Очень прошу, переведите пожалуйста с TASM в FASM Заранее спасибо! Код (Text): .686p .model flat include c:\tasm32\include\APImacro.inc extrn __imp__connect:dword DATASEG LineageII db "LineageII.dll",0 ;LineageII.dll is L2Walker (IG), the .exe is nothing but a simple loader. CODESEG public C DllEntryPoint DllEntryPoint proc push ebp mov ebp, esp push ecx call remove_hooks call kill_l2walker mov eax, 1 mov esp, ebp pop ebp ret DllEntryPoint endp remove_hooks proc push ebp mov ebp, esp push ecx mov ebx, __imp__connect ;move the address of ws2_32.connect into ebx lea edx, dword ptr ss:[ebp-4] ;make it so we can write to this address + some odd bytes push edx push 40h push 12h push ebx iWin32 VirtualProtect mov byte ptr [ebx], 08Bh ;this is the start of ws2_32.connect, its the same in every version of Windows mov byte ptr [ebx+1], 0FFh ;hlaphex/l2phx hook the start of this function, so let's just overwrite their hook mov byte ptr [ebx+2], 055h ;with the original function. mov byte ptr [ebx+3], 08Bh mov byte ptr [ebx+4], 0ECh ;until either bots hook the iat, this works beautifully, breaking both l2phx/hlaphex ;with one little sub-routine mov esp, ebp pop ebp ret remove_hooks endp kill_l2walker proc push ebp mov ebp, esp push ecx push offset LineageII ;because walker's lineageii.dll is packed with asprotect iWin32 GetModuleHandleA ;renaming it isn't an option =) cmp eax, 0 ;do we return an address? je @@2 ;if no, continue along. push 0 ;exit code push 0ffffffffh ;-1 is pseudo handle for our process (l2.exe) iWin32 NtTerminateProcess ;l2.exe process silently exits @@2: mov esp, ebp ;continuing along.. pop ebp ret kill_l2walker endp db 6 dup (0) db "Fyyre",0 end DllEntryPoint
Ммм Объясните тогда просто что такое extrn __imp__connect:dword Єто тоже самое что и импорт ws2_32.connect ??? И iWin32 этот тот же CALL?
Перепроверьте на всяк случай как я переделал. А то откомпилировал и результата не добился.... Заранее спасибо Код (Text): format PE GUI 4.0 DLL entry DllEntry include 'INCLUDE\win32a.inc' section '.data' data readable writeable LineageII db "LineageII.dll",0 ;LineageII.dll is L2Walker (IG), the .exe is nothing but a simple loader. section '.text' code readable executable DllEntry: push ebp mov ebp, esp cmp dword [ebp+0Ch], 1 jne @F call remove_hooks call kill_l2walker @@: mov eax, 1 mov esp, ebp pop ebp ret proc remove_hooks push ebp mov ebp, esp push ecx mov ebx, [connect] ;move the address of ws2_32.connect into ebx lea edx, dword [ebp-4] ;make it so we can write to this address + some odd bytes push edx push 40h push 12h push ebx call [VirtualProtect] mov byte [ebx], 08Bh ;this is the start of ws2_32.connect, its the same in every version of Windows mov byte [ebx+1], 0FFh ;hlaphex/l2phx hook the start of this function, so let's just overwrite their hook mov byte [ebx+2], 055h ;with the original function. mov byte [ebx+3], 08Bh mov byte [ebx+4], 0ECh ;until either bots hook the iat, this works beautifully, breaking both l2phx/hlaphex ;with one little sub-routine mov esp, ebp pop ebp ret endp proc kill_l2walker push ebp mov ebp, esp push ecx push LineageII ;because walker's lineageii.dll is packed with asprotect call [ExitProcess] ;renaming it isn't an option =) cmp eax, 0 ;do we return an address? je @@2 ;if no, continue along. push 0 ;exit code push 0ffffffffh ;-1 is pseudo handle for our process (l2.exe) call [ExitProcess] ;l2.exe process silently exits @@2: mov esp, ebp ;continuing along.. pop ebp ret endp ;================================================================================= proc DllBind xor eax, eax inc eax ret endp ;================================================================================= section '.idata' import data readable writeable library kernel32, 'kernel32.dll' library ws2_32, 'ws2_32.dll' import kernel32,\ VirtualProtect, 'VirtualProtect',\ GetModuleHandleA, 'GetModuleHandleA',\ ExitProcess, 'ExitProcess' import ws2_32,\ connect,'connect' section '.reloc' fixups data discardable section '.edata' export data readable writeable export 'nophx.dll',\ DllBind, 'DllBind'
