Results 1 to 1 of 1
  1. #1
    l3ul3lel3ee
    l3ul3lel3ee is offline
    Guest
    Join Date
    2013 Jul
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Silkroad C++ Dll Client Protection (Anti Unpacking)

    Hey guys miss ya all <3

    this is a small dll source code that i coded in the past when i was interesting in silkroad development.

    What does the job: protecting from sniffing the BFK of the .PK2 files

    Code:
    Code:
         #include <windows.h>
    #include <stdio.h>
    #include <string.h>
    #include "xorstr.h"
    #include "detours.h"
    
    #pragma comment(lib,"detours.lib")
    
    #define ARRAYSIZE(x) sizeof(x)/sizeof(x[0])
    
    DWORD g_ProtectAddress[] =
    {
        0x004978B8,
        0x004CCC4A,
        0x004CCE1F,
        0x0083A84D,
        0x0083A8B1,
        0x0083A90D,
        0x0083A9C5,
        0x0083A969,
        0x0083AE69
    };
    DWORD RandomKey;
    char* pszKey;
    DWORD GetRandomValue()
    {
        DWORD value;
        __asm
        {
            rdtsc
            mov value ,eax
        }
        return value;
    }
    DWORD GetJmpAddr(PBYTE pJmp)
    {
        DWORD m_Addr;
        __asm
        {
            mov eax,pJmp
            add eax,[eax+1]
            add eax,5
            mov m_Addr,eax
        }
        return m_Addr;
    }
    __declspec(naked) void _protectme()
    {
        __asm
        {
            pushfd
            push edx
            push eax
    
            mov eax,RandomKey
            not eax
            xor eax,pszKey
            not eax
            mov edx,[esp+0xC]
            mov [esp+0xC],eax
            mov     eax, edx
            pop     edx
            push    eax
            mov     eax, dword ptr [esp+0x8]
            push    eax
            popfd
            mov     eax, dword ptr [esp+0x4]
            retn    0x8
        }
    }
    void Initialize()
    {
        RandomKey = GetRandomValue();
        pszKey = new char[20];
        strcpy(pszKey,/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1E\xD8"+0x1F16EAF3).s);
        __asm
        {
            not pszKey
            mov eax,RandomKey
            not eax
            xor pszKey,eax
        }
        DWORD oldProtect;
        for(int i=0;i<ARRAYSIZE(g_ProtectAddress);i++)
        {
            DWORD oldAddress = g_ProtectAddress[i];
            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourAttach((void**)&g_ProtectAddress[i],&_protectme);
            DetourTransactionCommit();
            VirtualProtect((PVOID)oldAddress,4,PAGE_EXECUTE_READWRITE,&oldProtect);
            ((PBYTE)oldAddress)[0] = 0xE8;
        }
    }
    BOOLEAN WINAPI DllMain(HINSTANCE hDllHandle,DWORD nReason,LPVOID Reserved    )
    {
        switch(nReason)
        {
            case DLL_PROCESS_ATTACH:
                Initialize();
                break;
            case DLL_PROCESS_DETACH:
                break;
        }
        return TRUE;
    }
    
    How to use:
    
    First of all you must get the push address from the client .exe files aka (sro_client.exe , replacer.exe , silkroad.exe)
    
    i will provide here the vsro 188 address
    
    sro_client.exe:
    Code:
         0x004978B8,
         0x004CCC4A,
         0x004CCE1F,
         0x0083A84D,
         0x0083A8B1,
         0x0083A90D,
         0x0083A9C5,
         0x0083A969,
         0x0083AE69
    silkroad.exe:
    Code:
         0x00430FD3,
         0x00408C15,
         0x00408A17
    
    replacer.exe:
    Code:
         0x00403B23
    
    now what i have to do after i got the address i will replace them in this function:
    Code:
        DWORD g_ProtectAddress[] =
        {
        
    
        };
    now i have to generate the xor key o.o this is example and change it in the dll source code
    Code:
    /*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1 E\xD8"+0x1F16EAF3).s

    now what ?, you have to compile the dll, and add call to the dll in the exes by Import REConstructor 1.7e FINAL, remove the old bfk in the exe files like 169841 make it 90 90 90 90 90 90 or 00 00 00 00 00 00 cuz after you are importing this dll there is no use for the real bfk in the client anymore

    note: i didnt provide how to generate the xor key, cuz i want this section to think how to do that, use your brain , and try to be more respectful in silkroad community, google is your friend

    note2: this method have nothing to do with any other methods i used in any servers development i was in, for example Ludoworks

    note3: after some days i will provide how to generate the xor key but like i said above i would like to see development instead of creating servers...

    note4: you have to recompile the dll 3 times to change the address for every .exe file

    source code in attachments, enjoy love ya guys , new hope, crayu , perry , pokemon man , synx , caipi , PowerPoint , and all of my friends and sro community

    Please register or login to download attachments.


Similar Threads

  1. how to bot on SILKROAD and SILKROADR
    By forsam in forum Silkroad Online
    Replies: 0
    Last Post: 2012-07-05, 12:03 PM
  2. [Guide] Forsaken World client analyzing, debugging, protection
    By Dwar in forum Forsaken World Bots, Hacks, Cheats
    Replies: 15
    Last Post: 2012-02-15, 08:49 PM
  3. [HELP]Silkroad texture
    By Drawing in forum Graphics Requests
    Replies: 3
    Last Post: 2012-02-06, 05:13 AM
Visitors found this page by searching for:

anti unpacking dll source

xorstr.h

sro protection c

XORStr tool

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •