吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 4002|回复: 11
收起左侧

[求助] Enigma HWID Inline Bitch问题(Enigma Protector 1.5x - 4.2x (Inline Patching))

[复制链接]
xujidejia 发表于 2020-4-29 22:48
大神门,晚上好!
我在本站找到Enigma HWID Inline Bitch ,作者视频介绍是所有版本都可以Inline Bitch,我找到了作者使用的试验品程序演练下,但是在却失败,请大神门给解决下,万分感谢!
2222.png
上图就是运行后的提示,后续还有错误,未上传图。
下面是作者的脚本内容:
////////////////////////Ch鈚eau-Saint-Martin////////////////////////////////////////////////////////////////////
//                                                                      ///////////////////////////////////////
//  FileName    :  Enigma HWID Inline Bitch 1.0                         //////////////////////////////////////
//  Features    :                                                       /////////////////////////////////////
//                 Let create a Inline file or a loader file if         ////////////////////////////////////
//                 CRC checks are in use.The new created files          ///////////////////////////////////
//                 will patch your valid HWID into process.             //////////////////////////////////
//                 useful script for all who don't wanna be             /////////////////////////////////
//                 dependent to one PC & HW etc.                        ////////////////////////////////
//                                                                      ///////////////////////////////
//                  *************************************************** //////////////////////////////
//               ( 1.) Creates InLine File                            * /////////////////////////////
//                                                                    * ////////////////////////////
//               ( 2.) Creates Loader File                [exe only]  * ///////////////////////////
//                                                                    * //////////////////////////
//               ( 3.) Fully Automatic Support                        * /////////////////////////
//                                                                    * ////////////////////////
//               ( 4.) Supports VMed HWID                             * ///////////////////////
//                                                                    * //////////////////////
//               ( 5.) Supports All ENIGMA Versions                   * /////////////////////
//                                                                    * ////////////////////
//               ( 6.) WinXP SP2|3 & Windows 7 | 32 Bit Support       * ///////////////////
//                                                                    * //////////////////
//                                                                    * /////////////////
//                 How to Use Information's | Step List Choice        * ////////////////
//                  *************************************************** ///////////////
//                                                                    * //////////////
//                  *0 <- Enter your HWID into Script                 * /////////////
//                  *1 <- Enter HWID as one string!                   * ////////////
//                  *2 <- Load file in Olly and run script!           * ///////////
//                  *3 <- Done                                        * //////////
//                                                                    * /////////
//                  *************************************************** ////////
//  Environment :  WinXP-SP2/SP3 or Windows7 32 Bit,OllyDbg V1.10,      ///////
//                 ODBGScript v1.82.6,StrongOD 0.4.8.892,PhantOm 1.79   //////
//                                                                      /////
//  Author      :  LCF-AT                                               ////
//  Date        :  2014-24-07 | July                                    ///
//                                                                      //
///////////////WILLST DU SPAREN,DANN MU逿 DU SPAREN!/////////////////////
LC
lclr
call VAR_TOP
////////////////////
ENTER_YOUR_HWID_DATAS:
/*
Enter here your system HWID from NAG!
Enter here the valid HWID of your Enigma target!
Enter the strings with or without "-"!

Exsample:  "12345-12345-12345-12345"
or          "12345123451234512345"
*/
mov HWID_IS,    "B1306-97E1F-0D8EB-0CB79-71BA2-1A393-88ADD-D3025"
mov HWID_VALID, "A55F6-97EB5-E68EB-04108-87272-1A3E1-6E17D-EDCEA"
////////////////////
len HWID_IS
cmp $RESULT, 00
jne HWIDIS_THERE
eval "{SCRIPTNAME} {L2}{LONG} {L1}Problem!Found no String in HWID_IS Variable! {L1}Enter the HWID String above! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
ret
////////////////////
HWIDIS_THERE:
len HWID_VALID
cmp $RESULT, 00
jne HWIDIS_THERE_TOO
eval "{SCRIPTNAME} {L2}{LONG} {L1}Problem!Found no String in HWID_VALID Variable! {L1}Enter the HWID String above! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
ret
////////////////////
HWIDIS_THERE_TOO:
eval "{SCRIPTNAME} {L2}{LONG} {L1}Info: HWID Datas to use now! {L1}HWID IS:     {HWID_IS} {L2}{L2}HWID Valid: {HWID_VALID} \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
alloc 1000
mov TESTSEC,    $RESULT
mov [TESTSEC],  HWID_IS
alloc 1000
mov TESTSEC2,   $RESULT
mov [TESTSEC2], HWID_VALID
alloc 1000
mov TESTSEC3,   $RESULT
alloc 1000
mov TESTSEC4,   $RESULT
mov BAK_EIP,    eip
mov eip, TESTSEC3
mov [TESTSEC3], #33D2BFAAAAAAAABEBBBBBBBB803E007410803E2D740833C94142F3A4EBEE46EBEB909090#
mov [TESTSEC3+03], TESTSEC4
mov [TESTSEC3+08], TESTSEC
pusha
bp TESTSEC3+21
run
mov edi, TESTSEC4
gstr edi, edx
mov HWID_IS, $RESULT
fill TESTSEC4, edx, 00
mov eip, TESTSEC3
mov [TESTSEC3+08], TESTSEC2
run
bc
mov edi, TESTSEC4
gstr edi, edx
mov HWID_VALID, $RESULT
popa
mov eip, BAK_EIP
free TESTSEC
free TESTSEC2
free TESTSEC3
free TESTSEC4
log ""
eval "HWID String of system: {HWID_IS}"
log $RESULT, ""
eval "HWID String new valid: {HWID_VALID}"
log $RESULT, ""
BC
BPMC
BPHWC
call VARS
cmp $VERSION, "1.82"
je RIGHT_VERSION
ja RIGHT_VERSION
log ""
eval "Your are using a too old script version: {$VERSION}"
log $RESULT, ""
log ""
log "Update your plugin to min. version 1.82 and try again!"
log ""
eval "{SCRIPTNAME} {L2}{LONG} {L1}Your are using a too old script version: {$VERSION} \r\n\r\nUpdate your plugin to min. version 1.82 and try again! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
ret
////////////////////
RIGHT_VERSION:
pause
/*
RESUME THE SCRIPT!
*/
////////////////////
GET_TOPS:
GPI PROCESSID
mov PROCESSID, $RESULT
GPI PROCESSNAME
mov PROCESSNAME, $RESULT
mov PROCESSNAME_2, $RESULT
len PROCESSNAME
mov PROCESSNAME_COUNT, $RESULT
buf PROCESSNAME_COUNT
alloc 1000
mov PROCESSNAME_FREE_SPACE, $RESULT
mov PROCESSNAME_FREE_SPACE_2, $RESULT
mov EIP_STORE, eip
mov eip, PROCESSNAME_FREE_SPACE
mov [PROCESSNAME_FREE_SPACE], PROCESSNAME
////////////////////
PROCESSNAME_CHECK:
cmp [PROCESSNAME_FREE_SPACE],00
je PROCESSNAME_CHECK_02
cmp [PROCESSNAME_FREE_SPACE],#20#, 01
je PROCESSNAME_CHECK_01
cmp [PROCESSNAME_FREE_SPACE],#2E#, 01
je PROCESSNAME_CHECK_01
inc PROCESSNAME_FREE_SPACE
jmp PROCESSNAME_CHECK
////////////////////
PROCESSNAME_CHECK_01:
mov [PROCESSNAME_FREE_SPACE], #5F#, 01
jmp PROCESSNAME_CHECK
////////////////////
PROCESSNAME_CHECK_02:
readstr [PROCESSNAME_FREE_SPACE_2], 08
mov PROCESSNAME, $RESULT
str PROCESSNAME
mov eip, EIP_STORE
free PROCESSNAME_FREE_SPACE
////////////////////
GMA PROCESSNAME, MODULEBASE
cmp $RESULT, 0
jne MODULEBASE
pause
pause
////////////////////
MODULEBASE:
mov MODULEBASE, $RESULT
mov PE_HEADER, $RESULT
GPI CURRENTDIR
mov CURRENTDIR, $RESULT
gmi PE_HEADER, PATH
mov PATH, $RESULT
mov EXTENSION, $RESULT
alloc 1000
mov TESTSEC, $RESULT
mov [TESTSEC], PATH
pusha
mov eax, TESTSEC
len CURRENTDIR
add eax, $RESULT
len PROCESSNAME_2
add eax, $RESULT
gstr eax
mov EXTENSION, $RESULT
popa
free TESTSEC
////////////////////
gmemi PE_HEADER, MEMORYSIZE
mov PE_HEADER_SIZE, $RESULT
add CODESECTION, MODULEBASE
add CODESECTION, PE_HEADER_SIZE
gmemi CODESECTION, MEMORYBASE
cmp CODESECTION, $RESULT
je NORMAL_CODESECTION
gmi PE_HEADER, CODEBASE
mov CODESECTION, $RESULT
////////////////////
NORMAL_CODESECTION:
GMI MODULEBASE, MODULESIZE
mov MODULESIZE, $RESULT
add MODULEBASE_and_MODULESIZE, MODULEBASE
add MODULEBASE_and_MODULESIZE, MODULESIZE
////////////////////
gmemi CODESECTION, MEMORYSIZE
mov CODESECTION_SIZE, $RESULT
add PE_HEADER, 03C
mov PE_SIGNATURE, PE_HEADER
sub PE_HEADER, 03C
mov PE_SIZE, [PE_SIGNATURE]
add PE_INFO_START, PE_HEADER
add PE_INFO_START, PE_SIZE
////////////////////
mov PE_TEMP, PE_INFO_START
////////////////////
mov SECTIONS, [PE_TEMP+06], 01
itoa SECTIONS, 10.
mov SECTIONS, $RESULT
mov ENTRYPOINT, [PE_TEMP+028]
mov BASE_OF_CODE, [PE_TEMP+02C]
mov IMAGEBASE, [PE_TEMP+034]
pusha
xor eax, eax
mov DLLMOVE, [PE_TEMP+05E], 02
mov eax, [PE_TEMP+05E], 02
cmp al, 40
jb DLLMOVE_DISABLED
cmp al, 80
ja DLLMOVE_DISABLED
log "Dll Can Move Option is Enabled! = Diffrent loading of targetbase!"
log "You need to disable this option or system ASLR!"
sub [PE_TEMP+05E], 40
log "Dll Can Move was disabled in PE Header now before dumping later!"
////////////////////
DLLMOVE_DISABLED:
mov eax, PE_TEMP
mov ecx, [eax+16]
and ecx, 0000F000
shr ecx, 0C
cmp cl, 00
je IS_EXE_ER
cmp cl, 01
je IS_EXE_ER
cmp cl, 04
je IS_EXE_ER
cmp cl, 05
je IS_EXE_ER
cmp cl, 08
je IS_EXE_ER
cmp cl, 09
je IS_EXE_ER
cmp cl, 0C
je IS_EXE_ER
cmp cl, 0D
je IS_EXE_ER
////////////////////
IS_DLL_ER:
mov IS_DLLAS, 01
log ""
log "Your target is a >>> Dynamic <<< Link Library!"
log ""
log "Note: If possible then don't use the VM OEP for dlls if real OEP is not stolen!"
log "Change VM OEP after popad to JMP Target OEP!"
log "Or"
log "Just set a another push 0 before VM OEP push = 2 pushes before jump to WL VM!"
log ""
log "OEP change if you want to keep VM OEP for Dll"
log "-------------------------------------------------"
log "popad"
log "mov ebp, Align"
log "push 0"
log "push VM OEP Value"
log "jmp WL VM"
log "-------------------------------------------------"
log ""
log "Exsample: Not stolen Dll OEP!"
log "-------------------------------------------------"
log "100084D2   MOV EDI,EDI"
log "100084D4   PUSH EBP"
log "100084D5   MOV EBP,ESP"
log "100084D7   CMP DWORD PTR SS:[EBP+0xC],0x1  <-- check for 1 must be inside to run the Dll"
log "100084DB   JNZ SHORT 100084E2              <-- Don't jump if value 1 is inside stack"
log ""
log "Stack: At Target OEP / Not stolen"
log "-------------------------------------------------"
log "$ ==>    7C91118A  RETURN to ntdll.7C91118A"
log "$+4      10000000  Dll_X.10000000  <-- Base"
log "$+8      00000001                  <-- 1"
log "$+C      00000000"
log ""
cmp IMAGEBASE, MODULEBASE
je NO_DLL_BASE_CHANGE
mov PE_DLLON, eax+34
eval "Before Dumping - Changed ImageBase in PE: {IMAGEBASE} to current ModuleBase: {MODULEBASE}"
log $RESULT, ""
log ""
log "RELOC Unpack Process by user!"
log ""
mov IMAGEBASE, MODULEBASE
popa
jmp SAME_USED_BASE
////////////////////
NO_DLL_BASE_CHANGE:
log "ImageBase in PE keep same = File was loaded with original ImageBase!"
log ""
popa
jmp SAME_USED_BASE
////////////////////
IS_EXE_ER:
mov IS_EXE, 01
log ""
log "Your target is a >>> Executable <<< file!"
log ""
popa
cmp IMAGEBASE, MODULEBASE
je SAME_USED_BASE
mov IMAGEBASE, MODULEBASE
////////////////////
CHECK_BASE_OF:
log "Your target not was loaded with the original IMAGEBASE!"
eval "{SCRIPTNAME} {L2}{LONG} {L1} {L2}Your target not was loaded with the original IMAGEBASE! {L1}Disable "Dll Can Move" option in your target or ASLR on your system or unpack your file on WinXP! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
cret
ret
////////////////////
SAME_USED_BASE:
pusha
mov eax, PE_HEADER
mov ecx, CODESECTION
sub ecx, eax
////////////////////
NORMAL_PE:
log ""
eval "PE HEADER:   {PE_HEADER} | {PE_HEADER_SIZE}"
log $RESULT, ""
eval "CODESECTION: {CODESECTION} | {CODESECTION_SIZE}"
log $RESULT, ""
eval "PE HEADER till CODESECTION Distance: {ecx} || Value of 1000 = Normal!"
log $RESULT, ""
cmp ecx, 1000
popa
ja NET_HEADER
log "Your Target seems to be a normal file!"
log ""
jmp OVER_NET_CHECK
////////////////////
NET_HEADER:
log "Your Target seems to be a NET-FRAMEWORK file!"
log ""
mov IS_NET, 01
////////////////////
OVER_NET_CHECK:
log "Unpacking of NET targets is diffrent!"
log "Dump running process with WinHex and then fix the whole PE and NET struct!"
log ""
mov SIZE_OF_IMAGE, [PE_TEMP+050]
mov TLS_TABLE_ADDRESS, [PE_TEMP+0C0]+MODULEBASE
mov TLS_TABLE_CB_TABLE_ADDRESS, TLS_TABLE_ADDRESS+0C
mov TLS_TABLE_CB_POINTER_ADDRESS, [TLS_TABLE_CB_TABLE_ADDRESS]
mov TLS_CB_ADDRESS, [TLS_TABLE_CB_POINTER_ADDRESS]
mov TLS_TABLE_SIZE, [PE_TEMP+0C4]
mov IMPORT_TABLE_ADDRESS, [PE_TEMP+080]
mov IMPORT_TABLE_SIZE, [PE_TEMP+084]
mov IMPORT_ADDRESS_TABLE, [PE_TEMP+0D8]
mov IATSTORE, [PE_TEMP+0D8]
add ENTRYPOINT, IMAGEBASE
cmp TLS_CB_ADDRESS, 00
je NO_TLSCB
pusha
mov eax, PE_TEMP
mov edx, PE_TEMP
mov ecx, [eax+14]
add eax, cx
add eax, 18
mov ebx, [edx+6]
and ebx, 0000FFFF
mov esi, TLS_TABLE_CB_POINTER_ADDRESS
////////////////////
OFFSET_LOOP:
cmp ebx, 00
je OFFSET_LOOP_END
mov ecx, [eax+0C]+MODULEBASE
cmp ecx, esi
jb TOO_LOW
////////////////////
TOO_LOW:
add ecx, [eax+08]
cmp esi, ecx
ja TOO_HIGH
sub esi, MODULEBASE
sub esi, [eax+0C]
add esi, [eax+14]
mov TLSCP_OFFSET, esi
popa
jmp NO_TLSCB
////////////////////
TOO_HIGH:
dec ebx
add eax, 28
jmp OFFSET_LOOP
////////////////////
OFFSET_LOOP_END:
popad
pause
pause
ret
////////////////////
NO_TLSCB:
pusha
xor eax, eax
xor ecx, ecx
mov eax, [PE_TEMP+0E8]
mov ecx, [PE_TEMP+0EC]
mov NETD, eax+MODULEBASE
mov NETS, ecx
cmp eax, 00
popa
je NO_NET_DIRECTORY_FOUND
log "NET Directory Found!"
jmp YES_NET_DIRECTORY_FOUND
////////////////////
NO_NET_DIRECTORY_FOUND:
mov NETD, "Not"
mov NETS, "Found"
////////////////////
YES_NET_DIRECTORY_FOUND:
pusha
mov eax, PE_HEADER_SIZE
add eax, PE_HEADER
mov ecx, CODESECTION
mov PE_ONE, eax
mov PE_TWO, ecx
popa
cmp IS_NET, 00
je EIP_CHECK
////////////////////
IS_NET_FILE:
eval "{SCRIPTNAME} {L2}{LONG} {L1} {L2}Your target >> {PROCESSNAME_2} << seems to be a NET FRAME WORK app! {L1}NET Directory Found at VA: {NETD} | {NETS} {L1}{LINES}{LINES}{L2}PE HEADER + SIZE: {PE_ONE} {L1}CODESECTION:       {PE_TWO} {L2}{LINES}{LINES} {L1}Run script till (bypass HWID if needed) OEP and then run the app with F9! {L1}Unpacking of NET targets is diffrent! {L1}Dump running process with WinHex and then fix the whole PE and NET struct! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
mov IS_NET, 01
jmp EIP_CHECK
pause
cret
ret
////////////////////
////////////////////
EIP_CHECK:
cmp ENTRYPOINT, 00
je PE_MODDED_BAD
cmp ENTRYPOINT, MODULEBASE
jne PE_NOT_MODDED
////////////////////
PE_MODDED_BAD:
log ""
log "EntryPoint is 0 = PE Header was selfmodded!"
log "Seems that your target did run already one time!"
log "Enable the option AdvEnumModule in your StrongOD Plugin and restart!"
eval "{SCRIPTNAME} {L2}{LONG} {L1} {L2}Problem: EntryPoint is 0 = PE Header was selfmodded! {L2}Seems that your target did run already one time! {L2}Enable the option AdvEnumModule in your StrongOD Plugin and restart! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
pause
pause
cret
ret
////////////////////
PE_NOT_MODDED:
cmp ENTRYPOINT, eip
je START
bphws ENTRYPOINT, "x"
esto
bphwc
jmp EIP_CHECK
////////////////////
START:
bphws GetProcAddress
esto
bphwc
gmemi [esp], MEMORYBASE
cmp $RESULT, MODULEBASE
jb START
cmp $RESULT, MODULEBASE_and_MODULESIZE
ja START
////////////////////
CHECK_ESI:
cmp [esi], 5A4D, 02
je ENIGMASECTION
////////////////////
CHECK_EDI:
cmp [edi], 5A4D, 02
jne START
gmemi edi, MEMORYBASE
cmp $RESULT, MODULEBASE
jb START
cmp $RESULT, MODULEBASE_and_MODULESIZE
ja START
mov ENIGMASEC, [edi+3C]
add ENIGMASEC, edi
cmp [ENIGMASEC], 4550, 02
jne START
mov ENIGMASEC, edi
jmp GOT_ENIGMASECTION
////////////////////
ENIGMASECTION:
gmemi esi, MEMORYBASE
cmp $RESULT, MODULEBASE
jb CHECK_EDI
cmp $RESULT, MODULEBASE_and_MODULESIZE
ja CHECK_EDI
mov ENIGMASEC, [esi+3C]
add ENIGMASEC, esi
cmp [ENIGMASEC], 4550, 02
jne START
mov ENIGMASEC, esi
jmp GOT_ENIGMASECTION
////////////////////
GOT_ENIGMASECTION:
gmemi ENIGMASEC, MEMORYSIZE
mov ENIGMASEC_SIZE, $RESULT
log ""
eval "Enigma Section VA: {ENIGMASEC} | {ENIGMASEC_SIZE}"
log $RESULT, ""
rtu
alloc 1000
mov FINDSEC, $RESULT
mov [FINDSEC], #60B8AAAAAAAAB9AAAAAAAA90903BC174377735803885752D807801C0752780780274752180780303751B8078048B751580780540750F807806FC7509807807C3750361909040EBC5619090#
mov [FINDSEC+02], ENIGMASEC
mov [FINDSEC+07], ENIGMASEC+ENIGMASEC_SIZE-20
bp FINDSEC+42
bp FINDSEC+43
bp FINDSEC+49
mov EIP_BAK, eip
mov eip, FINDSEC
run
cmp eip, FINDSEC+42
je RIGHT_FOUND
bc
mov eip, EIP_BAK
free FINDSEC
log ""
log "Problem!Found No Hook Address!"
eval "{SCRIPTNAME} {L2}{LONG} {L1}Problem!Found No Hook Address! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
ret
////////////////////
RIGHT_FOUND:
bc eip
mov PATCH_ADDR, eax
run
bc
mov eip, EIP_BAK
free FINDSEC
pusha
mov eax, MODULEBASE
exec
add  eax,[eax+3C]
mov ecx,eax
mov edi,eax
add edi,0F8
XOR EAX,EAX
MOV AX,WORD PTR DS:[ECX+6]
LEA EDX,DWORD PTR DS:[EAX+EAX*4]
MOV EAX,edi
LEA EAX,DWORD PTR DS:[EAX+EDX*8-28]
ende
mov ecx, [eax+0C]
add ecx, MODULEBASE
gmemi ecx, MEMORYSIZE
add ecx, $RESULT
mov edi, ecx
and edi, ffff0000
add edi, 10000
mov esi, ecx
sub esi, 1000
alloc 1000
mov TESTSEC, $RESULT
mov [TESTSEC], #60BF00001000BEAAAAAAAA6A406800300000576A00E8F336AAA93BC677178BE868008000006A0050E8E036AAA981C700001000EBD68BE868008000006A0050E8C936AAA96A406800300000680010000055E8B736AAA93BC67702EBC2619090909090909090#
mov [TESTSEC+07], esi
eval "call {VirtualAlloc}"
asm TESTSEC+15, $RESULT
eval "call {VirtualAlloc}"
asm TESTSEC+51, $RESULT
eval "call {VirtualFree}"
asm TESTSEC+28, $RESULT
eval "call {VirtualFree}"
asm TESTSEC+3F, $RESULT
mov EIP_BAK, eip
mov eip, TESTSEC
bp TESTSEC+5C
bp TESTSEC+5D
////////////////////
RUN_VA:
run
bc eip
mov ADD_SECTION, eax
run
bc
mov eip, EIP_BAK
free TESTSEC
popa
cmp IS_EXE, 00
je ALLOCT_BELOW
eval "{SCRIPTNAME} {L2}{LONG} {L1}Do you wanna let create a InLine file or a Loader file? {L1}1.) Press >> YES << to create a InLine file! {L2}2.) Press >> NO <<  to create a Loader file! {L1}If the InLine file not works (CRC Checks) then choose next time the loader option! \r\n\r\n{LINES} \r\n{MY}"
msgyn $RESULT
cmp $RESULT, 01
je ALLOCT_BELOW
cmp $RESULT, 00
je CREATE_LOADER
pause
pause
ret
////////////////////
CREATE_LOADER:
alloc 2000
mov LOADERSEC, $RESULT
alloc 1000
mov TESTSEC2, $RESULT
mov [LOADERSEC], #4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103008A39F34D5B4C6F726450455DE0000F010B01050C0002000000040000000000000010000000100000002000000000400000100000000200000400000004000000040000000000000000600000000600008FFC0000020000000000100000100000000010000010000000000000100000000000000000000000544100006000000000000000000000000000000000000000000000000000000000550000A000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002E7465787400120000300000001000000006000000060000000000000000000000000000200000E02E496D706F7274730010000000400000B8010000000C0000000000000000000000000000400000C04C43462D41540000001000000050000000060000000E0000000000000000000000000000E00000E02E53696C76616E610010000000400000B8010000000C0000000000000000000000000000400000C06A006A006A006A006A006814304000E8460000006A006A01687030400068FE2F6E00FF3560304000E839000000803D703040006490909075DB6A006A01680030400068FE2F6E00FF3560304000E81A0000006A00E807000000CCFF250C204000FF2500204000FF2504204000FF25082040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000C7051C304000440000006860304000681C3040006A006A006A006A006A006A006A006814304000E8460000006A006A01687030400068FE2F6E00FF3560304000E839000000803D703040006490909075DB6A006A01680030400068FE2F6E00FF3560304000E81A0000006A00E807000000CCFF250C204000FF2500204000FF2504204000FF25082040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E8D5030000A3241540008BF8E8C9030000C7004400000057506A006A006A046A006A006A006A006864154000E8E503000009C00F84B9030000E89C030000A3C41440008BF06A006A1C506A00FF7704E8FE030000837E04000F84940300008B460483C0306A006A0468AC14400050FF37E8A703000009C00F8475030000A1AC14400083C0086A006A0468AC14400050FF37E88603000009C00F845403000033C06A40680030000068000001006A00FF37E87903000009C00F8435030000A3A014400033C06A40680030000068000001006A00FF37E85503000009C00F8411030000A3C0144000A1AC14400083C03C6A006A0468B014400050FF37E81D03000009C00F84EB020000A1B01440000305AC14400083C0288BE86A006A0468B414400050FF37E8F402000009C00F84C20200008BC505C00000006A006A0468B814400050FF37E8D402000009C00F84A2020000833DB8144000007475A1B81440000305AC14400083C00CC705B8144000000000006A006A0468B814400050FF37E89A02000009C00F8468020000833DB814400000743BA1B8144000C705B8144000000000006A006A0468B814400050FF37E86902000009C00F8437020000833DB814400000740AA1B8144000A3B4144000A1AC1440000105B4144000546A406A08FF35B4144000FF37E84F02000009C00F84FF0100006A006A08688C144000FF35B4144000FF37E81302000009C00F84E1010000606A00E8F10100008BE803403C8BC88BF80FB7471403C783C0188BF833C0668B41068D14808BC78D44D0D803680C8B7010892D9814400089359C144000616A00FF359C144000FF3598144000FF35A0144000FF37E8B801000009C00F84800100006A006A0468AC144000FF35A014400081042482020000FF37E89301000009C00F845B010000A1B41440008B0DC014400083C1308BD92BC883E905890DA81440006A006A0468A8144000FF35B4144000FF0424FF37E85701000009C00F841F0100006A006A016894144000FF35B4144000FF37E83901000009C00F840101000090906A006A0468B4144000FF35C0144000FF37E81901000009C00F84E10000006A006A08688C144000FF35C014400083042404FF37E8F700000009C00F84BF0000006A006A206844154000FF35C014400083042430FF37E8D500000009C00F849D000000A1C01440008B0DA014400083C04B81C1AE0000008BD92BC883E905890DA4144000406A006A0468A414400050FF37E89A00000009C07466A1A01440008B0DB414400005D90200008BD92BC883E905890DA41440006A006A0468A4144000FF35A0144000810424DA020000FF37E85C00000009C07428FF7704E86E0000006A00E86D000000C36A40680010000068001000006A00E83B00000009C07401C36A306862144000686B1440006A00E853000000E8C8FFFFFFFF25D2404000FF25E6404000FF25DA404000FF25DE404000FF25E2404000FF25E6404000FF25EA404000FF25EE404000FF25F2404000FF25F6404000FF25FA404000FF25FE404000FF254C414000FF251F4140000000000050726F626C656D2100536F6D657468696E6720646964206E6F7420776F726B21202D204C43462D4154000000000000000000E90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060E8000000005F81E700F0FFFF8B078B4F048B5708890889500461E9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006B65726E656C33322E646C6C0000004765744D6F64756C6548616E646C65410000004C6F61644C6962726172794100000043726561746550726F63657373410000005265616450726F636573734D656D6F7279000000577269746550726F636573734D656D6F72790000005669727475616C416C6C6F630000005669727475616C416C6C6F6345780000005669727475616C50726F746563740000005669727475616C50726F746563744578000000526573756D655468726561640000004578697450726F63657373000000536C656570000D400000204000002F40000040400000544000006940000078400000894000009A400000AD400000BC400000CA400000000000007573657233322E646C6C0000004D657373616765426F78410011410000000000006E74646C6C2E646C6C0000005A775175657279496E666F726D6174696F6E546872656164003141000000000000D2400000000000000000000000400000D24000001F4100000000000000000000064100001F4100004C4100000000000000000000274100004C41000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000047657450726F6341646472657373006E74646C6C004B694661737453797374656D43616C6C005669727475616C50726F746563740043726561746546696C6541005265616446696C6500436C6F736548616E646C65005669727475616C416C6C6F63007374726C656E005265616446696C65005669727475616C517565727900596F75725F485749442E7478740060E8000000005F81E700F0FFFF833F000F8514020000C70701000000897C241C8BC7894708C7470C00000000648B1D300000008B5B0C8B5B148B1B8B1B8B5B108BEB035B3C035B108B5B7803DD8BD38B732003F52BDBFC83C720897C24F043AD03C5568BF0B90E000000F3A65E8B7C24F075EB4B8BC28B402403C50FB704588BDA8B5B1C03DD8B1C8303DD8BFB90648B1D300000008B5B0C8B5B148B1B8B5B10908B4C241C83C1355153FFD78BF08B4C241C89411483C1465155FFD78B4C241C8941108D4C2480516A406A1056FFD08B4C241C83C1555155FFD76A006A026A036A006A0068000000C08B4C243481C1A000000051FFD083F8FF0F8429010000894424188B4C241C83C1765155FFD76A40680010000068001000006A00FFD0894424148B4C241C81C18A0000005155FFD76A008D4C2480516800080000FF742420FF742428FFD08B4C241C81C1830000005153FFD78B4C24148039000F84C7000000BA000200006681390D0A740D4A4183FA000F84B0000000EBEC66C70100008B4C241451FFD083C4048B4C241C89411C90908B4C241C83C16A5155FFD7FF742418FFD08B4C241C81C1930000005155FFD78B4C241C8941188BE88B4C241481C1000400008B54241C680001000051FF7208FFD5B80000000090908B4C241C8941088B4424148941049090908B44241C8B4C2414894804050003000066C706EB0383C605C606E92BC683E805894601C744241C00000000C744241800000000C744241400000000EB02909061E9000000009090000000000000000000000000000000000000000000000000000000000000000060E8000000005F837FF601745281E700F0FFFF8B5F148B470803470C8178048B40FCC3753A8BF066C7038BD48D4C2480516A406A0556FF571066C703EB03E8000000005F83C7502BFE83EF05C606E9897E01E8000000005FC747A501000000618BD40F34C30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060E8000000005F81E700F0FFFF8BD88B771466C7068BD48B6F0481C50004000068000100005550FF571866C706EB0383F800742F837D04007429837D140174238BD78B7F048BF38B4A1CF3A67402EB138B4A1C8B720403F183C6028BFBF3A4909090906185C074038B40FCC3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000A00000002830063069303F308A307E30E230BE30F330E7300E3108313C311C315A315231693160318C3176319A319431BD31A731CA31C531D531CF31F831E0314432FE3153324A325F3259327D3277329E329832B732AE32D832BD32F832DE321633FE3238331C3356333E3372335C338D337C33A5339333B433AE33FA33F53312340C341E3418342A3424343634303442343C344E3448345A345434000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000#
mov [LOADERSEC+0ED6], PATCH_ADDR-MODULEBASE
eval "{PROCESSNAME_2}{EXTENSION}"
mov [LOADERSEC+0B64], $RESULT
fill LOADERSEC+1F0, 9A, 00
pusha
mov edi, ADD_SECTION
eval "{PROCESSNAME_2} - Loader{EXTENSION}"
mov [edi], $RESULT
exec
push 0
push 80
push 2
push 0
push 0
push 0C0000000
push edi
call {CreateFileA}
ende
cmp eax, -1
jne CREATEFILE_SUCCESS
pause // cant create new file!
pause
ret
////////////////////
CREATEFILE_SUCCESS:
mov esi, eax
exec
push 2
push 0
push 0
push esi
call {SetFilePointer}
ende
mov ebp, eax
mov [TESTSEC2], eax
exec
push 0
push {TESTSEC2}
push 00001400
push {LOADERSEC}
push esi
call {WriteFile}
ende
cmp eax, 00
jne WRITTEN_CORRECT
pause
pause
ret
////////////////////
WRITTEN_CORRECT:
exec
push esi
call {CloseHandle}
ende
popa
mov sFile, "Your_HWID.txt"
wrt sFile, HWID_IS
wrta sFile, HWID_VALID
free LOADERSEC
free TESTSEC2
log "Thank you and bye bye!"
eval "{SCRIPTNAME} {L2}{LONG} {L1}Loader File >> {PROCESSNAME_2} - Loader{EXTENSION} << was created! {L1}Thank you for using my script! {L1}Bye byte... \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
pause
ret
////////////////////
ALLOCT_BELOW:
mov [ADD_SECTION], #000000000000000000000000000000000000000000000000000000000000000047657450726F6341646472657373006E74646C6C004B694661737453797374656D43616C6C005669727475616C50726F746563740043726561746546696C6541005265616446696C6500436C6F736548616E646C65005669727475616C416C6C6F63007374726C656E005265616446696C65005669727475616C517565727900596F75725F485749442E7478740060E8000000005F81E700F0FFFF833F000F8514020000C70701000000897C241C8BC7894708C7470CAAAAAAAA648B1D300000008B5B0C8B5B148B1B8B1B8B5B108BEB035B3C035B108B5B7803DD8BD38B732003F52BDBFC83C720897C24F043AD03C5568BF0B90E000000F3A65E8B7C24F075EB4B8BC28B402403C50FB704588BDA8B5B1C03DD8B1C8303DD8BFB90648B1D300000008B5B0C8B5B148B1B8B5B10908B4C241C83C1355153FFD78BF08B4C241C89411483C1465155FFD78B4C241C8941108D4C2480516A406A1056FFD08B4C241C83C1555155FFD76A006A026A036A006A0068000000C08B4C243481C1A000000051FFD083F8FF0F8429010000894424188B4C241C83C1765155FFD76A40680010000068001000006A00FFD0894424148B4C241C81C18A0000005155FFD76A008D4C2480516800080000FF742420FF742428FFD08B4C241C81C1830000005153FFD78B4C24148039000F84C7000000BA000200006681390D0A740D4A4183FA000F84B0000000EBEC66C70100008B4C241451FFD083C4048B4C241C89411C90908B4C241C83C16A5155FFD7FF742418FFD08B4C241C81C1930000005155FFD78B4C241C8941188BE88B4C241481C1000400008B54241C680001000051FF7208FFD58B4424F88B40048B4C241C8941088B4424148941049090908B44241C8B4C2414894804050003000066C706EB0383C605C606E92BC683E805894601C744241C00000000C744241800000000C744241400000000EB02909061E9000000009090#
mov [ADD_SECTION+300], #60E8000000005F837FF601745281E700F0FFFF8B5F148B470803470C8178048B40FCC3753A8BF066C7038BD48D4C2480516A406A0556FF571066C703EB03E8000000005F83C7502BFE83EF05C606E9897E01E8000000005FC747A501000000618BD40F34C3#
mov [ADD_SECTION+393], #60E8000000005F81E700F0FFFF8BD88B771466C7068BD48B6F0481C50004000068000100005550FF571866C706EB0383F800742F837D04007429837D140174238BD78B7F048BF38B4A1CF3A67402EB138B4A1C8B720403F183C6028BFBF3A4909090906185C074038B40FCC3#
mov [ADD_SECTION+0D6], PATCH_ADDR-MODULEBASE
cmp TLS_CB_ADDRESS, 00
je PATCH_EP_INTO
eval "jmp 0{TLS_CB_ADDRESS}"
asm ADD_SECTION+2D9, $RESULT
jmp AFTER_EP_PATCH
////////////////////
PATCH_EP_INTO:
eval "jmp 0{ENTRYPOINT}"
asm ADD_SECTION+2D9, $RESULT
////////////////////
AFTER_EP_PATCH:
eval "HWID_P"
dm ADD_SECTION, 1000, $RESULT
pusha
alloc 1000
mov TESTSEC, $RESULT
eval "{PROCESSNAME_2}{EXTENSION}"
mov [TESTSEC+100], $RESULT
mov [TESTSEC+700], PROCESSNAME_2
mov [TESTSEC+300], PROCESSNAME_2
eval "_DP"
mov [TESTSEC+200], $RESULT
mov edi, TESTSEC+100
exec
push 0
push 80
push 3
push 0
push 3
push 80000000
push edi
call {CreateFileA}
ende
cmp eax, -1
jne READFILE_SUCCESS
pause // cant read file!
pause
ret
////////////////////
READFILE_SUCCESS:
exec
mov ebp, eax
push 0
push eax
call {GetFileSize}
ende
cmp eax, -1
jne FILESIZE_SUCCESS
pause // cant get file size!
pause
ret
////////////////////
FILESIZE_SUCCESS:
mov eax, TESTSEC+700
mov ecx, TESTSEC+300
exec
push eax
push ecx
call {lstrcpyA}
ende
mov eax, TESTSEC+200
mov ecx, TESTSEC+300
exec
push eax
push ecx
call {lstrcatA}
mov edi, eax
push 0
ende
mov eax, TESTSEC+300
mov ecx, TESTSEC+100
gstr eax
mov TEMPI, $RESULT
eval "{TEMPI}{EXTENSION}"
mov [eax], $RESULT
exec
push eax
push ecx
call {CopyFileA}
push ebp
call {CloseHandle}
ende
free TESTSEC
popa
mov sFile, "Your_HWID.txt"
wrt sFile, HWID_IS
wrta sFile, HWID_VALID
////////////////////
START_OF_ADDING_PATCH:
gpi EXEFILENAME
mov EXEFILENAME,     $RESULT
len EXEFILENAME
mov EXEFILENAME_LEN, $RESULT
gpi CURRENTDIR
mov CURRENTDIR,      $RESULT
len CURRENTDIR
mov CURRENTDIR_LEN,  $RESULT
pusha
alloc 1000
mov eax, $RESULT
mov esi, eax
mov [eax], EXEFILENAME
add eax, CURRENTDIR_LEN
mov ecx, EXEFILENAME_LEN
sub ecx, CURRENTDIR_LEN
readstr [eax], ecx
mov EXEFILENAME_SHORT, $RESULT
str EXEFILENAME_SHORT
add eax, 10
add eax, ecx
mov [eax], "msvcrt.dll"
mov edi, LoadLibraryA
exec
push eax
call edi
ende
cmp eax, 00
jne MSVCRT_LOADED
msg "Can't load msvcrt.dll!"
pause
ret
////////////////////
MSVCRT_LOADED:
free esi
popa
gpa "malloc",       "msvcrt.dll"
mov  malloc,        $RESULT
gpa "free",         "msvcrt.dll"
mov  free,          $RESULT
gpa "ldiv",         "msvcrt.dll"
mov  ldiv,          $RESULT
alloc 1000
mov NAME_FILE, $RESULT
mov [NAME_FILE], EXEFILENAME_SHORT
alloc 2000
mov PATCH_CODESEC, $RESULT
mov NEW_SECTION_NAME, "HWID_P"
log NEW_SECTION_NAME, ""
mov NEW_SEC_RVA, ADD_SECTION-MODULEBASE
eval "{CURRENTDIR}{NEW_SECTION_NAME}"
mov NEW_SECTION_PATH, $RESULT
log NEW_SECTION_PATH, ""
mov [PATCH_CODESEC],     NEW_SEC_RVA
mov [PATCH_CODESEC+08],  NEW_SECTION_NAME
mov [PATCH_CODESEC+37],  EXEFILENAME_SHORT
mov [PATCH_CODESEC+59],  NEW_SECTION_PATH
mov [PATCH_CODESEC+216], #2E4E657753656300#
pusha
mov eax, PATCH_CODESEC
mov ecx, PATCH_CODESEC
add eax, 222
mov eip, eax
mov [eax],     #60B8AAAAAAAAA3AAAAAAAAB8AAAAAA0AA3AAAAAAAA618925AAAAAAAAA3AAAAAAAA890DAAAAAAAA8915AAAAAAAA891DAAAAAAAA892DAAAAAAAA8935AAAAAAAA893DAAAAAAAA8925AAAAAAAA6A40680010000068004000006A00E83BB921BB83F8000F84FD060000A3AAAAAAAA05002000008BE08BE881ED000200006A40680010000068001000006A00E80BB921BB83F800#
mov [eax+091], #0F84CD060000A3AAAAAAAA8BF868AAAAAAAAE8F1B821BB83F8000F84B30600006800100000FF35AAAAAAAA50E8D7B821BB83F8000F84990600000305AAAAAAAA83E8046681382E64741A6681382E4474136681382E65741B6681382E457414E96F060000C7005F44502EC74004646C6C00EB0FC7005F44502EC7400465786500EB00A1AAAAAAAA8BF8EB37E878B821BB#
mov [eax+121], #4033C980382274044140EBF72BC1890DAAAAAAAA96F3A4A1AAAAAAAA8BD8031DAAAAAAAA83EB048B3BC7035F44502E897B03FF35AAAAAAAAE80700000090E806010000905355568B742410576A0068800000006A036A006A0368000000C056E814B821BB#
mov [eax+185], #8BF8A3AAAAAAAA83FFFF7505E9CE0500006A0057E8FBB721BB83F8FF0F84BD0500006A006A006A006A046A0057A3AAAAAAAA898608010000E8D7B721BB83F8008BE885ED7505E9940500006A006A006A006A0655E8BBB721BB83F8000F847D05000055BDBBBBBBBB#
mov [eax+1ED], #8BD8FFD583F8000F846A050000891DAAAAAAAA8BC38B403C03C3A3AAAAAAAAC780D000000000000000C780D4000000000000008BC885C08D511889861001000089961C010000740583C270EB0383C26033C0899620010000668B4114C78628010000000000005F8D4C081833C0898E24010000890DAAAAAAAA83C40CC36A0068800000006A036A006A01B9AAAAAAAA#
mov [eax+27C], #680000008051E812B721BB8BD883FBFF7505E9D1040000BDBBBBBBBB6A0053FFD583F8FF0F84BE0400008BF056E8EBB621BBA3AAAAAAAA8BF88D5424146A0052565753E8D5B621BB83F8000F8497040000E8550400008B48148B501003CA8B15AAAAAAAA518B423C50E8560400008B0DAAAAAAAA#
mov [eax+2F0], #6A006A005051E89EB621BBA1AAAAAAAA8D5424146A0052565750BDBBBBBBBB83F8000F844C04000057E8FD030000E82B030000E8FF0300008BF8566800100000897710E8080400008B0DAAAAAAAA89470851E8E302000083C4108D5424186A095052E842B621BB#
mov [eax+357], #83F8000F84040400008B4424186A0089078B4C2420894F048B15AAAAAAAA52FFD568AAAAAAAAA3AAAAAAAAE8630200008B1DAAAAAAAA6A0068800000006A036A006A0368000000C053E8F4B521BB83F8FF894424147505E9B10300008B5424146A0052E8DAB521BB83F8FF0F849C0300008BD8895C241C895C24186A046800100000536A00E8B8B521BB#
mov [eax+3E1], #85C0894424107505E9760300008B4424105350E8A0B521BB8B5424108B4424148D4C24246A0051535250E889B521BB83F8000F844B0300008B4C24108B413C03C1A3AAAAAAAA8BD08B4C24188B5424105152A1AAAAAAAA6033D2668B500633C9668B48148D4C0818BF2800000003CF4A83FA0075F883E928833DAAAAAAAA00#
mov [eax+460], #74098B35AAAAAAAA89710C61E8940000008BD88B4C24105183C40C8B542414BBBBBBBBBB6A006A006A0052FFD38B4C24188B5424108D4424246A00508B44241C515250E8F1B421BB83F8000F84B30200008B4C24188B5424146A006A005152FFD38B44241450E8CEB421BB#
mov [eax+4CB], #8B5C241CC7442420010000008B4C24105351E8B7B421BB8B54241068008000006A0052E8A6B421BB8B44241450E89CB421BB909090E9890000005333C9668B481433D2668B5006565783CFFF85D28D4C08187619558D59148BEA8B3385F67406#
mov [eax+52B], #3BF773028BFE83C3284D75EE5D33F64A85D2897854761A8B51348B790C2BD789510833D2668B500683C128464A3BF272E68B5424148B59148B71082BD38951108B490C85F6740E03CE5F8948505EB8010000005BC3#
mov [eax+580], #03CA5F8948505EB8010000005BC38B25AAAAAAAA68008000006A00FF35AAAAAAAAE8F3B321BB68008000006A00FF35AAAAAAAAE8E1B321BB8B25AAAAAAAAA1AAAAAAAA8B0DAAAAAAAA8B15AAAAAAAA8B1DAAAAAAAA8B2DAAAAAAAA8B35AAAAAAAA8B3DAAAAAAAA909090#
mov [eax+5EA], #568B742408A1AAAAAAAA50E89FB321BB8B0DAAAAAAAA8B15AAAAAAAA6A006A005152E888B321BBA1AAAAAAAA50E87DB321BB8B0DAAAAAAAA51E871B321BB5EC3568B74240856E864B321BB8A4C30FF8D4430FF80F9005E7409#
mov [eax+643], #8A48FF4880F90075F740C3E89A00000085C00F8505000000E9040100005657E8C00000008BF033FFC7464CE00000E0897E30A1AAAAAAAA8B08894E288B500466897E4A89562C66897E48897E448B46148B56108B0DAAAAAAAA03C28B513C5052E898000000#
mov [eax+6A8], #89463C897E40897E388B460883C4083BC774088B4E0C03C851EB098B560C8B461003D0526800100000E86A000000894634A1AAAAAAAA83C40866FF4006B8010000005F5EC3#
mov [eax+6ED], #8B0DAAAAAAAA33C033D2668B4106668B51148D04808D04C28B15AAAAAAAA8B523C8D4410408B51543BD01BC040C38B44240450E874B221BB59C38B0DAAAAAAAA33C0668B41068D1480A1AAAAAAAA8D44D0D8C3#
mov [eax+740], #568B742408578B7C24105657E848B221BB83C40885D27407405F0FAFC65EC38BC75F5EC39090#
mov [eax+02], ecx+216
mov [eax+07], ecx+20E
mov [eax+0C], ecx+008
mov [eax+11], ecx+1E6
mov [eax+18], ecx+1DE
mov [eax+1D], ecx+1BE
mov [eax+23], ecx+1C2
mov [eax+29], ecx+1C6
mov [eax+2F], ecx+1CA
mov [eax+35], ecx+1CE
mov [eax+3B], ecx+1D2
mov [eax+41], ecx+1D6
mov [eax+47], ecx+1DE
eval "call {VirtualAlloc}"
asm eax+59, $RESULT
mov [eax+68], ecx+1DA
eval "call {VirtualAlloc}"
asm eax+89, $RESULT
mov [eax+98], ecx+20A
mov [eax+9F], NAME_FILE
eval "call {GetModuleHandleA}"
asm eax+0A3, $RESULT
mov [eax+0B8], ecx+20A
eval "call {GetModuleFileNameA}"
asm eax+0BD, $RESULT
mov [eax+0CD], ecx+20A
mov [eax+114], ecx+20A
eval "call {GetCommandLineA}"
asm eax+11C, $RESULT
mov [eax+131], ecx+21E
mov [eax+139], ecx+20A
mov [eax+141], ecx+21E
mov [eax+155], ecx+20A
eval "call {CreateFileA}"
asm eax+180, $RESULT
mov [eax+188], ecx+206
eval "call {GetFileSize}"
asm eax+199, $RESULT
mov [eax+1B3], ecx+1F2
eval "call {CreateFileMappingA}"
asm eax+1BD, $RESULT
eval "call {MapViewOfFile}"
asm eax+1D9, $RESULT
mov [eax+1E9], CloseHandle
mov [eax+1FC], ecx+1FA
mov [eax+208], ecx+1FE
mov [eax+262], ecx+202
mov [eax+278], ecx+059
eval "call {CreateFileA}"
asm eax+282, $RESULT
mov [eax+294], GetFileSize
eval "call {malloc}"
asm eax+2A9, $RESULT
mov [eax+2AF], ecx+1EA
eval "call {ReadFile}"
asm eax+2BF, $RESULT
mov [eax+2DC], ecx+1FE
mov [eax+2EC], ecx+206
eval "call {SetFilePointer}"
asm eax+2F6, $RESULT
mov [eax+2FC], ecx+206
eval "call {WriteFile}"
asm eax+30A, $RESULT
mov [eax+33A], ecx+1E6
eval "call {lstrcpynA}"
asm eax+352, $RESULT
mov [eax+371], ecx+206
mov [eax+379], ecx+20A
mov [eax+37E], ecx+1F6
mov [eax+389], ecx+20A
eval "call {CreateFileA}"
asm eax+3A0, $RESULT
eval "call {GetFileSize}"
asm eax+3BA, $RESULT
eval "call {VirtualAlloc}"
asm eax+3DC, $RESULT
eval "call {VirtualLock}"
asm eax+3F4, $RESULT
eval "call {ReadFile}"
asm eax+40B, $RESULT
mov [eax+423], ecx+1FE
mov [eax+434], ecx+1FE
mov [eax+45B], ecx
mov [eax+464], ecx
mov [eax+480], SetFilePointer
eval "call {WriteFile}"
asm eax+4A3, $RESULT
eval "call {SetEndOfFile}"
asm eax+4C6, $RESULT
eval "call {VirtualUnlock}"
asm eax+4DD, $RESULT
eval "call {VirtualFree}"
asm eax+4EE, $RESULT
eval "call {CloseHandle}"
asm eax+4F8, $RESULT
mov [eax+590], ecx+1DE
mov [eax+59D], ecx+1DA
eval "call {VirtualFree}"
asm eax+5A1, $RESULT
mov [eax+5AF], ecx+20A
eval "call {VirtualFree}"
asm eax+5B3, $RESULT
mov [eax+5BA], ecx+1DE
mov [eax+5BF], ecx+1BE
mov [eax+5C5], ecx+1C2
mov [eax+5CB], ecx+1C6
mov [eax+5D1], ecx+1CA
mov [eax+5D7], ecx+1CE
mov [eax+5DD], ecx+1D2
mov [eax+5E3], ecx+1D6
mov [eax+5F0], ecx+1FA
eval "call {UnmapViewOfFile}"
asm eax+5F5, $RESULT
mov [eax+5FC], ecx+1F6
mov [eax+602], ecx+206
eval "call {SetFilePointer}"
asm eax+60C, $RESULT
mov [eax+612], ecx+206
eval "call {SetEndOfFile}"
asm eax+617, $RESULT
mov [eax+61E], ecx+206
eval "call {CloseHandle}"
asm eax+623, $RESULT
eval "call {lstrlenA}"
asm eax+630, $RESULT
mov [eax+676], ecx+20E
mov [eax+698], ecx+1FE
mov [eax+6DA], ecx+1FE
mov [eax+6EF], ecx+1FE
mov [eax+707], ecx+1FA
eval "call {free}"
asm eax+720, $RESULT
mov [eax+729], ecx+1FE
mov [eax+737], ecx+202
eval "call {ldiv}"
asm eax+74C, $RESULT
bp eax+5E7
bp eax+764
popa
bp PATCH_CODESEC+442
esto
cmp eip, PATCH_CODESEC+442
jne SOME_WRONG
bc eip
cmp TLS_CB_ADDRESS, 00
je ENTER_EPOINT
gmemi eax, MEMORYBASE
mov TEMP, $RESULT
add TEMP, TLSCP_OFFSET
mov [TEMP], NEW_SEC_RVA+MODULEBASE+0AE
bp PATCH_CODESEC+4A9
run
mov HANDLE, eax
bc eip
esto
jmp SOME_WRONG
////////////////////
ENTER_EPOINT:
mov [eax+28], NEW_SEC_RVA+0AE
bp PATCH_CODESEC+4A9
run
mov HANDLE, eax
bc eip
esto
////////////////////
SOME_WRONG:
bc
cmp eip, PATCH_CODESEC+809
je SECTION_ADDED_OK
cmp eip, PATCH_CODESEC+886
je NO_SECTION_ADDED
pause
pause
////////////////////
NO_SECTION_ADDED:
eval "{SCRIPTNAME} {L2}{LONG} {L1}Problem!Can't add the dumped section to file! \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
pause
pause
ret
////////////////////
SECTION_ADDED_OK:
pusha
alloc 1000
mov TESTSEC, $RESULT
eval "{CURRENTDIR}HWID_P"
mov [TESTSEC], $RESULT
mov edi, TESTSEC
mov esi, HANDLE
exec
push esi
call {CloseHandle}
push edi
call {DeleteFileA}
ende
popa
free TESTSEC
log "Section was successfully added to dumped file!"
log "PE Rebuild was successfully!"
mov eip, EIP_BAK
free PATCH_CODESEC
log "Thank you and bye bye!"
eval "{SCRIPTNAME} {L2}{LONG} {L1}InLine File >> {PROCESSNAME_2}_DP{EXTENSION} << was created! {L1}Thank you for using my script! {L1}Bye byte... \r\n\r\n{LINES} \r\n{MY}"
msg $RESULT
pause
pause
ret
////////////////////
VAR_TOP:
var HWID_IS
var HWID_VALID
var LINES
var MY
var SCRIPTNAME
var LONG
var L1
var L2
var BAK_EIP
var TESTSEC
var TESTSEC2
var TESTSEC3
var TESTSEC4
mov LINES, "********************"
mov MY, "LCF-AT"
mov SCRIPTNAME, "Enigma HWID Inline Bitch 1.0"
log SCRIPTNAME, ""
mov LONG, "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
log LONG, ""
log ""
mov L1, "\r\n\r\n"
mov L2, "\r\n"
ret
////////////////////
VARS:
var HANDLE
var LOADERSEC
var IS_EXE
var TEMP
var TLSCP_OFFSET
var TEMPI
var EXTENSION
var PATH
var ADD_SECTION
var FINDSEC
var ENIGMASEC_SIZE
var EIP_BAK
var PATCH_ADDR
var PROCESSID
var PROCESSNAME
var PROCESSNAME_2
var PROCESSNAME_COUNT
var PROCESSNAME_FREE_SPACE
var PROCESSNAME_FREE_SPACE_2
var EIP_STORE
var MODULEBASE
var PE_HEADER
var CURRENTDIR
var PE_HEADER_SIZE
var CODESECTION
var MODULESIZE
var MODULEBASE_and_MODULESIZE
var CODESECTION_SIZE
var PE_SIGNATURE
var PE_SIZE
var PE_INFO_START
var PE_TEMP
var SECTIONS
var ENTRYPOINT
var BASE_OF_CODE
var IMAGEBASE
var DLLMOVE
var IS_DLLAS
var IMAGEBASE
var PE_DLLON
var IS_NET
var SIZE_OF_IMAGE
var TLS_TABLE_ADDRESS
var TLS_TABLE_SIZE
var TLS_TABLE_CB_TABLE_ADDRESS
var TLS_TABLE_CB_POINTER_ADDRESS
var TLS_CB_ADDRESS
var IMPORT_TABLE_ADDRESS
var IMPORT_TABLE_SIZE
var IMPORT_ADDRESS_TABLE
var IATSTORE
var NETS
var PE_ONE
var PE_TWO
var GetProcAddress
var CreateFileA
var VirtualAlloc
var GetFileSize
var CopyFileA
var CloseHandle
var lstrcpyA
var lstrcatA
var VirtualFree
var EXEFILENAME_LEN
var CURRENTDIR_LEN
var EXEFILENAME_SHORT
var LoadLibraryA
var malloc
var free
var ldiv
var PATCH_CODESEC
var NEW_SECTION_NAME
var NEW_SEC_RVA
var NEW_SECTION_PATH
var NAME_FILE
var GetModuleHandleA
var GetModuleFileNameA
var GetCurrentProcessId
var OpenProcess
var malloc
var free
var ReadProcessMemory
var CloseHandle
var VirtualFree
var CreateFileA
var WriteFile
var GetFileSize
var ReadFile
var SetFilePointer
var GetCommandLineA
var CreateFileMappingA
var MapViewOfFile
var lstrcpynA
var VirtualLock
var SetEndOfFile
var VirtualUnlock
var UnmapViewOfFile
var lstrlenA
var ldiv
var DeleteFileA
var ENIGMASEC
gpa "GetProcAddress",      "kernel32.dll"
mov GetProcAddress,         $RESULT
gpa "VirtualAlloc",        "kernel32.dll"
mov VirtualAlloc,           $RESULT
gpa "VirtualFree",         "kernel32.dll"
mov VirtualFree,            $RESULT
gpa "CreateFileA",         "kernel32.dll"
mov CreateFileA,            $RESULT
gpa "GetFileSize",         "kernel32.dll"
mov GetFileSize,            $RESULT
gpa "CopyFileA",           "kernel32.dll"
mov CopyFileA,              $RESULT
gpa "CloseHandle",         "kernel32.dll"
mov CloseHandle,            $RESULT
gpa "lstrcpyA",            "kernel32.dll"
mov lstrcpyA,               $RESULT
gpa "lstrcatA",            "kernel32.dll"
mov lstrcatA,               $RESULT
gpa "GetModuleHandleA",    "kernel32.dll"
mov  GetModuleHandleA,      $RESULT
gpa "GetModuleFileNameA",  "kernel32.dll"
mov  GetModuleFileNameA,    $RESULT
gpa "GetCurrentProcessId", "kernel32.dll"
mov  GetCurrentProcessId,   $RESULT
gpa "OpenProcess",         "kernel32.dll"
mov  OpenProcess,           $RESULT
gpa "ReadProcessMemory",   "kernel32.dll"
mov  ReadProcessMemory,     $RESULT
gpa "CloseHandle",         "kernel32.dll"
mov  CloseHandle,           $RESULT
gpa "VirtualFree",         "kernel32.dll"
mov  VirtualFree,           $RESULT
gpa "CreateFileA",         "kernel32.dll"
mov  CreateFileA,           $RESULT
gpa "WriteFile",           "kernel32.dll"
mov  WriteFile,             $RESULT
gpa "GetFileSize",         "kernel32.dll"
mov  GetFileSize,           $RESULT
gpa "ReadFile",            "kernel32.dll"
mov  ReadFile,              $RESULT
gpa "SetFilePointer",      "kernel32.dll"
mov  SetFilePointer,        $RESULT
gpa "GetCommandLineA",     "kernel32.dll"
mov  GetCommandLineA,       $RESULT
gpa "CreateFileMappingA",  "kernel32.dll"
mov  CreateFileMappingA,    $RESULT
gpa "MapViewOfFile",       "kernel32.dll"
mov  MapViewOfFile,         $RESULT
gpa "lstrcpynA",           "kernel32.dll"
mov  lstrcpynA,             $RESULT
gpa "VirtualLock",         "kernel32.dll"
mov  VirtualLock,           $RESULT
gpa "SetEndOfFile",        "kernel32.dll"
mov  SetEndOfFile,          $RESULT
gpa "VirtualUnlock",       "kernel32.dll"
mov  VirtualUnlock,         $RESULT
gpa "UnmapViewOfFile",     "kernel32.dll"
mov  UnmapViewOfFile,       $RESULT
gpa "lstrlenA",            "kernel32.dll"
mov  lstrlenA,              $RESULT
gpa "LoadLibraryA",        "kernel32.dll"
mov LoadLibraryA,           $RESULT
gpa "DeleteFileA",         "kernel32.dll"
mov DeleteFileA,            $RESULT
ret
作者视频和程序我上传了网盘!
https://zhuanshulei.lanzouj.com/ic3124h

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

hadeson 发表于 2020-4-30 08:53
xujidejia 发表于 2020-4-30 08:41
是的,但是不知是哪里出问题,程序和软件和平台都是一样的

我也尝试了
Enigma 4.xx-5.xx Unpacker_GIV_LCF_v1.0

Enigma Alternativ Unpacker 1.1
这两个脚本和你的这个是同一个作者
我的运行环境为XPsp3
都有类似的问题
我也是新手
可能真的要问作者
 楼主| xujidejia 发表于 2020-4-30 08:49
Sound 发表于 2020-4-29 22:55
因为某些原因我不能帮助你

给你出个招 LCF-AT的脚本 你去它脚本帖子下留言 并@他 一般都会回复。 或者 ...

能够迎来Sound的回复,我是冰火两重天,收到您的回复提醒我是喜出望外,激动万分;看到内容我是失落谷底,心情波动太大了,万分感谢,万分感谢!
Sound 发表于 2020-4-29 22:55

因为某些原因我不能帮助你

给你出个招 LCF-AT的脚本 你去它脚本帖子下留言 并@他 一般都会回复。 或者在论坛里继续等大佬。
斩风 发表于 2020-4-30 07:08
程序员就是厉害,我看着根天书一样
hadeson 发表于 2020-4-30 08:20
这是用来固定机码的对吗?
 楼主| xujidejia 发表于 2020-4-30 08:41
hadeson 发表于 2020-4-30 08:20
这是用来固定机码的对吗?

是的,但是不知是哪里出问题,程序和软件和平台都是一样的
 楼主| xujidejia 发表于 2020-4-30 09:59
hadeson 发表于 2020-4-30 08:53
我也尝试了
Enigma 4.xx-5.xx Unpacker_GIV_LCF_v1.0

已经OK了,完美patch!
 楼主| xujidejia 发表于 2020-4-30 10:00
Sound 发表于 2020-4-29 22:55
因为某些原因我不能帮助你

给你出个招 LCF-AT的脚本 你去它脚本帖子下留言 并@他 一般都会回复。 或者 ...

已经解决,感谢完美patch
hadeson 发表于 2020-4-30 12:25
楼主能分享一下方法吗?
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-25 08:34

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表