EXECryptor SDK Helper v1.0 BETA
As the name says, this script will help you find out if an EXECryptor target (preferably unpacked) uses SDK -- only C++ for now -- and attempt to retrieve the APIs from found references. If you think of faster methods of detection, let me know. I should've used the backtracer from start, damn :-)Anyway, enjoy!
TODO:
- tracer for real entry of APIs;
- forgot some checks, will fix on a later release;
P.S.: Tested on Uninstall Tool and PlayClaw (first uses direct SDK flow, while second uses inverted SDK flow)..
EXECryptor Helper (VC++) | Version: 1.0 BETA - 16.03.2010
- - - - - - - - - - - - - - - - FIND SDK - - - - - - - - - - - - - - - - - - -
'UNPROTECTED' string found at: 0x5B72E8 ... Done
String reference found at: 0x41B0DF ... Done
Normal SDK flow detected ... Done
- - - - - - - - - - - - - - - - FIND APIs - - - - - - - - - - - - - - - - - - -
EXECryptor_GetDate(): 0x41B089 ... Found
EXECryptor_GetHardwareID(): 0x41B0C2 ... Found
EXECryptor_IsAppProtected(): 0x41B0CD ... Found
EXECryptor_GetEXECryptorVersion(): 0x41B0D8 ... Found
EXECryptor_GetReleaseDate(): 0x41B0E6 ... Found
EXECryptor_EncryptStr(): 0x41B11F ... Found
EXECryptor_DecryptStr(): 0x41B137 ... Found
EXECryptor_EncryptStrW(): 0x41B14F ... Found
EXECryptor_DecryptStrW(): 0x41B167 ... Found
EXECryptor_GetTrialDaysLeft(): 0x41B17F ... Found
EXECryptor_GetTrialRunsLeft(): 0x41B18E ... Found
EXECryptor_SecureWrite(): 0x41B19D ... Found
EXECryptor_SecureRead(): 0x41B1FC ... Found
EXECryptor_SecureWriteW(): 0x41B279 ... Found
EXECryptor_SecureReadW(): 0x41B2DB ... Found
EXECryptor_MessageBoxA(): 0x41B35A ... Found
EXECryptor_GetProcAddr(): 0x41B374 ... Found
EXECryptor_AntiDebug(): 0x41B388 ... Found
EXECryptor_ProtectImport(): 0x41B391 ... Found
EXECryptor_VerifySerialNumber(): 0x41B39A ... Found
EXECryptor_VerifySerialNumberW(): 0x41B3A8 ... Found
EXECryptor_DecodeSerialNumber(): 0x41B3B6 ... Found
EXECryptor_DecodeSerialNumberW(): 0x41B3C4 ... Found
EXECryptor_IsRegistered(): 0x41B3D2 ... Found
EXECryptor_RegConst_0(): 0x41B3DE ... Found
EXECryptor_RegConst_1(): 0x41B3E6 ... Found
EXECryptor_RegConst_2(): 0x41B3EF ... Found
EXECryptor_RegConst_3(): 0x41B3F8 ... Found
EXECryptor_RegConst_4(): 0x41B401 ... Found
EXECryptor_RegConst_5(): 0x41B40A ... Found
EXECryptor_RegConst_6(): 0x41B413 ... Found
EXECryptor_RegConst_7(): 0x41B41C ... Found
EXECryptor Helper (VC++) | Version: 1.0 BETA - 16.03.2010
- - - - - - - - - - - - - - - - FIND SDK - - - - - - - - - - - - - - - - - - -
'UNPROTECTED' string found at: 0x46A210 ... Done
String reference found at: 0x454D37 ... Done
Inverted SDK flow detected ... Done
- - - - - - - - - - - - - - - - FIND APIs - - - - - - - - - - - - - - - - - - -
EXECryptor_GetDate(): 0x454D60 ... Found
EXECryptor_GetHardwareID(): 0x454D50 ... Found
EXECryptor_IsAppProtected(): 0x454D40 ... Found
EXECryptor_GetEXECryptorVersion(): 0x454D30 ... Found
EXECryptor_GetReleaseDate(): 0x454CF0 ... Found
EXECryptor_EncryptStr(): 0x454CA0 ... Found
EXECryptor_DecryptStr(): 0x454C50 ... Found
EXECryptor_EncryptStrW(): 0x454C00 ... Found
EXECryptor_DecryptStrW(): 0x454BB0 ... Found
EXECryptor_GetTrialDaysLeft(): 0x454BA0 ... Found
EXECryptor_GetTrialRunsLeft(): 0x454B90 ... Found
EXECryptor_SecureWrite(): 0x454B00 ... Found
EXECryptor_SecureRead(): 0x454A70 ... Found
EXECryptor_SecureWriteW(): 0x4549D0 ... Found
EXECryptor_SecureReadW(): 0x454940 ... Found
EXECryptor_MessageBoxA(): 0x454920 ... Found
EXECryptor_GetProcAddr(): 0x454900 ... Found
EXECryptor_AntiDebug(): 0x4548F0 ... Found
EXECryptor_ProtectImport(): 0x4548E0 ... Found
EXECryptor_VerifySerialNumber(): 0x4548D0 ... Found
EXECryptor_VerifySerialNumberW(): 0x4548C0 ... Found
EXECryptor_DecodeSerialNumber(): 0x4548B0 ... Found
EXECryptor_DecodeSerialNumberW(): 0x4548A0 ... Found
EXECryptor_IsRegistered(): 0x454890 ... Found
EXECryptor_RegConst_0(): 0x454880 ... Found
EXECryptor_RegConst_1(): 0x454870 ... Found
EXECryptor_RegConst_2(): 0x454860 ... Found
EXECryptor_RegConst_3(): 0x454850 ... Found
EXECryptor_RegConst_4(): 0x454840 ... Found
EXECryptor_RegConst_5(): 0x454830 ... Found
EXECryptor_RegConst_6(): 0x454820 ... Found
EXECryptor_RegConst_7(): 0x454810 ... Found 不错,收藏! 我感觉老外很喜欢用EXECryptor壳。 这个怎么用 看似不能用呀
页:
[1]