- UID
- 2101886
- 主题
- 0
- 阅读权限
- 20
- 帖子
- 123
- 精华
- 0
- 积分
- 62
- 金钱
- 249
- 荣誉
- 0
- 人气
- 0
- 在线时间
- 2 小时
- 评议
- 0
- 帖子
- 123
- 精华
- 0
- 积分
- 62
- 金钱
- 249
- 荣誉
- 0
- 人气
- 0
- 评议
- 0
|
今天偶然看到一篇破解SecuROM的文章,其中提到的一些关键步骤,却搞不懂,求各位高手帮帮忙,先谢谢了!!
1- Look for a decompiler such as PE Explore - you will need the full-blown version. The trial version does not allow date stamp removal
2- Make a backup copy of paul.dll
3- Decompile paul.dll and run CTRL Y command to get all the values available. You
will see “000h6h6h6? - this is normal, don’t panic. Just run the dissassembler in preferred mode and it will do all the work for ya.
4- Mark every hex ending with 06 as a “tag for later analysis” in group 1. Just conduct a search for them under group 1 and earmark them for later the information is used to detect the absolute offsets to the various content items in the file (for example: mov eax, offset L0041F46A, jmp L004A49FE) - don’t worry about the “49? values, they will never re-appear in the same columm. You should end up with 1026 marked entries. If you have more, then this means you also marked the glossary items found in the same target tree. Just delete these extra files. You will end up saving yourself some time. These entries are created to enable SecuROM in dedicated mode. If you disable this feature, you’ll thank me later. If you don’t then that’s ok, cuz you’ll have to re-enter a second sample of hexes into the decompiler and crash the old values.
5- Change every earmarked hex (except the ones contained in the 2nd tree ending with hex 0c) to check all the new values. You must first render these values with an hex renderer, such as WEP Key Generator, in order to render the proper values.
OPEN UP WEP
SET UP A KEY GENERATION FOR 16 KEYS
ADD A GENERIC ALGORITHM - SOMETHING LIKE “2X3-4+ all 16/500? THIS WILL SET UP THE NEW KEY GENERATOR AND TELL IT TO GENERATE A KEY FOLLOWING THE ASSIGNED FORMULA.
ONCE YOU HAVE GENERATED A FEW THOUSAND KEYS - I RECOMMEND SETTING UP AT LEAST 25,000 KEYS, COLLATE THEM WITH THE FORMULA AND EXPORT THEM BACK TO PE Explorer UNDER “NEW KEYS” AND END THE STATEMENT WITH THE ORIGINAL FORMULA. YOU DECIDE ON YOUR OWN FORMULA BUDDY. IT’S YOUR ASS,
NOT MINE.
NOW YOU WILL HAVE TO ENCODE THE ORIGINAL FORMULA. DON’T PANIC!!! JUST USE SOMETHING LIKE A SAT FORMULA MODEL CHECKER
ENCODE THE FORMULA AND COPY ALL THE RESULTS TO YOUR HEX EDITOR.
COPY THE HEX VALUES AND IMPORT THEM IN PE Explorer.
IS EVERYBODY STILL WITH ME SO FAR???
NOW THE EASY PART!!!
Note that with some PE files, for example those compressed by a packing utility, the original values of these flags do not survive decompression. This can produce very strange disassembly listings. DON’T PANIC !!! To alleviate this problem use the available resource table - NOT THE VALUE TABULATOR, because this will screw everything up. Once you reach the max byte of generated data, you’ll notice something very exciting indeed: YOUR CODE WILL NOW BE RUN IN EMULATION MODE, THEREFORE, IT WILL BE RESIDENT IN THE ACTUAL CODE. Isn’t this just fabulous??? Just a little trick I learned in school… hehe
6- Now don’t get too excited yet…Enter the new values by importing them from PCI Hexer - they will collate themselves in a new library under a second family (tree now ending with the new hexes generated)
7- SecuROM will be automatically disabled at this point - WOOHOO. I always use WS_EX_DLGMODALFRAME command to do this. You decide on your own…
8- Re-enable the partitioned values located in the source .dll and remove the date stamp with PE Explorer
9- re-enter the last tree ending with hex c9 and remove the debug info
10- save the new .dll under paul.dll and overwrite the old file.
replace the overwrite paul.dll with your new project and you’re ALMOST home buddy!
Now you are set to strip the new .dll and restamp it
Restamp the date with PE Explorer
Reset the debug attributes but DON’T IMPLEMENT THE ORIGINAL DATA!!!. This is very important. If you overwrite the data, you’ll screw everything up.
Your last eight (*) bytes are now ready - you should see the new header now commencing with c0060 - this is good
The new class will now be viewable. Delete the original one
save your project
START THE GAME
ENTER THE LAST CODE YOU GENERATED WITH THE WEP KEYGEN
PLAY THE GAME |
|
发表于 2008-8-13 21:47:26
分享
收藏
没有 PE Explore 完整版。
