Quotehttp://www.masm32.com/board/index.php?topic=4526.0the information was too few to understand.
QuoteWhat do you want to do?learning every technique which i touched.
Quote from: six_L on May 27, 2006, 02:19:37 PMQuoteWhat do you want to do?learning every technique which i touched.
#include "stdafx.h"
//Forward declaration of Prototypes
BOOL PerformPatch();
//Module of the loaded Library, it's a global variable.
HMODULE hDllMod=0;
char b[1024]; //messages buffer
//////////////////////////////////////////////////////////////////////////
//MAIN PROGRAM PATCH INFO:
//Patch Address info: # elements in following arrays must be synchronized
//for Address/scan/replace
DWORD AddressOfPatch[] = {0x10CA, 0x10CB};
//Patch byte info:
//Search (read) byte. Original bytes read from the dll in memory (attn: #
//elements must be the same of AddressOfPatch)
BYTE scanbyte[] = {0x75, 0x28};
//Found (write) byte. New patch bytes to be written in memory (attn: #
//elements must be the same of AddressOfPatch)
BYTE replbyte[] = {0x75, 0x18};
char szDllName[]=".\\_RegistrationDll.dll";
//////////////////////////////////////////////////////////////////////////
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
// Remove this if you use lpReserved
UNREFERENCED_PARAMETER(lpReserved);
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
#ifdef _DEBUG
//Needed to be able to debug the program from the compiler.
HideDebugger(GetCurrentThread(), GetCurrentProcess());
#endif
hDllMod=::LoadLibrary((LPCSTR)szDllName);
if(hDllMod==NULL) {
//Find the last '\\' to obtain a pointer to just the base module name part
//(i.e. mydll.dll w/o the path)
PSTR pszBaseName = strrchr( szDllName, '\\' );
if ( pszBaseName ) { //We found a path, so advance to the base module name
pszBaseName++;
}
else {
pszBaseName = szDllName; //No path. Use the same name for both
}
sprintf(b, "%s not found.\r\nHave you renamed it as _%s\r\n Is this dll into the same path?",
pszBaseName, (pszBaseName+1));
::MessageBox(NULL, b, "Load Library Failed", MB_OK+MB_TASKMODAL+MB_ICONERROR);
return TRUE;
}
}
break;
case DLL_PROCESS_DETACH:
{
if(hDllMod!=NULL) {
::FreeLibrary(hDllMod);
hDllMod=NULL;
}
}
break;
case DLL_THREAD_ATTACH: {} break; //not used at the moment
case DLL_THREAD_DETACH: {} break; //not used at the moment
}
return TRUE;
}
BOOL PerformPatch() {
int i=0, j=0;
int nPatches=0;
DWORD dwRead=0;
DWORD dwWritten=0;
BYTE DataRead[] = {0};
int AppliedPatches=0;
//////////////////////////////////////////////////////////////////////////
//Apply the patches to the *.exe or *.dll module
//Calculate number of patches / addresses (not always this thing works, but here it is)
nPatches = sizeof(AddressOfPatch) / sizeof(AddressOfPatch[0]);
for ( j = 0; j < nPatches; j++ ) {
LPVOID CurrentAddress= (LPVOID)((DWORD)hDllMod + (DWORD)AddressOfPatch[j]);
//Pay attention that you have to arrive to the patch address through the CurrentProcess
//HANDLE and not through the hDllmod, otherwise access to memory will be denied.
//The GetCurrentProcess API returns the HANDLE of the process owning the program.
ReadProcessMemory(GetCurrentProcess(), CurrentAddress, DataRead, sizeof(BYTE), &dwRead);
if(DataRead[0] == scanbyte[j])
{
WriteProcessMemory (GetCurrentProcess(), CurrentAddress, &replbyte[j], sizeof(BYTE), &dwWritten);
#ifdef _DEBUG
sprintf ( b, "One Patch applied at address: %08X (%02X -> %02X)",
CurrentAddress, (LPVOID) scanbyte[j], (LPVOID) replbyte[j] );
MessageBox(0, b ,"Attention",MB_OK+MB_TASKMODAL);
#endif
AppliedPatches++;
}
}
//Have we successfully patched all the things? If yes clean what we did before.
if(AppliedPatches==nPatches)
return TRUE;
return FALSE;
}
BOOL CheckRegistrationNumber(char *a, char* b) {
//Performs the patch
PerformPatch();
//Call the original method and returns to the caller the result.
BOOL (*fp)(char *, char*);
fp = (BOOL (*)(char *, char*)) GetProcAddress(hDllMod,"CheckRegistrationNumber");
if(fp!=NULL)
return fp(a,b);
else
return FALSE;
}
Quote from: six_L on May 27, 2006, 04:26:27 PM
why can't the technique use to protect the software? :(