apTmusic 0 Опубликовано 12 февраля, 2013 Нужна помощь в смене логин порта в Engine.dll на клиенте C6 Interlude. ;Lineage 2 authorization port changer, version 1.2b ;Copyleft (?) GoldFinch, 2008 ; ;You may freely use, modify and distribute this code. ; ;Compile this file with fasm (http://flatassembler.net) ;===================== SETUPS =========================== ;pattern virtual use32 ;- begin - pushd 9015 ;- end --- load PATTERN dword from $$ end virtual ;================ MACRO DEFINITIONS ===================== ;High-level-like imported api calls macro. ;Lite version with procedure calls and string constants with "\n" support. macro IMPORTS [dll,funclist] { common data import forward dd 0,0,0,rva a#dll, rva v#dll common dd 0,0,0,0,0 end data forward v#dll: irp func,funclist \{ p\#func dd rva a\#func macro func [line*] \\{common match (arglist)tail,line* \\\{ push_r arglist \\\} call [p\#func] \\} \} dd 0 forward a#dll db `dll#".dll",0 irp func,funclist \{a\#func db 0,0,\`func,0\} } macro push_r [arg] { reverse if arg eqtype "" call @f local str str db arg,0 @@: fix_str str,$-str else pushd arg end if } macro fix_str pStr,nLen { repeat nLen-1 load w word from pStr+%-1 if w="\n" store word 0x0D0A at pStr+%-1 end if end repeat } ;============================================== ;Some console output macro (print and println) macro __print text { local size,str push_r size,0,0 call @f str db text @@: size = $-str fix_str str,size WriteFile([stdout]) } macro __printf format,[arglist] { common wsprintfA(gMsgBuf,format,arglist) local ..argcount ..argcount=0 forward ..argcount=..argcount+1 common add esp,8+..argcount*4 WriteFile([stdout],gMsgBuf,eax,0,0) } macro print format,[arg] {common if arg eq __print format else __printf format,arg end if } macro println format,[arglist] {common print format#"\n",arglist} ;********************* PROGPAM CODE ************************************************** format PE console section 'O_o' code readable executable writeable IMPORTS KERNEL32, < GetStdHandle,WriteFile,ReadFile,CreateFileA,SetFilePointer,GetLastError,CopyFileA,LoadLibraryA,CloseHandle,\ FreeLibrary,DeleteFileA,ExitProcess>,\ USER32, entry $ GetStdHandle(-11) ;STD_OUTPUT_HANDLE mov [stdout],eax GetStdHandle(-10) ;STD_INPUT_HANDLE mov [stdin],eax print "L2 authorization port changer version 1.2b\nCopyleft (?) GoldFinch, 2008\n\n"#\ "This program changes auth port number in engine.dll\nIt must be placed in lineage2\system folder\n"#\ "Enter '1' to proceed or nothing to terminate program: " ReadFile([stdin],gMsgBuf,1024,nRead,0) cmp byte[gMsgBuf],"1" jne exit_err ;------------------------------------------------ ;[1] Analyse file print "Opening engine.dll ... " CreateFileA("engine.dll",0xC0000000,1,0,3,0,0) cmp eax,-1 jnz open_ok GetLastError() println "failed with error code = %#x",eax jmp exit_err open_ok: mov [hFile],eax println "OK" ;Get PE header offset SetFilePointer([hFile],0x3C,0,0) ReadFile([hFile],dwPE,4,nRead,0) ;Get entrypoint mov eax,[dwPE] add eax,0x28 SetFilePointer([hFile],eax,0,0) ReadFile([hFile],Entrypoint,4,nRead,0) ;Check if file was patched cmp [Entrypoint],4 jnz not_patched ;_______________________________________________ ;File is already patched println "WARNING: File is already patched"; ;Get port value SetFilePointer([hFile],port_value-__patch_data,0,0) ReadFile([hFile],port_value,4,nRead,0) println "Current port number is %d",[port_value] ;Ask new port value call InputPortNumber ;Write new port value SetFilePointer([hFile],port_value-__patch_data,0,0) WriteFile([hFile],port_value,4,nWritten,0) CloseHandle([hFile]) ;Exit println "Port number was changed.\n\nPress [Enter] to close log." ReadFile([stdin],gMsgBuf,1,nRead,0) ;OR die () ExitProcess(0) ;_______________________________________________ ;File is not patched not_patched: ;Make a copy of file to load it print "Creating temporary file engine.tmp ... " CopyFileA("engine.dll","engine.tmp",0) test eax,eax jnz copy_ok GetLastError() println "failed with error code = %#x",eax jmp exit_err copy_ok: println "OK" ;Load dll print "Loading engine.tmp ... " LoadLibraryA("engine.tmp") test eax,eax jnz load_ok GetLastError() println "failed with error code = %#x",eax DeleteFileA("engine.tmp") jmp exit_err load_ok: mov [hEngine],eax println "OK" ;Get image size mov eax,[hEngine] add eax,[dwPE] pushd [eax+0x50] ;SizeOfImage popd [sizeOfImage] ;Find pattern print "Looking for the pattern %#08x ... ",PATTERN mov edi,[hEngine] mov ecx,[sizeOfImage] mov eax,PATTERN cld @@: repne scasb test ecx,ecx jz @f cmp dword[edi-1],eax jne @r jmp _found @@: println "not found. \n Base=%x, Size=%x",[hEngine],[sizeOfImage] jmp exit_err _found: sub edi,[hEngine] ;get rva println "OK, found at rva %#x",edi add [port_delta],edi ;Ask port number call InputPortNumber ;Change entrypoint mov eax,[Entrypoint] add [oep_rel],eax mov [Entrypoint],4 mov eax,[dwPE] add eax,0x28 ;Entrypoint SetFilePointer([hFile],eax,0,0) WriteFile([hFile],Entrypoint,4,nWritten,0) ;Write patch code SetFilePointer([hFile],0,0,0) WriteFile([hFile],__patch_data,__patch_size,nWritten,0) println "%#x bytes was written.\nEngine.dll was patched with new auth port number.",[nWritten] CloseHandle([hFile]) ;Exit println "\nNow this program will be terminated.\nYou can use it to change port number again.\n"#\ "Warning: probably, this program will crash now, it's normal for this version.\n\n"#\ "Press [Enter] to close log." ReadFile([stdin],gMsgBuf,1,nRead,0) FreeLibrary([hEngine]) DeleteFileA("engine.tmp") ExitProcess(0) ;--------------------------- exit_err: println "\nPress [Enter] to close log." ReadFile([stdin],gMsgBuf,1,nRead,0) ExitProcess(0) ;------------------ InputPortNumber: ;Asking a port number print "Input new port number to patch or nothing to abort patching:\n-> " ReadFile([stdin],gMsgBuf,10,nRead,0) xor eax,eax ;for digits xor edx,edx ;for a number cld mov esi,gMsgBuf mov ecx,[nRead] sub cl,2 ;strip CR,lF jz exit_err ;lmp if empty line str2dw_loo: lodsb imul edx,10 sub al,"0" cmp al,9 ja exit_err ;jmp if not a number add edx,eax loop str2dw_loo mov [port_value],edx ret ;_____________________________________________ ;Patch body align 16 __patch_data: dd "MZ" ;new entrypoint will be here pushd [esp+0x0C] ;copy Dllmain arguments pushd [esp+0x0C] pushd [esp+0x0C] ;call themida "original" entry point db 0xE8 ;"call rel32" ;Relative offset. Must be equal to (OEP RVA) - (ret_addr RVA) oep_rel: dd -(ret_addr-__patch_data) ;= negative ret_addr RVA, add (OEP RVA) here ret_addr: call __base __base: pop edx ;get __base virtual address, rva=4 ;in-memory patch db 0xC7,0x82 ;mov dword[edx+imm32],imm32 ;Patch place delta offset. Must be equal to (PortValue RVA) - (__base RVA) port_delta dd -(__base-__patch_data) ;= negative __base RVA, add (PortValue RVA) here port_value dd 0 ;rva 0x0C ;write desired port value here ret 0x0C ;return to OS __patch_size=$-__patch_data ;_____________________________________________ ;Uninitialized data. Must be at end of section dwPE dd ? Entrypoint dd ? SizeOfImage dd ? ;--------------- hFile dd ? hEngine dd ? ;--------------- nRead dd ? org $-4 nWritten dd ? stdout dd ? stdin dd ? gMsgBuf db 1024 dup (?) на вин7 не получилось скомпилировать. а так же вместо "engine.dll", есть доп библиотека "authport.dll" но её над прикручивать к l2.exe, может у кого есть уже готовоя l2.exe с прекрученым authport.dll? Поделиться сообщением Ссылка на сообщение Поделиться на другие сайты
apTmusic 0 Опубликовано 12 февраля, 2013 /del тему, нашел решение..поздно восползивался поиском. Поделиться сообщением Ссылка на сообщение Поделиться на другие сайты