 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
gooban
How do I cheat?
![]() Reputation: 0
Joined: 16 Aug 2009
Posts: 3
|
 Posted: Thu Jun 21, 2012 5:20 am Post subject: recompiling script into DLL |
 |
|
hello.
I'll just say this beforehand, I'm really sorry because I am a total newbie.
I've only touched on the basics of vbscript and bash scripting.
Anyway, my goal is to edit a pre-compiled DLL file and recompile it. I'm not even sure if this is possible... but maybe someone can shed some light on this for me.
So I've disassembled a .dll through this program called boomerang and I edited the below script.
Am I able to just recompile this script through Visual Studio?? Or am I missing some core files that come with the source.
I'm pretty sure I'm waay offbase with my understanding on how this works - sorry again.
| Code: |
int global1 = 0xbb40e64e;
unsigned int global2 = 4294967295U;
__size32 global18;// 4 bytes
int global48;
__size32 DecodePointer = 0x80f2;// 4 bytes
int global45;
unsigned int global31;
__size32 InterlockedCompareExchange = 0x8118;// 4 bytes
int global20 = 0;
__size32 global68 = 0x44bf19b1;// 4 bytes
unsigned int global58 = 0;
void proc2(__size16 param1, __size16 param2, unsigned char param3, __size32 param4, unsigned int param5, __size32 param6, __size32 param7, __size32 param8);
void _start(int param1, int param2, unsigned int param3, __size32 param4, __size16 param5, __size16 param6, unsigned char param7, __size32 param10, int param9, __size32 param10);
void *proc3(int param1, __size32 param2, __size32 param3, __size32 param4);
__size32 proc4(int param1, __size16 param2, __size16 param3, unsigned char param4, __size32 param5, unsigned int param6);
__size32 proc5(__size32 param1, __size32 param2, __size32 param3, __size32 param4);
void proc6();
void proc7(__size32 *param1);
int proc11(unsigned int param1, unsigned char param2, unsigned int param3, unsigned int param4);
unsigned int proc12(__size16 *param1, unsigned char param2, unsigned int param3);
__size32 proc13(__size32 param1, unsigned int param2, unsigned int param3);
// address: 0x100062de
union { void * x285; int x286; } proc1(int param1, int param2, int param3) {
__size32 eax; // r24
int eax_1; // r24{55}
unsigned int eax_2; // r24{82}
__size32 ebx; // r27
__size32 edi; // r31
int esi; // r30
union { void * x285; int x286; } esi_1; // r30
union { void * x285; int x286; } esi_2; // r30
int esi_4; // r30{56}
int esp; // r28
union { __size32 * x283; int x284; } esp_1; // r28
union { void * x285; int x286; } local4; // esi_2{115}
esp_1 = (esp - 28);
local4 = param3;
if (global1 == 0xbb40e64e || (global1 & 0xffff0000) == 0) {
GetSystemTimeAsFileTime();
GetCurrentProcessId();
GetCurrentThreadId();
GetTickCount();
esi_4 = 0 ^ eax ^ eax ^ eax_1;
QueryPerformanceCounter();
eax = param2 ^ param1;
esi = esi_4 ^ eax;
if ((esi_4 ^ eax) != 0xbb40e64e) {
if (((esi_4 ^ eax) & 0xffff0000) == 0) {
eax_2 = (esi_4 ^ eax | 0x4711) * 0x10000;
esi = esi_4 ^ eax | eax_2;
}
} else {
esi = 0xbb40e64f;
}
global1 = esi;
global68 = !esi;
esi_1 = esp - 20;
esp = (esp - 36);
local4 = esi_1;
} else {
global68 = !global1;
}
esi_2 = local4;
edi = *esp;
ebx = *(esp + 4);
return esi_2; /* WARNING: Also returning: ebx := ebx, edi := edi */
}
// address: 0x10005cd2
void proc2(__size16 param1, __size16 param2, unsigned char param3, __size32 param4, unsigned int param5, __size32 param6, __size32 param7, __size32 param8) {
__size16 ax; // r0
__size16 cx; // r1
unsigned char dl; // r10
__size32 eax; // r24
unsigned int eax_1; // r24{78}
unsigned int eax_2; // r24{64}
unsigned int eax_3; // r24{50}
int eax_4; // r24{157}
__size32 *ebp_1; // r29{78}
__size32 *ebp_2; // r29{64}
__size32 *ebp_3; // r29{50}
__size32 *ebp_4; // r29{8}
int ebp_5; // r29{157}
__size32 ebx; // r27
__size32 ecx; // r25
__size32 edi; // r31
unsigned int edx; // r26
__size32 esi; // r30
void *esp_1; // r28{95}
void *esp_10; // r28{205}
void *esp_11; // r28{190}
void *esp_2; // r28{78}
void *esp_3; // r28{64}
void *esp_4; // r28{50}
void *esp_5; // r28{8}
void *esp_6; // r28{135}
void *esp_7; // r28{119}
void *esp_8; // r28{105}
void *esp_9; // r28{220}
int local0; // m[esp - 4]
unsigned int local1; // m[esp - 12]
unsigned char local10; // param3{200}
unsigned int local11; // param5{203}
void *local12; // esp_10{205}
__size32 *local13; // ebp_2{206}
__size16 local14; // ax{213}
__size16 local15; // cx{214}
unsigned char local16; // dl{215}
void *local17; // esp_9{220}
void *local18; // esp_3{242}
__size32 *local19; // ebp_2{243}
int local2; // m[esp - 8]
__size32 local3; // m[esp - 4]{253}
__size32 local4; // m[esp - 8]{254}
unsigned int local5; // m[esp - 12]{255}
void *local6; // esp_11{190}
__size32 *local7; // ebp_3{191}
__size16 local8; // param1{198}
__size16 local9; // param2{199}
esp_5 = proc3(16, param6, param7, param8); /* Warning: also results in ebp_4 */
local6 = esp_5;
local7 = ebp_4;
local8 = param1;
local9 = param2;
local10 = param3;
local11 = param5;
local12 = esp_5;
local13 = ebp_4;
local18 = esp_5;
local19 = ebp_4;
edi = param4;
esi = param5;
ebx = *(ebp_4 + 8);
*(__size32*)(ebp_4 - 28) = 1;
ecx = 0;
*(__size32*)(ebp_4 - 4) = 0;
global2 = param5;
*(__size32*)(ebp_4 - 4) = 1;
if (param5 != 0 || *0x10009250 != 0) {
if (param5 != 1 && param5 != 2) {
L15:
param1 = local8;
param2 = local9;
param3 = local10;
param5 = local11;
esp_10 = local12;
ebp_2 = local13;
*(__size32*)(esp_10 - 4) = edi;
*(unsigned int*)(esp_10 - 8) = esi;
*(__size32*)(esp_10 - 12) = ebx;
eax_1 = proc5(*(esp_10 - 8), ecx, param5, ebp_2); /* Warning: also results in ecx, edx, esp_2, ebp_1 */
local14 = param1;
local15 = param2;
local16 = param3;
local17 = esp_2;
*(unsigned int*)(ebp_1 - 28) = eax_1;
if ( !(esi != 1 || eax_1 != 0)) {
*(__size32*)(esp_2 - 4) = edi;
*(unsigned int*)(esp_2 - 8) = eax_1;
*(__size32*)(esp_2 - 12) = ebx;
ecx = proc5(*(esp_2 - 8), ecx, edx, ebp_1); /* Warning: also results in edx, esp_1 */
*(__size32*)(esp_1 - 4) = edi;
*(__size32*)(esp_1 - 8) = 0;
*(__size32*)(esp_1 - 12) = ebx;
esi = proc4(*(esp_1 - 8), param1, param2, param3, ecx, edx); /* Warning: also results in ax, cx, dl, ecx, edx, ebx, esp_8, ebp_1, edi */
local14 = ax;
local15 = cx;
local16 = dl;
local17 = esp_8;
if (global58 != 0) {
*(__size32*)(esp_8 - 4) = edi;
*(__size32*)(esp_8 - 8) = 0;
*(__size32*)(esp_8 - 12) = ebx;
(*global58)(local5, local4, local3, ax, cx, dl, global58, ecx, edx, ebx, ebp_1, esi, edi, LOGICALFLAGS32(global58), LOGICALFLAGS32(global58), LOGICALFLAGS32(global58));
local14 = ax;
local14 = ax;
local15 = cx;
local15 = cx;
local16 = dl;
local16 = dl;
local17 = esp_7;
local17 = esp_7;
}
}
ax = local14;
cx = local15;
dl = local16;
esp_9 = local17;
local18 = esp_9;
local19 = ebp_1;
if ( !(esi != 0 && esi != 3)) {
*(__size32*)(esp_9 - 4) = edi;
*(unsigned int*)(esp_9 - 8) = esi;
*(__size32*)(esp_9 - 12) = ebx;
eax = proc4(*(esp_9 - 8), ax, cx, dl, ecx, edx); /* Warning: also results in ebp_2 */
local18 = esp_6;
local18 = esp_6;
local19 = ebp_2;
local19 = ebp_2;
if (eax == 0) {
*(int*)(ebp_2 - 28) = *(ebp_2 - 28) & eax;
}
if ( !(*(ebp_2 - 28) == 0 || global58 == 0)) {
*(__size32*)(esp_6 - 4) = edi;
*(unsigned int*)(esp_6 - 8) = esi;
*(__size32*)(esp_6 - 12) = ebx;
(*global58)(local1, local2, local0, ax, cx, dl, global58, ecx, edx, ebx, ebp_2, esi, edi, LOGICALFLAGS32(global58), LOGICALFLAGS32(global58), LOGICALFLAGS32(global58));
local18 = esp_3;
local19 = ebp_5;
*(unsigned int*)(ebp_5 - 28) = eax_4;
}
}
} else {
if (global58 != 0) {
*(__size32*)(esp_5 - 4) = param4;
*(unsigned int*)(esp_5 - 8) = param5;
*(__size32*)(esp_5 - 12) = ebx;
(*global58)(pc, 0x10007958, 16, param1, param2, param3, global58, 0, param5, ebx, ebp_4, param5, param4, SUBFLAGS32(global58, 0, global58), global58 == 0, global58 < 0);
local6 = esp_4;
local7 = ebp_3;
*(unsigned int*)(ebp_3 - 28) = eax_3;
}
esp_11 = local6;
ebp_3 = local7;
local18 = esp_11;
local19 = ebp_3;
if (*(ebp_3 - 28) != 0) {
*(__size32*)(esp_11 - 4) = edi;
*(unsigned int*)(esp_11 - 8) = esi;
*(__size32*)(esp_11 - 12) = ebx;
eax_2 = proc4(*(esp_11 - 8), param1, param2, param3, ecx, param5); /* Warning: also results in esi, ax, cx, dl, ecx, edx, ebx, esp_3, ebp_2, edi */
local8 = ax;
local9 = cx;
local10 = dl;
local11 = edx;
local12 = esp_3;
local13 = ebp_2;
local18 = esp_3;
local19 = ebp_2;
*(unsigned int*)(ebp_2 - 28) = eax_2;
if (eax_2 != 0) {
goto L15;
}
}
}
} else {
*(__size32*)(ebp_4 - 28) = 0;
}
esp_3 = local18;
ebp_2 = local19;
*(__size32*)(ebp_2 - 4) = 0;
*(__size32*)(ebp_2 - 4) = -2;
proc6();
proc7(ebp_2);
return;
}
// address: 0x10005de8
void _start(int param1, int param2, unsigned int param3, __size32 param4, __size16 param5, __size16 param6, unsigned char param7, __size32 param10, int param9, __size32 param10) {
__size32 edi; // r31
edi = param10;
if (param3 == 1) {
param9 = proc1(param1, param2, param9); /* Warning: also results in param10, edi */
}
proc2(param5, param6, param7, param4, param3, param10, param9, edi);
return;
}
// address: 0x10006260
void *proc3(int param1, __size32 param2, __size32 param3, __size32 param4) {
__size32 *esp; // r28
__size32 local0; // m[esp]
*(__size32*)(esp - param1 - 12) = param2;
*(__size32*)(esp - param1 - 16) = param3;
*(__size32*)(esp - param1 - 20) = param4;
*(int*)(esp - param1 - 24) = global1 ^ (esp + 8);
*(__size32*)(esp - param1 - 28) = local0;
*(union { __size32 * x291; int x292; }*)0 = (esp - 8);
return (esp + 8);
}
// address: 0x10005ac8
__size32 proc4(int param1, __size16 param2, __size16 param3, unsigned char param4, __size32 param5, unsigned int param6) {
__size16 ax; // r0
__size16 cx; // r1
unsigned char dl; // r10
__size32 eax; // r24
unsigned int eax_1; // r24{211}
__size32 *ebp; // r29
unsigned int ebx; // r27
__size32 *ebx_1; // r27
unsigned int ebx_2; // r27{402}
__size32 ecx; // r25
__size32 edi; // r31
unsigned int edx; // r26
__size32 esi; // r30
int esp; // r28
union { __size32 * x129; int x130; } esp_1; // r28
void *esp_10; // r28{245}
void *esp_11; // r28{235}
__size32 *esp_12; // r28{403}
__size32 *esp_13; // r28{209}
__size32 *esp_14; // r28{282}
__size32 *esp_15; // r28{384}
union { __size32 * x353; int x354; } esp_2; // r28
union { __size32 * x129; int x130; } esp_3; // r28
__size32 *esp_4; // r28{164}
__size32 *esp_5; // r28{65}
__size32 *esp_6; // r28{174}
__size32 *esp_7; // r28{16}
__size32 *esp_8; // r28{258}
void *esp_9; // r28{251}
__size32 local0; // m[esp - 28]
__size32 local1; // m[esp - 24]
int local10; // m[esp + 8]{258}
__size32 local11; // m[esp - 4]{469}
int local12; // m[esp - 4]{174}
int local13; // m[esp - 4]{258}
__size32 local14; // m[esp - 8]{470}
int local15; // m[esp - 8]{174}
int local16; // m[esp - 8]{258}
__size32 local17; // m[esp - 12]{471}
int local18; // m[esp - 12]{174}
int local19; // m[esp - 12]{258}
__size32 local2; // m[esp - 20]
unsigned int local20; // m[esp - 16]{472}
int local21; // m[esp - 16]{174}
int local22; // m[esp - 16]{258}
__size32 local23; // m[esp - 20]{473}
int local24; // m[esp - 20]{174}
int local25; // m[esp - 20]{258}
__size32 local26; // m[esp - 24]{474}
int local27; // m[esp - 24]{174}
int local28; // m[esp - 24]{258}
__size32 local29; // m[esp - 28]{475}
unsigned int local3; // m[esp - 16]
int local30; // m[esp - 28]{174}
int local31; // m[esp - 28]{258}
int local32; // %flags{29}
int local33; // %flags{157}
int local34; // %flags{251}
int local35; // %flags{251}
int local36; // %flags{389}
int local37; // %flags{245}
int local38; // %flags{235}
int local39; // %ZF{29}
__size32 local4; // m[esp - 12]
int local40; // %ZF{157}
int local41; // %ZF{251}
int local42; // %ZF{251}
int local43; // %ZF{390}
int local44; // %ZF{245}
int local45; // %ZF{235}
int local46; // %CF{29}
int local47; // %CF{157}
int local48; // %CF{251}
int local49; // %CF{251}
__size32 local5; // m[esp - 8]
int local50; // %CF{391}
int local51; // %CF{245}
int local52; // %CF{235}
__size16 local53; // param2{316}
__size16 local54; // param3{317}
unsigned char local55; // param4{318}
__size32 local56; // param5{320}
unsigned int local57; // param6{321}
__size16 local58; // param2{331}
__size16 local59; // param3{332}
__size32 local6; // m[esp - 4]
unsigned char local60; // param4{333}
unsigned int local61; // param6{336}
__size16 local62; // param2{377}
__size16 local63; // param3{378}
unsigned char local64; // param4{379}
__size32 local65; // param5{381}
unsigned int local66; // param6{382}
__size32 *local67; // esp_15{384}
int local68; // local36{389}
int local69; // local43{390}
int local7; // m[esp + 8]
int local70; // local50{391}
__size32 *local71; // esp_12{403}
int local72; // local7{492}
__size32 local73; // local6{493}
__size32 local74; // local5{494}
__size32 local75; // local4{495}
unsigned int local76; // local3{496}
__size32 local77; // local2{497}
__size32 local78; // local1{498}
int local79; // local0{499}
int local8; // m[esp + 8]{468}
__size16 local80; // param2{430}
__size16 local81; // param3{431}
unsigned char local82; // param4{432}
__size32 local83; // param5{434}
unsigned int local84; // param6{435}
__size32 *local85; // esp_7{437}
int local9; // m[esp + 8]{174}
ebp = esp - 4;
eax = 0;
esp_7 = esp - 24;
local53 = param2;
local54 = param3;
local55 = param4;
local56 = param5;
local57 = param6;
local58 = param2;
local59 = param3;
local60 = param4;
local61 = param6;
local62 = param2;
local63 = param3;
local64 = param4;
local65 = param5;
local66 = param6;
local67 = esp_7;
local80 = param2;
local81 = param3;
local82 = param4;
local83 = param5;
local84 = param6;
local85 = esp_7;
if (param1 != 0) {
tmp1 = param1 - 1;
flags = SUBFLAGS32(param1, 1, tmp1);
if (param1 != 1) {
L1:
param2 = local80;
param3 = local81;
param4 = local82;
param5 = local83;
param6 = local84;
esp_7 = local85;
eax = 1;
} else {
ecx = *24;
ebx = *(ecx + 4);
esi = InterlockedCompareExchange;
esp_1 = esp - 28;
edi = 0x1000bd68;
for(;;) {
param2 = local58;
param3 = local59;
param4 = local60;
param6 = local61;
local6 = ebx;
local5 = edi;
(*esi)(local29, local26, local23, local20, local17, local14, local11, local8, param2, param3, param4, eax, ecx, param6, ebx, ebp, esi, edi, flags, ZF, CF);
local53 = ax;
local54 = cx;
local55 = dl;
local58 = ax;
local59 = cx;
local60 = dl;
if (eax == 0) {
goto L15;
}
flags = SUBFLAGS32(eax, ebx, eax - ebx);
if (eax == ebx) {
goto L15;
}
*(__size32*)(esp_5 - 4) = 1000;
Sleep(*(esp_5 - 4));
local61 = edx;
*(__size32*)(esp_5 - 4) = 0;
esp = esp_5 - 4;
}
*(__size32*)(ebp + 12) = 1;
L15:
*(__size32*)(esp_5 - 4) = 2;
esi = *(esp_5 - 4);
if (global31 == 0) {
*(__size32*)(esp_5 - 4) = 0x10007194;
*(__size32*)(esp_5 - 8) = 0x1000718c;
global31 = 1;
_initterm_e();
local57 = edx;
ecx = *(esp_5 - 4);
esp_7 = esp_5;
local56 = ecx;
if (eax != 0) {
L2:
param2 = local53;
param3 = local54;
param4 = local55;
param5 = local56;
param6 = local57;
eax = 0;
} else {
*(__size32*)(esp_5 - 4) = 0x10007188;
*(__size32*)(esp_5 - 8) = 0x10007178;
_initterm();
global31 = esi;
L9:
ecx = *(esp_5 - 4);
if (*(ebp + 12) == 0) {
*(__size32*)(esp_5 - 4) = 0;
*(__size32*)(esp_5 - 8) = edi;
InterlockedExchange(*(esp_5 - 8), *(esp_5 - 4));
}
esp = esp_5;
if (*0x1000bd74 != 0) {
*(__size32*)(esp_5 - 4) = 0x1000bd74;
eax = proc11(*(esp_5 - 4), dl, edx, 0); /* Warning: also results in ax, cx, dl, edx */
ecx = *(esp_5 - 4);
esp = esp_5;
if (eax != 0) {
*(__size32*)(esp_5 - 4) = *(ebp + 16);
*(__size32*)(esp_5 - 8) = esi;
*(__size32*)(esp_5 - 12) = *(ebp + 8);
(*global18)(local0, local1, local2, local3, local4, local5, local6, local7, ax, cx, dl, eax, ecx, edx, 0, ebp, esi, edi, <all>, LOGICALFLAGS32(eax), LOGICALFLAGS32(eax), LOGICALFLAGS32(eax));
}
}
esp_7 = esp;
global20++;
local80 = ax;
local81 = cx;
local82 = dl;
local83 = ecx;
local84 = edx;
local85 = esp_7;
goto L1;
}
} else {
*(__size32*)(esp_5 - 4) = 31;
_amsg_exit();
goto L9;
}
}
} else {
if (global20 <= 0) {
goto L2;
} else {
eax = *24;
global20 = global20 - 1;
ebx = *(eax + 4);
local32 = LOGICALFLAGS32(0);
esi = InterlockedCompareExchange;
edi = 0x1000bd68;
local68 = local32;
local69 = local39;
local70 = local46;
for(;;) {
param2 = local62;
param3 = local63;
param4 = local64;
param5 = local65;
param6 = local66;
esp_15 = local67;
local36 = local68;
local43 = local69;
local50 = local70;
*(__size32*)(esp_15 - 4) = 0;
*(unsigned int*)(esp_15 - 8) = ebx;
*(__size32*)(esp_15 - 12) = edi;
(*esi)(local0, local1, local2, local3, local4, local5, local6, local7, param2, param3, param4, eax, param5, param6, ebx, ebp, esi, edi, local36, local43, local50);
local62 = ax;
local63 = cx;
local64 = dl;
local80 = ax;
local81 = cx;
local82 = dl;
if (eax == 0) {
goto L46;
}
local33 = SUBFLAGS32(eax, ebx, eax - ebx);
local68 = local33;
local69 = local40;
local70 = local47;
if (eax == ebx) {
break;
}
*(__size32*)(esp_6 - 4) = 1000;
Sleep(*(esp_6 - 4));
local65 = ecx;
local66 = edx;
local67 = esp_4;
}
*(__size32*)(ebp - 4) = 1;
L46:
if (global31 == 2) {
*(__size32*)(esp_6 - 4) = global45;
(*DecodePointer)(local30, local27, local24, local21, local18, local15, local12, local9, ax, cx, dl, global31, ecx, edx, ebx, ebp, DecodePointer, edi, <all>, SUBFLAGS32(global31, 2, global31 - 2), global31 - 2 == 0, global31 < 2);
*(int*)(ebp + 12) = eax;
if (eax != 0) {
*(__size32*)(esp_14 - 4) = global48;
(*esi)(local0, local1, local2, local3, local4, local5, local6, local7, ax, cx, dl, eax, ecx, edx, ebx, ebp, esi, edi, <all>, LOGICALFLAGS32(eax), LOGICALFLAGS32(eax), LOGICALFLAGS32(eax));
local71 = esp_13;
local72 = local7;
local73 = local6;
local74 = local5;
local75 = local4;
local76 = local3;
local77 = local2;
local78 = local1;
local79 = local0;
ebx = eax;
eax_1 = *(ebp + 12);
*(unsigned int*)(ebp + 16) = eax_1;
*(unsigned int*)(ebp + 8) = eax;
ebx_2 = ebx;
esp_12 = local71;
local7 = local72;
local6 = local73;
local5 = local74;
local4 = local75;
local3 = local76;
local2 = local77;
local1 = local78;
local0 = local79;
ebx = ebx_2 - 4;
local71 = esp_12;
local72 = local7;
local72 = local7;
local73 = local6;
local73 = local6;
local74 = local5;
local74 = local5;
local75 = local4;
local75 = local4;
local76 = local3;
local76 = local3;
local77 = local2;
local77 = local2;
local78 = local1;
local78 = local1;
local79 = local0;
local79 = local0;
while ((unsigned int)(ebx_2 - 4) >= *(ebp + 12)) {
if (*(ebx_2 - 4) == 0) {
continue;
}
_encoded_null();
local71 = esp;
tmp1 = *(ebx_2 - 4) - eax_1;
if (*(ebx_2 - 4) == eax_1) {
continue;
}
*(__size32*)(esp_12 - 4) = *(ebx_2 - 4);
(*esi)(local0, local1, local2, local3, local4, local5, local6, local7, ax, cx, dl, eax_1, ecx, edx, ebx_2 - 4, ebp, esi, edi, <all>, SUBFLAGS32(*(ebx_2 - 4), eax_1, tmp1), tmp1 == 0, *(ebx_2 - 4) < eax_1);
*(__size32*)(ebp - 8) = eax;
_encoded_null();
*(__size32*)ebx_1 = eax;
(**(ebp - 8))(local0, local1, local2, local3, local4, local5, local6, local7, ax, cx, dl, eax, ecx, edx, ebx_1, ebp, esi, edi, <all>, local38, local45, local52);
*(__size32*)(esp_10 - 4) = global45;
(*esi)(local0, local1, local2, local3, local4, local5, local6, local7, ax, cx, dl, eax, ecx, edx, ebx, ebp, esi, edi, <all>, local37, local44, local51);
*(__size32*)(esp_9 - 4) = global48;
*(__size32*)(ebp - 8) = eax;
(*esi)(local0, local1, local2, local3, local4, local5, local6, local7, ax, cx, dl, eax, ecx, edx, ebx, ebp, esi, edi, <all>, local34, local41, local48);
local71 = esp_8;
local71 = esp_8;
local72 = local10;
local72 = local10;
local73 = local13;
local73 = local13;
local74 = local16;
local74 = local16;
local75 = local19;
local75 = local19;
local76 = local22;
local76 = local22;
local77 = local25;
local77 = local25;
local78 = local28;
local78 = local28;
local79 = local31;
local79 = local31;
ecx = *(ebp - 8);
if (*(ebp + 16) == ecx && *(ebp + 8) == eax_1) {
continue;
}
*(__size32*)(ebp + 16) = ecx;
*(__size32*)(ebp + 12) = ecx;
*(unsigned int*)(ebp + 8) = eax_1;
ebx = eax_1;
ebx_2 = ebx;
esp_12 = local71;
local7 = local72;
local6 = local73;
local5 = local74;
local4 = local75;
local3 = local76;
local2 = local77;
local1 = local78;
local0 = local79;
ebx = ebx_2 - 4;
local71 = esp_12;
local72 = local7;
local72 = local7;
local73 = local6;
local73 = local6;
local74 = local5;
local74 = local5;
local75 = local4;
local75 = local4;
local76 = local3;
local76 = local3;
local77 = local2;
local77 = local2;
local78 = local1;
local78 = local1;
local79 = local0;
local79 = local0;
}
*(__size32*)(esp_12 - 4) = *(ebp + 12);
free(*(esp_12 - 4));
_encoded_null();
global48 = eax;
global45 = eax;
}
global31 = 0;
local80 = ax;
local80 = ax;
local81 = cx;
local81 = cx;
local82 = dl;
local82 = dl;
local83 = ecx;
local84 = edx;
local85 = esp_14;
if (*(ebp - 4) == 0) {
*(__size32*)(esp_14 - 4) = 0;
*(__size32*)(esp_14 - 8) = edi;
InterlockedExchange(*(esp_14 - 8), *(esp_14 - 4));
local83 = ecx;
local84 = edx;
local85 = esp_7;
goto L1;
}
goto L1;
} else {
*(__size32*)(esp_6 - 4) = 31;
_amsg_exit();
local84 = edx;
ecx = *(esp_6 - 4);
esp_7 = esp_6;
local83 = ecx;
local85 = esp_7;
goto L1;
}
goto L1;
}
}
ax = param2;
cx = param3;
dl = param4;
ecx = param5;
edx = param6;
edi = *esp_7;
esi = *(esp_7 + 4);
ebx = *(esp_7 + 8);
ebp = *ebp;
return eax; /* WARNING: Also returning: esi := esi, ax := ax, cx := cx, dl := dl, ecx := ecx, edx := edx, ebx := ebx, ebp := ebp, edi := edi */
}
// address: 0x100059f0
__size32 proc5(__size32 param1, __size32 param2, __size32 param3, __size32 param4) {
__size32 eax; // r24
__size32 ebp; // r29
__size32 ecx; // r25
__size32 edx; // r26
__size32 local0; // param2{36}
__size32 local1; // param3{37}
local0 = param2;
local1 = param3;
if (param1 != 1) {
eax = 0;
ebp = param4;
} else {
CreateThread();
local0 = ecx;
local1 = edx;
eax = 1;
ebp = 0;
}
param2 = local0;
param3 = local1;
return eax; /* WARNING: Also returning: ecx := param2, edx := param3, ebp := ebp */
}
// address: 0x10005ddd
void proc6() {
global2 = -1;
return;
}
// address: 0x100062a5
void proc7(__size32 *param1) {
__size32 ecx; // r25
__size32 local0; // m[esp]
ecx = *(param1 - 16);
*(__size32*)0 = ecx;
*(__size32*)param1 = local0;
return;
}
// address: 0x10006180
int proc11(unsigned int param1, unsigned char param2, unsigned int param3, unsigned int param4) {
__size16 ax; // r0
__size16 cx; // r1
unsigned char dl; // r10
__size32 eax; // r24
unsigned int eax_1; // r24{64}
int eax_2; // r24{69}
int eax_3; // r24{89}
__size32 eax_4; // r24{57}
__size32 eax_5; // r24{39}
unsigned int edx; // r26
int esp; // r28
unsigned int local1; // m[esp - 48]
int local4; // eax_2{105}
eax = *0;
*(int*)0 = (esp - 20);
eax_5 = proc12(0x10000000, param2, param3); /* Warning: also results in ax, cx, dl, edx */
if (eax_5 == 0) {
L1:
eax_3 = 0;
*(__size32*)0 = eax;
local4 = eax_3;
} else {
local1 = param1 - 0x10000000;
eax_4 = proc13(0x10000000, local1, param4); /* Warning: also results in edx */
if (eax_4 == 0) {
goto L1;
} else {
eax_1 = *(eax_4 + 36);
eax_2 = !(eax_1 / 0x80000000) & 0x1;
*(__size32*)0 = eax;
local4 = eax_2;
}
}
eax_2 = local4;
return eax_2; /* WARNING: Also returning: ax := ax, cx := cx, dl := dl, edx := edx */
}
// address: 0x100060f0
unsigned int proc12(__size16 *param1, unsigned char param2, unsigned int param3) {
short ax; // r0
short cx; // r1
unsigned char dl; // r10
unsigned int eax; // r24
unsigned int edx; // r26
unsigned char local0; // param2{50}
unsigned int local1; // param3{53}
cx = (unsigned short) param1;
local0 = param2;
local1 = param3;
if (*param1 == 0x5a4d) {
eax = *(param1 + 60);
if (*(eax + param1) != 0x4550) {
L1:
eax = 0;
ax = 0;
} else {
cx = 267;
dl = (*(eax + param1 + 24) == 267) ? 1 : 0;
edx = 0 >> 8 & 0xffffff | (dl);
eax = edx;
ax = (unsigned short) edx;
local0 = dl;
local1 = edx;
}
} else {
goto L1;
}
param2 = local0;
param3 = local1;
return eax; /* WARNING: Also returning: ax := ax, cx := cx, dl := param2, edx := param3 */
}
// address: 0x10006130
__size32 proc13(__size32 param1, unsigned int param2, unsigned int param3) {
unsigned int eax; // r24
unsigned int ebx_1; // r27{29}
__size32 ecx; // r25
__size32 edx; // r26
__size32 edx_1; // r26{82}
unsigned int esi; // r30
__size32 local0; // edx_1{82}
ecx = *(param1 + 60);
eax = *(unsigned short*)(ecx + param1 + 20);
esi = *(unsigned short*)(ecx + param1 + 6);
edx = 0;
eax = eax + ecx + param1 + 24;
if (esi == 0) {
L1:
eax = 0;
local0 = edx;
} else {
do {
edx_1 = edx;
ecx = *(eax + 12);
local0 = edx_1;
if (param2 >= ecx) {
ebx_1 = *(eax + 8);
param3 = ebx_1 + ecx;
if (param2 < ebx_1 + ecx) {
goto L0;
}
goto L2;
}
L2:
edx = edx_1 + 1;
eax += 40;
} while (edx_1 + 1 < esi);
goto L1;
}
L0:
edx_1 = local0;
return eax; /* WARNING: Also returning: edx := edx_1 */
}
|
|
|
| Back to top |
|
 |
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu Jun 21, 2012 5:39 am Post subject: |
|
|
| well firstly it needs a main/entry point (called dllmain) for a dll. that is really the only requirement. so you'll have to retrieve that information before you go further |
|
| Back to top |
|
|
gooban
How do I cheat?
![]() Reputation: 0
Joined: 16 Aug 2009
Posts: 3
|
| Posted: Thu Jun 21, 2012 5:50 am Post subject: |
|
|
| Slugsnack wrote: | | well firstly it needs a main/entry point (called dllmain) for a dll. that is really the only requirement. so you'll have to retrieve that information before you go further |
so I can't make the dllmain? is this only obtainable from the creator of the program or is there some way I can extract this from the dll itself |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu Jun 21, 2012 6:54 am Post subject: |
|
|
the dllmain MIGHT be empty so you can get away with just adding the following then it will compile:
| Code: | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
return TRUE;
} |
however, if dllmain is used to do some sort of initialisation, that will be missing because you have specified an empty one. to clarify, dllmain is a mandatory function in a dll which is invoked on special events, loading, unloading, etc. initialisation/cleanup is typically done in dllmain so if you are missing it, the dll might not function as intended.
you should actually be able to recover dllmain, i don't see why your tool would fail to provide such functionality.
regarding whether doing this will do what you want really depends what you want to do with the dll. do you need it mapped back into a process and used? because, if so you also need to recover the missing symbol information. for example, all the functions are currently named procX... any code that uses the dll either statically linked against some defined interface (header file) which is no longer consistent with the code at runtime. the second option is that the code using the library dynamically resolves the function addresses through getprocaddress by name or ordinal in which case you're also screwed because it is unlikely the ordinal and name assigned by your dumped code matches the original
if you need to recover such symbol information, you can look at the dll's export tables or in code that uses it, check the import table. however, i'm suspecting that information might not exist or your tool would have picked it up already |
|
| Back to top |
|
|
gooban
How do I cheat?
![]() Reputation: 0
Joined: 16 Aug 2009
Posts: 3
|
| Posted: Sat Jun 23, 2012 12:33 am Post subject: |
|
|
ok, I'm probably screwed trying to recompile it in this method.
The dll injects into an online game and is used for client-side hacks.
My purpose for doing this is to bypass a HWID authentication because the authentication server often crashes, also crashing my game or is offline for long periods of time.
After a bit of searching, it may seem that Ollydbg might be my best bet to do this, but I'll have to research some more.
Thanks
-edit-
lol, even though the file is only 36kB, it's doing my head in. I'm trying to learn how to read assembly code with all the jmp's and whatnot. Good fun, but I'm pretty sure at this point my efforts will bare no fruit |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
