ȳϽ.
ڵŰ ̶ մϴ.
Էϼ.
̹ Ǵ غϴ.
̶,̺귯 մϴ.
ش ս softwaredebuging ʼε, ˾Ƽ
ش տ ʽÿ.
˷ֱ, Ϸ ġʹԵ Ŷ ؼ Ⱦ˷ 帮ڽϴ.
͵ «̶, ˷ָ ŵ...
׳ ̷и ص帳ϴ.
, Դ 鵵 Ŷ ϴ.
ư ش
߾ Ʃ ִ ε ϱ Լ ֽϴ.
ϸ ΰ...ù ̵ ٸ,
crc ǹ ٰ Ÿ ϴ.
ý Լ ϴ°͵ ѵ, Լ ұ?
̰, ٸ MD5 纻ε.
[ENABLE] //code from here to '[DISABLE]' will be used to enable the cheat createThread(find2) label(goto1) label(goto2) define(find,00C00A20) Registersymbol(find) define(find2,00C00f20) Registersymbol(find2) label(loop) label(put1) 00BFFDC0: db 2A 00BFFDC0+40: dd 59742A13 00BFFDC0+48: dd 1 00BFFDC0+4C: dd 000A7325 find: repne jne find+5 repne ret push ebp mov ebp,esp sub esp,00 push eax find2: push ebp mov ebp,esp sub esp,00000218 push ebx push esi push edi lea edi,[ebp-00000218] mov ecx,00000086 mov eax,CCCCCCCC repe stosd mov eax,[00BFFDC0+40] xor eax,ebp mov [ebp-04],eax mov ecx,00BFFDC0+48 //1 call put1 mov eax,[ebp+08] push 00BFFDC0 //42 push 00000104 mov eax,[ebp+08] push eax call 00A7C710 //7ffff // mov esi,esp lea eax,[ebp-00000148] push eax mov ecx,[ebp+08] push ecx call dword ptr [MapleStory.exe+710054] mov esi,esp call find mov [ebp-00000154],eax cmp dword ptr [ebp-00000154],-01 jne loop mov esi,esp call dword ptr [kernel32.GetLastError] cmp esi,esp call find jmp fun2 loop: mov eax,[ebp-00000148] and eax,20 je loop2 lea eax,[ebp-0000011C] loop2: mov esi,esp lea eax,[ebp-00000148] push eax mov ecx,[ebp-00000154] push ecx call dword ptr [MapleStory.exe+710054]//filae cmp esi,esp call find test eax,eax jne loop mov esi,esp mov eax,[ebp-00000154] push eax call dword ptr [MapleStory.exe+710050] //close fun2: push edx mov ecx,ebp push eax lea edx,[ConsoleApplication11.exe+11CC4]//1 call fun3 pop eax pop edx pop edi pop esi pop ebx mov ecx,[ebp-04] xor ecx,ebp call ConsoleApplication11.exe+11154 add esp,00000218 cmp ebp,esp call ConsoleApplication11.exe+11253 mov esp,ebp pop ebp ret fun3: push ebp mov ebp,esp push ecx push ebx mov ebx,edx mov [ebp-04],ecx push esi xor esi,esi cmp [ebx],esi jle get push edi xor edi,edi mov ecx,[ebx+04] mov eax,[ebp-04] mov edx,[ecx+edi] cmp [edx+eax-04],CCCCCCCC jne get2 mov eax,[ecx+edi+04] add eax,edx mov edx,[ebp-04] cmp [eax+edx],CCCCCCCC je get3 push [ecx+edi+08] mov eax,[ebp+04] push eax call ConsoleApplication11.exe+11352 get2: add esp,08 get3: inc esi add edi,0C cmp esi,[ebx] jl ConsoleApplication11.exe+12174 pop edi get: pop esi pop ebx mov esp,ebp pop ebp ret 00BFFDC0+58: dd #19 scand: label(scand2) push ebp mov ebp,esp sub esp,00000404 { 1028 } mov eax,[00BFFDC0+58] { (19) } xor eax,ebp mov [ebp-04],eax push ebx mov ebx,[ebp+08] push esi mov esi,[ebp+0C] push edi mov edi,[00BFFDC0+48] { (1) } cmp edi,-01 { 255 } je scand2 cmp byte ptr [esi],00 { 0 } je ConsoleApplication11.exe+12A88 push esi call ConsoleApplication11.exe+12B70 add eax,2D { 45 } add esp,04 { 4 } cmp eax,00000400 { 1024 } ja ConsoleApplication11.exe+12A88 push ConsoleApplication11.exe+17BA4 { ("Stack around the variable '") } lea eax,[ebp-00000404] push 00000400 { 1024 } push eax call ConsoleApplication11.exe+11366 push esi lea eax,[ebp-00000404] push 00000400 { 1024 } push eax call ConsoleApplication11.exe+1134D push ConsoleApplication11.exe+17BC0 { ("' was corrupted.") } lea eax,[ebp-00000404] push 00000400 { 1024 } push eax call ConsoleApplication11.exe+1134D add esp,24 { 36 } lea eax,[ebp-00000404] jmp ConsoleApplication11.exe+12A8D mov eax,ConsoleApplication11.exe+18080 { ("Stack corrupted near unknown variable") } push eax push 02 { 2 } push edi push ebx call ConsoleApplication11.exe+12B90 add esp,10 { 16 } mov ecx,[ebp-04] pop edi pop esi xor ecx,ebp pop ebx call ConsoleApplication11.exe+11154 mov esp,ebp pop ebp ret scand2: mov ecx,[ebp-04] pop edi pop esi xor ecx,ebp pop ebx call ConsoleApplication11.exe+11154 mov esp,ebp pop ebp ret scand3: cmp ecx,[ConsoleApplication11.exe+1A004] { (19) } repne jne scand3+5 repne ret repne jmp scand4 scand4: push ebp mov ebp,esp sub esp,00000324 push 17 call ConsoleApplication11.exe+111D6 //76975135 test eax,eax je scand5 mov ecx,00000002 int 29 scand5: mov [ConsoleApplication11.exe+1A248],eax mov [ConsoleApplication11.exe+1A244],ecx mov [ConsoleApplication11.exe+1A240],edx mov [ConsoleApplication11.exe+1A23C],ebx mov [ConsoleApplication11.exe+1A238],esi mov [ConsoleApplication11.exe+1A234],edi mov [ConsoleApplication11.exe+1A260],ss mov [ConsoleApplication11.exe+1A254],cs mov [ConsoleApplication11.exe+1A230],ds mov [ConsoleApplication11.exe+1A22C],es mov [ConsoleApplication11.exe+1A228],fs mov [ConsoleApplication11.exe+1A224],gs pushfd pop [ConsoleApplication11.exe+1A258] mov eax,[ebp+00] mov [ConsoleApplication11.exe+1A24C],eax mov eax,[ebp+04] mov [ConsoleApplication11.exe+1A250],eax lea eax,[ebp+08] mov [ConsoleApplication11.exe+1A25C],eax mov eax,[ebp-00000324] mov [ConsoleApplication11.exe+1A198],00010001 mov eax,[ConsoleApplication11.exe+1A250] mov [ConsoleApplication11.exe+1A154],eax mov [ConsoleApplication11.exe+1A148],C0000409 mov [ConsoleApplication11.exe+1A14C],00000001 mov [ConsoleApplication11.exe+1A158],00000001 mov ecx,00000004 imul edx,ecx,00 mov [edx+ConsoleApplication11.exe+1A15C],00000002 mov eax,00000004 imul ecx,eax,00 mov edx,[ConsoleApplication11.exe+1A004] mov [ebp+ecx-08],edx mov eax,00000004 shl eax,00 mov ecx,[ConsoleApplication11.exe+1A000] mov [ebp+eax-08],ecx push ConsoleApplication11.exe+18230 call ConsoleApplication11.exe+113C5 mov esp,ebp pop ebp ret [DISABLE]
̷ ׳ Լȣ Եȴٸ,sha-256,MD5 ȣȭ Լ鵵 ٸ
iat,eip,crcȸ ʿ ׳ ȣ⸸
ȣس ִ ƽʴϱ?
ٷ ͱ Դϴ.
̷ ͱ ༺ ̿ϴ° ٷ Դϴ.
, ø Լȣ MD5 ̴ ϼ ü ø
Ȥ ̿ظ Ⱦ.(͵ ,«̶ϴ.)
ϸ, MD5ӵ ϴ, ư ߿ġ ?
crc?Ƽ? ? ҿ ϴ.
Լ ׳ Ŀ ϰ 糤 Ŷ, ǹ̰ ŵ.
. ġä̰,̶ ̺귯 Դϴ.
ϴ ⷮ, Ἥ ش ڵ ˾Ƴ
ȯ goto,ý Լ,ó ؾ Ϸ,ü ʰ, ڴ ϳ óϴ ϸ鼭
ͱ Լ ĿβԼ ٲԴ մϴ.
, , ͱ ̿Ͽ, Ѳĥ ̴ Լ ϰ 鶧 ϰ ־, Ŀ ġ ݴϴ...
Ŀα ġ ִ ϳ ϴ.
ƸϿ ȵ 깰̶ ְ, ϵ crc ư ű Ѱ ƴ, ̶ ý Լ ߵ Լ ý Լ ÷ Ÿ ְڽϴ.
, ̹ Լ ̰ ٴϸ, ش
ý Լ û ϴ ߵ , ְ
ý Ѵٸ,ӽ ȿ÷ cpu crc ų ְ ̹ ϴٰ ˷Ͱ , ⱳε ٴ Դϴ.
̴ IAT ͱ ̿ ش ä ƾ մϴ.
IAT ,,õ IAT ̶ ְ...
ٸ, ̿Ͱ ٸ չ ڵ 翬,ϸ, ٺٰ մϴ.
̹ ø ť ذǰŵ.
չ ڰ , ms翡 ,ü ִ ̺귯 Ⱦ,̺귯 ϴ Ͽ Ѵٰ ϸ, Ƹ ̴ϴ.
" ,xڵ帶 ׳ Ŀε̹ ÷ ġ ڳ? ʴ ٺ."
ο...
, Ե ȸ ƴ϶, ȣȯ ؼϸ,
۸ս ϴ.
̷ Լ ɾ XP닚 Ŀ Ǽڵ ļ
ȵ ̺긦 win7ķκ ̹ ø Ƴ ϴ.
xp닚 Ƹ, ɷ¦ ɰſ.
Ͱ Լ ͱ Ͽ, ٲٴ ̶ ̹ ȿ÷ ġ 뼺, ⱳ մϴ.
Ʒ , Լ ɸ Ǯ ִٴ° ش ο췹 ڵ ̿ ٴٸ 鵵 ȭ µ, װ ׳ ý Լٰ ϴ ٷ ̶ ְڽϴ.
غٸ ý Լ Ѱ ƴ,
ϳ %08X ̿ ڿ ȯ Լ 16 Ѿ,
ִ ̺귯 ý ϰԵȴٸ, ó ־ ƨ ݴϴ.
Ʒ ׳ ۸鶧 ٸ ƷͰ ũƮ
׳ ڷ ÷ڽϴ.
push ebp
mov ebp,esp
sub esp,000000D8
push ebx
push esi
push edi
lea edi,[ebp-000000D8]
mov ecx,00000036
mov eax,CCCCCCCC
repe stosd
mov ecx,Dll1.dll+2302D
call Dll1.dll+114F1
lea eax,[ebp+10]
mov [ebp-08],eax
mov eax,[ebp-08]
push eax
mov ecx,[ebp+0C]
push ecx
push F //<<16 ڿ Ŵ Դϴ.
mov edx,[ebp+08]
push edx
call Dll1.dll+16B9D
add esp,10
pop edi
pop esi
pop ebx
add esp,000000D8
cmp ebp,esp
call Dll1.dll+113AC
mov esp,ebp
pop ebp
ret
̴ پ, Ϸ ȶؼ ó 16 ش ̺귯
16̻ ڿ ð ش ڿ о, 16ڰ Ѿ óϴ ڸ ƴ, ڿ зؼ ھƳ־ִ ݴϴ.
ü ִ Լ鵵 ٸ ?
Լ ٲٸ ش Ǯ ְ.
ٸ, ý ϴ Լ ü ư ݾƿ?
ص Ŀ ư, ٸ ư ȭ .
Էϼ.
ϰ ȴٸ,
Էϼ.
̷ ýݿ ϴ Լ ִ
ٲ Ἥ ٲ ֽϴ.
̷ ý ϴ Լ Ѱ Դϴ.
ؼ Ŀ ä, Լ ϴ Ͷ
Ŀβ ġ° ϴ.
ٵ, ƹ , ãƺ ̷ , ãƺ ϴ.
ϰŵ.
ý ϴԼ ִ Ű ̶ .
ư ձ ƴٴ 밳 ¶ ɷ¦ ,
Լ Ϻκ уġ° ,
Ȥ ش ʿ κ ν ü MS簡 ִ Լ ӵ ϴ° ϴ.
sleepde ü ִ sleepex ξ ӵ ɿ?
alloc(sleepdefine,188)
alloc(sleepdefine2,900)
alloc(sleepdefine3,900)
Registersymbol(sleepdefine)
sleepdefine3:
push 38
push KERNELBASE.BemFreeContract+3FE
call KERNELBASE.IsNLSDefinedString+473
mov [ebp-48],00000024
mov [ebp-44],00000001
push 07
pop ecx
xor eax,eax
lea edi,[ebp-40]
repe stosd
xor edi,edi
mov [ebp-1C],edi
cmp [ebp+0C],edi
je sleepdefine3+39
xor edx,edx
lea ecx,[ebp-48]
call dword ptr [KERNELBASE.dll+1058]
mov [ebp-04],edi
push [ebp+08]
lea eax,[ebp-24]
push eax
call KERNELBASE.IsNLSDefinedString+C81
mov esi,eax
cmp esi,edi
jne sleepdefine3+5B
mov [ebp-24],edi
mov [ebp-20],80000000
lea esi,[ebp-24]
push esi
push [ebp+0C]
call dword ptr [KERNELBASE.dll+10FC]
mov [ebp-1C],eax
cmp [ebp+0C],edi
je KERNELBASE.SleepEx+74
cmp eax,00000101
je sleepdefine3+5B
mov [ebp-04],FFFFFFFE
call sleepdefine3+96
mov eax,000000C0
cmp [ebp-1C],eax
je sleepdefine3+8C
xor eax,eax
call KERNELBASE.IsNLSDefinedString+4B8
ret 0008
xor edi,edi
cmp [ebp+0C],edi
je sleepdefine3+A4
lea ecx,[ebp-48]
call dword ptr [KERNELBASE.dll+1050]
ret
int 3
int 3
int 3
int 3
int 3
sleepdefine2:
mov edi,edi
push ebp
mov ebp,esp
push 00
push [ebp+08]
call sleepdefine3
pop ebp
ret 0004
int 3
int 3
int 3
int 3
int 3
sleepDefine:
mov edi,edi
push ebp
mov ebp,esp
pop ebp
jmp sleepdefine2............
mv.....
׳ Լ Դϴ.
״ Ŀδܿ ̴ Լ ϸ,
ϴ ̿ Լȣ ༺ ̿,
⿹ ƾ մϴ.
̿Ͱ Լ û ɾ ý ٲóԴ ġ° Լ ͱ ֽϴ.
Լ ̸,ٸ Լ Ʈϸ ڸ û ϴش û մϴ.
ش Լ, ϳ Լ û ֱ,
ǻ ش Լ , ϳ ̺귯, ¿¿ŵ,̷ ó ش û ϴ ܼ Լ Ͽ Լ ý Լ ٲԴ° ϴ.
մϴ.
, Ŀα Ϻκ̱ , Ǯ鼭,
Ѳ, , ̺귯, ְ Ѱ
Ͱ ̶ Ͽ ϴ.
|