注册 | 登录

游侠NETSHOW论坛





查看: 3756|回复: 5
打印 上一主题 下一主题

[转贴] 关于crack paul.dll的一些关键点 [复制链接]

帖子
123
精华
0
积分
62
金钱
249
荣誉
0
人气
0
评议
0
跳转到指定楼层
楼主
发表于 2008-8-13 21:47:26 |只看该作者 |倒序浏览
今天偶然看到一篇破解SecuROM的文章,其中提到的一些关键步骤,却搞不懂,求各位高手帮帮忙,先谢谢了!!

1- Look for a decompiler such as PE Explore - you will need the full-blown version. The trial version does not allow date stamp removal

2- Make a backup copy of paul.dll

3- Decompile paul.dll and run CTRL Y command to get all the values available. You
will see “000h6h6h6? - this is normal, don’t panic. Just run the dissassembler in preferred mode and it will do all the work for ya.

4- Mark every hex ending with 06 as a “tag for later analysis” in group 1. Just conduct a search for them under group 1 and earmark them for later the information is used to detect the absolute offsets to the various content items in the file (for example: mov eax, offset L0041F46A, jmp L004A49FE) - don’t worry about the “49? values, they will never re-appear in the same columm. You should end up with 1026 marked entries. If you have more, then this means you also marked the glossary items found in the same target tree. Just delete these extra files. You will end up saving yourself some time. These entries are created to enable SecuROM in dedicated mode. If you disable this feature, you’ll thank me later. If you don’t then that’s ok, cuz you’ll have to re-enter a second sample of hexes into the decompiler and crash the old values.

5- Change every earmarked hex (except the ones contained in the 2nd tree ending with hex 0c) to check all the new values. You must first render these values with an hex renderer, such as WEP Key Generator, in order to render the proper values.

OPEN UP WEP
SET UP A KEY GENERATION FOR 16 KEYS
ADD A GENERIC ALGORITHM - SOMETHING LIKE “2X3-4+ all 16/500? THIS WILL SET UP THE NEW KEY GENERATOR AND TELL IT TO GENERATE A KEY FOLLOWING THE ASSIGNED FORMULA.

ONCE YOU HAVE GENERATED A FEW THOUSAND KEYS - I RECOMMEND SETTING UP AT LEAST 25,000 KEYS, COLLATE THEM WITH THE FORMULA AND EXPORT THEM BACK TO PE Explorer UNDER “NEW KEYS” AND END THE STATEMENT WITH THE ORIGINAL FORMULA. YOU DECIDE ON YOUR OWN FORMULA BUDDY. IT’S YOUR ASS,
NOT MINE.

NOW YOU WILL HAVE TO ENCODE THE ORIGINAL FORMULA. DON’T PANIC!!! JUST USE SOMETHING LIKE A SAT FORMULA MODEL CHECKER
ENCODE THE FORMULA AND COPY ALL THE RESULTS TO YOUR HEX EDITOR.
COPY THE HEX VALUES AND IMPORT THEM IN PE Explorer.

IS EVERYBODY STILL WITH ME SO FAR???

NOW THE EASY PART!!!

Note that with some PE files, for example those compressed by a packing utility, the original values of these flags do not survive decompression. This can produce very strange disassembly listings. DON’T PANIC !!! To alleviate this problem use the available resource table - NOT THE VALUE TABULATOR, because this will screw everything up. Once you reach the max byte of generated data, you’ll notice something very exciting indeed: YOUR CODE WILL NOW BE RUN IN EMULATION MODE, THEREFORE, IT WILL BE RESIDENT IN THE ACTUAL CODE. Isn’t this just fabulous??? Just a little trick I learned in school… hehe

6- Now don’t get too excited yet…Enter the new values by importing them from PCI Hexer - they will collate themselves in a new library under a second family (tree now ending with the new hexes generated)

7- SecuROM will be automatically disabled at this point - WOOHOO. I always use WS_EX_DLGMODALFRAME command to do this. You decide on your own…

8- Re-enable the partitioned values located in the source .dll and remove the date stamp with PE Explorer

9- re-enter the last tree ending with hex c9 and remove the debug info

10- save the new .dll under paul.dll and overwrite the old file.
replace the overwrite paul.dll with your new project and you’re ALMOST home buddy!

Now you are set to strip the new .dll and restamp it
Restamp the date with PE Explorer
Reset the debug attributes but DON’T IMPLEMENT THE ORIGINAL DATA!!!. This is very important. If you overwrite the data, you’ll screw everything up.
Your last eight (*) bytes are now ready - you should see the new header now commencing with c0060 - this is good
The new class will now be viewable. Delete the original one
save your project

START THE GAME
ENTER THE LAST CODE YOU GENERATED WITH THE WEP KEYGEN

PLAY THE GAME

使用道具 举报

帖子
89
精华
0
积分
45
金钱
190
荣誉
0
人气
0
评议
0
沙发
发表于 2008-8-13 22:15:35 |只看该作者
没有 PE Explore 完整版。
看起来很简单,这个方法可以吗?那位同志试试。

使用道具 举报

帖子
123
精华
0
积分
62
金钱
249
荣誉
0
人气
0
评议
0
板凳
发表于 2008-8-13 22:18:14 |只看该作者
我正在试……
万恶的20字!!!!!
还不到!!!

使用道具 举报

帖子
365
精华
0
积分
193
金钱
3117
荣誉
1
人气
0
评议
0
地板
发表于 2008-8-13 22:46:02 |只看该作者
个人感觉重点还是ra3game.dat文件

使用道具 举报

帖子
1955
精华
1
积分
1350
金钱
6280
荣誉
17
人气
23
评议
0
5#
发表于 2008-8-13 22:48:08 |只看该作者

回复 #4 feya 的帖子

同意LS观点。
点此下载免20字补丁

使用道具 举报

帖子
365
精华
0
积分
193
金钱
3117
荣誉
1
人气
0
评议
0
6#
发表于 2008-8-13 22:50:32 |只看该作者
http://digiex.net/games-download ... ks-information.html

这里有座巨高的楼,老外也研究了不少,关于paul.dll、SR的注册表等,MS都不成功

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

手机版|Archiver|游侠NETSHOW论坛 ( 苏ICP备2023007791号 )

GMT+8, 2025-10-25 16:30 , Processed in 0.345124 second(s), 12 queries , Gzip On, Memcache On.

Powered by Discuz! X2

© 2001-2011 Comsenz Inc.

分享到