today I would like to present my newest script.Its a script to patch a new HWID on two ways in your target.Just a normal temporary patch and it can also patch the new HWID permanently in your target with a large InLine patch which I have written.It also supports even to find and patch a new CRC DWORD which you always need if you manipulate a packed ZProtect target.I divided the script in three steps which you can choos.Just follow easy 1,2 and then 3.Don't change the created session file before you finished all three steps.All infos will be read by the script so you don't need to enter anything on the InLine patch so all works automatically.You just need to add three new Imports and add a new section so for this you have to use LordPE {for the Imports} and the sec add tool which I have add to the tutorial package and as always have I created also a new movie with a exsample what you have to do.I added also two HWID UnpackMes from the movie in the package.
*********************************************************
( 1.) HWID Find & Patching (Temporary Way) *
*
( 2.) HWID InLine Patching (Permanently 3 Way) *
*
( 3.) Double API Hook Patching *
*
( 4.) Creating a Session Info File *
*
( 5.) New & Old CRC DWORD Calculation x3 *
*
( 6.) DLL HWID Patch & Dynamic ImageBase Support *
*
( 7.) ZProtect 1.4 - 1.6 Support *
*
How to Use Information's | Step List Choice *
*********************************************************
***************************************************
You have 3 Steps | Choose this way | 1. 2. 3. *
*
1 <- Let patch & LOG the new HWID *
2 <- Add a new section called .MaThiO *
3 <- Add 3 API Imports *
4 <- Let write the HWID InLine Template / save *
5 <- Change EP / Set section to writabe *
6 <- Find new CRC DWORD / save *
7 <- Some targets using Overlay's! *
***************************************************
So if you find any other ZProtect target where my script not works then tell me to make a update.So then thats all for the moment.Test the script and post a comment about it or just if you have trouble to use it.
greetz
EDIT: Script update added to version 1.1
-Added more checks
-Added a disable possibility for just the HWID check InLine
-Added a second CRC DWORD hunt
Info Note: Also some ZProtect targets can use Overlay's [simple & advanced] which you need also to add after adding the new sections.Make this Overlay step as last!
You can use the Overlay Tool 1.0 for merging & adding Overlay's on a simple way.For advaned Overlay's you need to find the value SizeOfRawData+PointerToRawData of the last section of the original file in the added Overlay file [little endian] and change this with your new last section SizeOfRawData+PointerToRawData value in the added Overlay file.
--------------------
--------------------
EDIT_2: Script update added to version 1.3 {version 1.2 not released}
-Added more checks
-Added 5 diffrent HWID patch opportunities
-Added ZProtect 1.4 - 1.6 Support
-Added DLL HWID Patch Support
Info Note: If you InLine a DLL file then you need to keep the same DLL ImageBase!Don't forget this!I attached also a new ZProtected exe & Dll file so that you can make a test.
--------------------
--------------------
EDIT_3: Script update added to version 1.4
-Added a automatic Dynamic ImageBase static address adjustment for DLL files
Info Note: This new dynamic patch will always written now and the start of this patch is also always your new entry point.You will get a message like this...
Enter in LORD PE the new EP RVA address of: XXXXXXXX
This new EP address RVA you need to enter in the dll.The rest is like always.I added also a alraedy patched PESniffer DLL on this new way so that you can see how it must look and also as a exsample for you.
发表于 2010-5-25 10:53
发表于 2010-5-25 11:00
