Sign in to follow this  
Followers 0
oleg

Dll Functions

20 posts in this topic

#1 ·  Posted (edited)

Hi there

I have a Lord Of The Rings BFME 2 game on my hands and there is funny thing with it .

When you install the game you enter a cd key when installation is finished it encrypts CD Key and Windows Serial Number ( or some other data ) to a game2.dat file that is created in installation directory .

The funny thing is when you need to install a game to 50 - 100 computers you go like :mellow:

Because its actually checks the encrypted Game2.dat if it match with Serial Numbers and if not dosent allow multiplay match .

The installation is done by Autorun.exe And AutoRunGUI.dll

Well my question is it possible to debug what function the Autorun.exe calls to encrypt the cd key and execute it ?

This would basically allow to encrypt cd key on the fly :) And make License Management a pieace of cake :)

I provide Both Files here so could you experts take a look ?

Edited by Jon

There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites



Any thoughts ?


There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites

Anybody ?


There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites

Section contains the following exports for AutoRunGUI.dll

0 characteristics

43DEBD96 time date stamp Mon Jan 30 19:29:58 2006

0.00 version

1 ordinal base

58 number of functions

58 number of names

ordinal hint RVA name

1 0 00006480 dllALLStartups

2 1 00005A80 dllAdvancedUserDialog

3 2 00006B30 dllAfterCDRequest

4 3 00006480 dllAfterCancelInstallGame

5 4 00006480 dllAfterCopyCacheFiles

6 5 00006480 dllAfterCreateDesktopItem

7 6 000064E0 dllAfterCreateStartMenuItems

8 7 00006480 dllAfterDirectXInstall

9 8 00006480 dllAfterFlashInstall

10 9 00006480 dllAfterGameSpyInstall

11 A 00006480 dllAfterIE55Patch

12 B 00006480 dllAfterIEInstall

13 C 00006480 dllAfterLanguageSelection

14 D 00006480 dllAfterPatching

15 E 00006480 dllAfterRunGameInstallSpecificExe

16 F 00006400 dllAtStartup

17 10 00006480 dllBeforeALLRunGame

18 11 000065C0 dllBeforeCDKey

19 12 00006B10 dllBeforeCDRequest

20 13 00006470 dllBeforeCancelInstallGame

21 14 00006450 dllBeforeCopyCacheFiles

22 15 00006480 dllBeforeCreateDesktopItem

23 16 00006480 dllBeforeDirectXInstall

24 17 00006480 dllBeforeEReg

25 18 00006480 dllBeforeFlashInstall

26 19 00006480 dllBeforeGameSpyInstall

27 1A 00006480 dllBeforeIE55Patch

28 1B 00006480 dllBeforeIEInstall

29 1C 00006480 dllBeforePatching

30 1D 00006460 dllBeforeRunGameInstallSpecificExe

31 1E 00006480 dllBeforeUnloadDLL

32 1F 00006B30 dllCopySize

33 20 00006ED0 dllDefaultDirectory

34 21 00006B30 dllDefaultStartMenuDirectory

35 22 00005BF0 dllDemoDialog

36 23 00006F80 dllDisplayAllDialogs

37 24 00005D90 dllEULADialog

38 25 000062B0 dllEntertainUser

39 26 00006330 dllEntertainUserWithSlideShow

40 27 00005E40 dllGameSpyDialog

41 28 000063E0 dllGetCompileDate

42 29 00006490 dllInstallDirectory

43 2A 00006500 dllInstallationCompleted

44 2B 00005D00 dllLicenseDialog

45 2C 00006540 dllMacromediaFlashDialog

46 2D 00006B30 dllMaximumPriorityCopied

47 2E 000064C0 dllMessageBox

48 2F 00006290 dllPleaseWaitDialog

49 30 00005FC0 dllSelectLanguageDialog

50 31 00006520 dllSetDebugMode

51 32 00006AE0 dllSetERegDisplayName

52 33 00006A90 dllSetFriendlyProductName

53 34 000063C0 dllSetLanguage

54 35 000065D0 dllSetProductTitle

55 36 000065A0 dllSplashScreen

56 37 00006130 dllStartMenuDialog

57 38 00005EB0 dllToolsLicenseDialog

58 39 00006040 dllUserTypeDialog

here are the functions in that dll

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

and the imports of the exe file

hope these help

autorunexeimports.txt

Edited by death pax

Share this post


Link to post
Share on other sites

at first glance (dissasembled, since i cant debug it without having to crack the cd protection first :)) there are 2 points of interest.

check them out for yourself.

.text:00411C73               mov     ebp, [esp+2Ch+arg_7034]
.text:00411C7A               mov     edi, ebp
.text:00411C7C               mov     esi, offset a1234abcd56ef78; "1234ABCD-56EF-78GH-90IJ-123456KLMNOP"
.text:00411C81               mov     ecx, 25h
.text:00411C86               xor     edx, edx      ; Logical Exclusive OR
.text:00411C88               repe cmpsb          ; Compare Strings
.text:00411C8A               jz   short loc_411D07; Jump if Zero (ZF=1)
.text:00411C8C               lea     eax, [esp+2Ch+var_14]; Load Effective Address
.text:00411C90               push   eax
.text:00411C91               push   ecx
.text:00411C92               mov     ecx, esp
.text:00411C94               mov     [esp+34h+var_8], esp
.text:00411C98               push   offset aProductguiid; "ProductGuiID"
.text:00411C9D               call   sub_4046E0   ; Call Procedure
.text:00411CA2               push   ecx
.text:00411CA3               mov     ecx, esp
.text:00411CA5               mov     [esp+38h+var_10], esp
.text:00411CA9               push   offset aSpecial; "Special"
.text:00411CAE               mov     [esp+3Ch+arg_7024], 4
.text:00411CB6               call   sub_4046E0   ; Call Procedure
.text:00411CBB               lea     ecx, [esp+38h+var_4]; Load Effective Address
.text:00411CBF               mov     [esp+38h+arg_7024], 2
.text:00411CC7               call   sub_41A180   ; Call Procedure
.text:00411CCC               mov     eax, [esp+2Ch+var_14]
.text:00411CD0               mov     esi, ebp

.text:0040CB17               mov     esi, offset a1234abcd56ef78; "1234ABCD-56EF-78GH-90IJ-123456KLMNOP"
.text:0040CB1C               rep movsd            ; Move Byte(s) from String to String
.text:0040CB1E               push   eax
.text:0040CB1F               mov     [esp+24h], dl
.text:0040CB23               mov     eax, [esp+24h]
.text:0040CB27               push   eax
.text:0040CB28               movsb                ; Move Byte(s) from String to String
.text:0040CB29               lea     esi, [ebp+arg_3254]; Load Effective Address
.text:0040CB2F               push   esi
.text:0040CB30               lea     ecx, [esp+2Ch+arg_140]; Load Effective Address
.text:0040CB37               push   ecx
.text:0040CB38               push   1
.text:0040CB3A               lea     ecx, [esp+34h+var_8]; Load Effective Address
.text:0040CB3E               call   sub_412050   ; Call Procedure
.text:0040CB43               test   eax, eax       ; Logical Compare
.text:0040CB45               jnz     loc_40D964  ; Jump if Not Zero (ZF=0)
.text:0040CB4B               mov     eax, esi
.text:0040CB4D               lea     edx, [eax+1]   ; Load Effective Address

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post


Link to post
Share on other sites

Should this thread be re-titled "Please help me crack copy protection for Lord Of The Rings BFME 2 for 50-100 computers"?

Share this post


Link to post
Share on other sites

Should this thread be re-titled "Please help me crack copy protection for Lord Of The Rings BFME 2 for 50-100 computers"?

And to continue in that direction, wouldn't this be illegal...?

Share this post


Link to post
Share on other sites

Oh come on now... read all his/her posts... he's so much on the up and up... his 'Corporation' needs all this stuff done.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Oh come on now... read all his/her posts... he's so much on the up and up... his 'Corporation' needs all this stuff done.

Now that you brought it up, and I did go back and read all his posts in the forums, it sounds like his 'corporation' is generating a swarm of remotely controllable bots to take over a widespread number of Windows PCs.

If the problem with mass distribution of a copy protected piece of software runs into 50 to 100 copies, I'm sure the legitimate vendor would be more than happy to sit down and discuss a customised version just for the 'corporation', and offer a special deal on the whole package, including a reduced cost on multiple copies.

Sorry, it just smells a little too much like the 'corporation' is one of those based in Russia or Sicily, or rented out to spammers for profit. I'd be more than happy to have my suspicions laid to rest.

:):mellow::)

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

:>:>:>

Dudes :) there is no corporation behind this :mellow: Just me and few other fellows :)

And let me explain

I dont want to crack protection I want to manage the licenses of this game automatically ? Do you get it ?Legal Licenses Management :o

I have a companny that support internet cafes so i need to give them abilty to work legaly without a need of installing the game to just some of their machines but to all and dynamicaly manage the licenses they have ?

Do you get it ?

This would basically allow to encrypt cd key on the fly And make License Management a pieace of cake

Edited by oleg

There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites

I don't get it... if this is a 'Legitimate Business' and your questions are 'Legitimate'... Why do you ask questions like:

Hi

Im trying to hide a process that i run with @sw_hide flag but have no sucess :mellow:

Tis process have two threads is this could be related ?

I dont want to hide windows that this process creates one by one because they still become visible :)

Any :)

1. As stated before, if you need multiple copies of a product being sold, just work out a deal with the manufacturer.

2. If these are your Cafe(s)... Why do you need to "Hide" your own applications? (And please don't be so lame as to say... I want to keep them from using task manager... Use windows permissions for them)

3. If these are for your "Clients" Cafe(s)... What right do you feel you have to hide software on their PC's?


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

I don't get it... if this is a 'Legitimate Business' and your questions are 'Legitimate'... Why do you ask questions like:

1. As stated before, if you need multiple copies of a product being sold, just work out a deal with the manufacturer.

2. If these are your Cafe(s)... Why do you need to "Hide" your own applications? (And please don't be so lame as to say... I want to keep them from using task manager... Use windows permissions for them)

3. If these are for your "Clients" Cafe(s)... What right do you feel you have to hide software on their PC's?

Ok then i will explain :)

1) We dont own a Cyber Cafe we support them :mellow:

2) The Cyber Cafes ( our clients ) Have costumers That extremly stupid kids / teenagers ( i dont need to explain this )

3) We have figured it out on how to manage the licenses without the need off Dll Calls ( still dll calls would work beter )

You ask how ?

I answer : The game setup process goes through different functions CD Key dialogue / Directory Dialogue / Firewall etc .

So we have ripped the content of the cd and left only things that setup needs to encrypt cd key :) Ok ?

Now i have wrote a script that gets a cd key as a cmd line parameter and initiate a setup process .

That way when it finishes the LEGAL CD KEY IS encrypted and in place and all this done realtime DYNAMICALLY !

So the problem is that the Autorun.exe < the setup process becomes visible AND as i mentioned some stupid costumer might press X button and the game wont run correctly !

So is it clear why i want to hide this process ?


There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

So the problem is that the Autorun.exe < the setup process becomes visible AND as i mentioned some stupid costumer might press X button and the game wont run correctly !

So is it clear why i want to hide this process ?

No...That still makes no sense what so ever!

Even hiding the 'Process', the setup windows would still be visible, therefore allowing anyone to do your so called X. Hiding' the 'Process' would not stop them from doing this.

Edited by SmOke_N

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

No...That still makes no sense what so ever!

Even hiding the 'Process', the setup windows would still be visible, therefore allowing anyone to do your so called X. Hiding' the 'Process' would not stop them from doing this.

Ok i can hide windows that setup process creates but its still not look good :) Its not nice to see windows popup in your face :o I will create a Gui that will inform of the Cd Key Installation and will be topmost window so the popup windows wont be seen :)

Something Else

There is no need to be so negative guys .

I want to state that for me Autoit forum is the best place where people really help each others .

So lets keep it this way :mellow:

I really hope that any of you guys expirienced programmers would help us with this .

Edited by oleg

There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites

Ok i can hide windows that setup process creates but its still not look good :) Its not nice to see windows popup in your face :o I will create a Gui that will inform of the Cd Key Installation and will be topmost window so the popup windows wont be seen :)

Something Else

There is no need to be so negative guys .

I want to state that for me Autoit forum is the best place where people really help each others .

So lets keep it this way :mellow:

I really hope that any of you guys expirienced programmers would help us with this .

Just out of curiousity, have you checked if this game has a silent install / verification / run switch?

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Just out of curiousity, have you checked if this game has a silent install / verification / run switch?

Yes didnt found anything :mellow:

I guess i will stick with GUI for now and see if we can comeup with anything else :)


There is a hex ( 31303030303030 ) reasons i love AutoIt !

Share this post


Link to post
Share on other sites

So the problem is that the Autorun.exe < the setup process becomes visible AND as i mentioned some stupid costumer might press X button and the game wont run correctly !

So is it clear why i want to hide this process ?

How about _MouseTrap?

Also who makes the installer for the application?


[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Share this post


Link to post
Share on other sites

Also who makes the installer for the application?

Ancient Chinese Secret... :mellow::)

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0