#16
|
|||
|
|||
Quote:
Can you explain in full? Or compile this at all and tell me the method Thankful |
The Following User Says Thank You to mcr4ck For This Useful Post: | ||
countryboy (09-22-2021) |
#17
|
|||
|
|||
it is a precompiled header file
look at Quote:
|
The Following 2 Users Say Thank You to xobor For This Useful Post: | ||
countryboy (09-22-2021), niculaita (07-30-2021) |
#18
|
|||
|
|||
I din't notice
If possible, compile this completely and send it to me Because I do not know much about C or C++ language Thanks to friends who know me for compiling this and sending it to me |
The Following User Says Thank You to mcr4ck For This Useful Post: | ||
countryboy (09-22-2021) |
#19
|
|||
|
|||
See example - Loader for WIN32-PE (no ASLR!) - Sources for MSVC.
For packed program set in source code: Quote:
Last edited by dosprog; 08-05-2021 at 01:36. |
The Following 2 Users Say Thank You to dosprog For This Useful Post: | ||
countryboy (09-22-2021), niculaita (08-04-2021) |
#20
|
|||
|
|||
Thanks a lot
But I want to compile this code Did anyone compile this code? Quote:
|
The Following User Says Thank You to mcr4ck For This Useful Post: | ||
countryboy (09-22-2021) |
#21
|
||||
|
||||
Parts are missing
... ...
__________________
Decode and Conquer |
#22
|
|||
|
|||
Why do you say parts are missing?
please help |
#23
|
|||
|
|||
Because parts are missing.
U must have "detours" package with "detours.lib" file for compile this code. As minimum. And then replace strings "???????" with valid values. But. See my previous post with example of WIN32-PE patch-loader. Its simple and independent code, works fine on several tasks. Detours package i do not use, no need. Last edited by dosprog; 08-06-2021 at 02:40. |
The Following User Says Thank You to dosprog For This Useful Post: | ||
niculaita (08-06-2021) |
#24
|
|||
|
|||
"detours" package
https://mega.nz/file/SAwS2TzA#RHRKsixO1Eq2vP1589raQrB3sJYoWOFbHHH8fHAMl-A Quote:
|
The Following 2 Users Say Thank You to mcr4ck For This Useful Post: | ||
countryboy (09-22-2021), niculaita (08-07-2021) |
#25
|
|||
|
|||
#include <iostream> // Standard C++ library for console I/O
#include <string> // Standard C++ Library for string manip #include <Windows.h> // WinAPI Header #include <TlHelp32.h> //WinAPI Process API // use this if you want to read the executable from disk HANDLE MapFileToMemory(LPCSTR filename) { std::streampos size; std::fstream file(filename, std::ios::in | std::ios::binary | std::ios::ate); if (file.is_open()) { size = file.tellg(); char* Memblock = new char[size](); file.seekg(0, std::ios::beg); file.read(Memblock, size); file.close(); return Memblock; } return 0; } int RunPortableExecutable(void* Image) { IMAGE_DOS_HEADER* DOSHeader; // For Nt DOS Header symbols IMAGE_NT_HEADERS* NtHeader; // For Nt PE Header objects & symbols IMAGE_SECTION_HEADER* SectionHeader; PROCESS_INFORMATION PI; STARTUPINFOA SI; CONTEXT* CTX; DWORD* ImageBase; //Base address of the image void* pImageBase; // Pointer to the image base int count; char CurrentFilePath[1024]; DOSHeader = PIMAGE_DOS_HEADER(Image); // Initialize Variable NtHeader = PIMAGE_NT_HEADERS(DWORD(Image) + DOSHeader->e_lfanew); // Initialize GetModuleFileNameA(0, CurrentFilePath, 1024); // path to current executable if (NtHeader->Signature == IMAGE_NT_SIGNATURE) // Check if image is a PE File. { ZeroMemory(&PI, sizeof(PI)); // Null the memory ZeroMemory(&SI, sizeof(SI)); // Null the memory if (CreateProcessA(CurrentFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI)) // Create a new instance of current //process in suspended state, for the new image. { // Allocate memory for the context. CTX = LPCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE)); CTX->ContextFlags = CONTEXT_FULL; // Context is allocated if (GetThreadContext(PI.hThread, LPCONTEXT(CTX))) //if context is in thread { // Read instructions ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&ImageBase), 4, 0); pImageBase = VirtualAllocEx(PI.hProcess, LPVOID(NtHeader->OptionalHeader.ImageBase), NtHeader->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE); // Write the image to the process WriteProcessMemory(PI.hProcess, pImageBase, Image, NtHeader->OptionalHeader.SizeOfHeaders, NULL); for (count = 0; count < NtHeader->FileHeader.NumberOfSections; count++) { SectionHeader = PIMAGE_SECTION_HEADER(DWORD(Image) + DOSHeader->e_lfanew + 248 + (count * 40)); WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + SectionHeader->VirtualAddress), LPVOID(DWORD(Image) + SectionHeader->PointerToRawData), SectionHeader->SizeOfRawData, 0); } WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&NtHeader->OptionalHeader.ImageBase), 4, 0); // Move address of entry point to the eax register CTX->Eax = DWORD(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint; SetThreadContext(PI.hThread, LPCONTEXT(CTX)); // Set the context ResumeThread(PI.hThread); //´Start the process/call main() return 0; // Operation was successful. } } } } // enter valid bytes of a program here. unsigned char rawData[37376] = { 0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; int main() { RunPortableExecutable(rawData); // run executable from the array getchar(); } |
The Following 3 Users Say Thank You to cdrom0 For This Useful Post: | ||
#26
|
|||
|
|||
Quote:
|
The Following User Says Thank You to Top10 For This Useful Post: | ||
countryboy (09-22-2021) |
#28
|
|||
|
|||
Activation Posted Here: Loader V2.1 + Extra Features + Video : by countryboy
Hi, mcr4ck
I am countryboy, I wrote a loader many years ago, the latest Release is posted here ... There are 2 Versions 32bit, and 64bit, and Loader can also be used as Trial Reset. I will be releasing a graphical Interface shortly ... If anyone is interested I wrote a Tutorial, and posted it on CGPersia, and I can post it here if Interested. The Tutorial is from many years ago, and most of it is Images. I have made a lot of changes over the years. The code contains all the basic code, and is in Lazarus Pascal. Have a great day, countryboy HOW THE ACTIVATION LOADER WORKS : I wrote the v1 Loader Code many years ago for HitFilm 64 bit, and BuildBox 32 bit, because no 64 bit Loaders were available. HitFilm can be run in a Debugger, and Code changed, but changes can't be saved, because all Files check others CRC. BuildBox is slow, unpacks in memory, checks CRC of Patched Network.dll, and checks Code Segment Memory CRC of itself. LOADER START : Open LoaderConfig.TXT : Set Defaults, Check version, File Size, Setup messages, and minimize Window. KILL TASK( Program to Patch ) in case it's hung in memory from a previous run. KILL TASK( START ) : Protection Guards, or Crack protection programs loaded by Program to Patch. Needed in HitFilm. Message Box( START ), RUN( START ), RUN REGISTRY( Start only ), RUN( BEFOREPATCH ), and after Registry is done. ASLR : Windows loads programs into random selected Memory requiring search for Program Name to get Segment offset. GOD LIKE PRIVILEGES are requested to Debug, and change programs memory before loading, and starting. TIME CRITICAL : Need to wait for Windows to read Hard drive, and load program into Memory before starting search. Windows Function WaitForSingleObject() waits ReadmemWaitTime : max time in milliseconds to load, and exist in memory, and Windows Function WaitForDebugEvent waits additional 10 milliseconds maximum to finish loading. LET THE SEARCH BEGIN : Windows Function EnumProcessModules() used to search for Programs Name in Memory. While not found : If error then wait 1 millisecond before trying again & if not found after ASLRmemory_MaxAttempts=5000 Set Image Base to Default ASLR, and create a Image Base not found message after 5 seconds the Attempt count. PACKED SLOW LOADING PROGRAMS : use Windows Function WaitForInputIdle() to wait for program to unpack itself. IMAGE BASE FOUND : Program Thread is suspended for Patching, and any Error Messages saved. LoaderConfig.txt opened, and list of Patches done. Code verified to exist before NewCode is written at Offset. If a Error occurs, Patch number is saved, and Patching continues. Critical Errors are displayed later in a Message Box. While Thread is suspended : Error messages displayed, and any RUN( AFTERPATCH ), or MsgBox( AFTERPATCH ) are done. CONTINUE : Resume Thread with Program continuing to Load. Restore any defaults changed like Normal Dos video. If Close Pop Up Box then Loop through list, close WindowName, and all numerical WindowName1 starting with 1,2,3 If WaitTime= Default wait 35 seconds Maximum for Pop up to load. HitFilm Pop up slow due to Loading Internet images. BEFORE QUIT : KILL TASK( END ) Kill Programs, RUN( END ) Start Programs, or Message Box( END ), and QUIT ! Last edited by countryboy; 09-22-2021 at 12:40. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
dot net - how to create keygen using program's code | Maltese | General Discussion | 5 | 06-15-2011 09:02 |