size.c_str(), L"%X", &dwIAT_Size);
  166.  
  167.         std::wstring wText;
  168.         wText = L"Input Value, Addr = " + DWORDtoString(dwIAT_Addr) + L", Size = " + DWORDtoString(dwIAT_Size);
  169.  
  170.         if (MessageBoxW(a.GetMainHWND(), wText.c_str(), L"Please input value", MB_YESNO) == IDYES) {
  171.             int fixed = 0;
  172.             if (!ASProtect_IAT_Fixer(dwIAT_Addr, dwIAT_Size, fixed)) {
  173.                 MessageBoxW(a.GetMainHWND(), L"Error", L"R.I.P", MB_OK);
  174.             }
  175.             else {
  176.                 std::wstring wMsg = L"OK! please open Scylla, fixed = " + std::to_wstring(fixed);
  177.                 MessageBoxW(a.GetMainHWND(), wMsg.c_str(), L"OK", MB_OK);
  178.  
  179.                 std::wstring wResult = L"";
  180.                 for (auto v : list_unknown_iat) {
  181.                     wResult += std::to_wstring(v) + L" :  " + std::to_wstring(*(DWORD *)v) + L"\r\n";
  182.                 }
  183.  
  184.                 a.SetText(EDIT_RESULT, wResult);
  185.             }
  186.         }
  187.  
  188.         return true;
  189.     }
  190.     return true;
  191. }
  192.  
  193. void aif_gui(HINSTANCE hInstance) {
  194.     Alice a(L"aifgui", L"Asprotect v1.23 import fixer", 400, 300, hInstance);
  195.  
  196.     a.SetOnCreate(OnCreate);
  197.     a.SetOnCommand(OnCommand);
  198.     a.Run();
  199.     a.Wait();
  200. }
  201.  
  202.  
  203. BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
  204.     if (fdwReason == DLL_PROCESS_ATTACH) {
  205.         DisableThreadLibraryCalls(hinstDLL);
  206.         HANDLE hThread = CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)aif_gui, hinstDLL, NULL, NULL);
  207.  
  208.         if (hThread) {
  209.             CloseHandle(hThread);
  210.         }
  211.     }
  212.     return TRUE;
  213. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!