Sign in to follow this  
Followers 0
Kickassjoe

Language translation

2 posts in this topic

I'm trying to convert some code from ASM to AutoIt. Here's the ASM code

; warcraft 3 cd key grabber by asmhack
; asmhack@live.com
; win32 x86, flat assembler syntax



  format pe console on 'nul'
  entry @@entry
  include 'win32a.inc'



; warcraft 3 uses dma (dynamic memory allocation)
; after some memory analyzing, we can see that RoC key
; is stored everytime at $XXXXXA0 address and the FT key
; is stored 6 bytes after the end of the RoC key
; (the keys are stored encrypted inside an .mpq file after the installation
; and are loaded everytime into the memory when we enter local area network or battle.net)
  WC3_KEY_ADDRESS_PATTERN equ $00000A0
;                                  |
; dma scan addresses jump          |
  WC3_KEY_ADDRESS_JUMP    equ $0010000
;                               |  |
; maximum address               |  |
  WC3_KEY_ADDRESS_MAX     equ $FFF0000+WC3_KEY_ADDRESS_PATTERN
;                            $FFF00A0
; key length
  WC3_KEY_LENGTH      equ $6+$4+$6+$4+$6
;
; key distance |RoC-FT|
  WC3_KEY_DISTANCE    equ WC3_KEY_LENGTH+$6



  section '' import data code writable readable executable



  library kernel32,'kernel32',user32,'user32',advapi32,'advapi32',crtdll,'crtdll'

  import  kernel32,ExitProcess,'ExitProcess',\
           GetCurrentProcess,'GetCurrentProcess',\
           Sleep,'Sleep',\
           OpenProcess,'OpenProcess',\
           ReadProcessMemory,'ReadProcessMemory'

  import    user32,FindWindowA,'FindWindowA',\
           GetWindowThreadProcessId,'GetWindowThreadProcessId',\
           GetAsyncKeyState,'GetAsyncKeyState'

  import  advapi32,OpenProcessToken,'OpenProcessToken',\
           LookupPrivilegeValueA,'LookupPrivilegeValueA',\
           AdjustTokenPrivileges,'AdjustTokenPrivileges'

  import    crtdll,printf,'printf'



  struc TOKEN_PRIVILEGES
{ .privilegecount  dd $0
  .low         dd $0
  .high        dd $0
  .attributes      dd $0 } tkp TOKEN_PRIVILEGES



  roc          db 'RoC: ',$0
  ft           db $D,$A,'FT:  ',$0



  SE_DEBUG_NAME db 'SeDebugPrivilege',$0
  WC3_WND_NAME     db 'Warcraft III',$0



  pro          dd $0
  tmp          dd $0
  chr          db $0
  buffer       rb WC3_KEY_LENGTH+$1   ; buffer to store key
                      ; (size = key length + 1 (null-terminated string))
  message      rb WC3_KEY_LENGTH+$4+$1; buffer to store final formated key
                      ; (size = key length + 4 seperators (-) + 1 (null-terminated string))



  @@entry:
  xor      ebx,ebx

  call     [GetCurrentProcess]                  ; get debug privileges
  stdcall  [OpenProcessToken],eax,$28,tmp           ; so we can access/read process memory
  stdcall  [LookupPrivilegeValueA],ebx,SE_DEBUG_NAME,tkp.low
  mov      dword[tkp.privilegecount],$1
  mov      dword[tkp.attributes],$2
  stdcall  [AdjustTokenPrivileges],[tmp],ebx,tkp,ebx,ebx,ebx

  @@switch:
  stdcall  [Sleep],$FF                      ; wait for [Insert] key press
  stdcall  [GetAsyncKeyState],VK_INSERT             ; the key should be pressed after
  test     eax,eax                      ; we enter [Local Area Network] in the game
  jz       @@switch

  stdcall  [FindWindowA],ebx,WC3_WND_NAME           ; is the game opened ?
  test     eax,eax
  jz       @@switch

  stdcall  [GetWindowThreadProcessId],eax,tmp           ; get process handle
  stdcall  [OpenProcess],PROCESS_ALL_ACCESS,ebx,[tmp]
  mov      [pro],eax

  mov      ebp,WC3_KEY_ADDRESS_PATTERN

  @@scan:                           ; scan the memory for the key
  cmp      ebp,WC3_KEY_ADDRESS_MAX
  jz       @@switch
  lea      ebp,[ebp+WC3_KEY_ADDRESS_JUMP]
  stdcall  [ReadProcessMemory],[pro],ebp,chr,$1,ebx
  test     eax,eax
  jz       @@scan
  mov      [tmp],ebp
  jmp      @f
  @@check:
  stdcall  [ReadProcessMemory],[pro],[tmp],chr,$1,ebx
  test     eax,eax
  jz       @@scan
  @@:
  cmp      byte[chr],$30                    ; A <= byte <= Z or 0 <= byte <= 9
  jb       @@scan
  cmp      byte[chr],$5A
  ja       @@scan
  cmp      byte[chr],$3A
  jb       @f
  cmp      byte[chr],$40
  jbe      @@scan
  @@:
  inc      [tmp]
  mov      eax,[tmp]
  sub      eax,ebp
  cmp      eax,WC3_KEY_LENGTH                   ; check until we have whole the key
  jb       @@check

  sub      [tmp],WC3_KEY_LENGTH
  stdcall  [ReadProcessMemory],[pro],[tmp],buffer,WC3_KEY_LENGTH,ebx; read RoC key
  call     @@format                         ; format
  cinvoke  printf,roc                           ; display
  cinvoke  printf,message
  add      [tmp],WC3_KEY_DISTANCE
  stdcall  [ReadProcessMemory],[pro],[tmp],buffer,WC3_KEY_LENGTH,ebx; read FT key
  call     @@format                         ; format
  cinvoke  printf,ft                            ; display
  cinvoke  printf,message
  stdcall  [Sleep],-$1

  @@format:                             ; insert 4 seperators (-)
  mov      ecx,buffer
  mov      edx,message
  mov      eax,dword[ecx]
  mov      dword[edx],eax
  mov      ax,word[ecx+$4]
  mov      word[edx+$4],ax
  mov      byte[edx+$6],'-'
  mov      eax,dword[ecx+$6]
  mov      dword[edx+$7],eax
  mov      byte[edx+$B],'-'
  mov      eax,dword[ecx+$A]
  mov      dword[edx+$C],eax
  mov      ax,word[ecx+$E]
  mov      word[edx+$10],ax
  mov      byte[edx+$12],'-'
  mov      eax,dword[ecx+$10]
  mov      dword[edx+$13],eax
  mov      byte[edx+$17],'-'
  mov      eax,dword[ecx+$14]
  mov      dword[edx+$18],eax
  mov      ax,word[ecx+$18]
  mov      word[edx+$1C],ax
  ret

What goes around comes around... Payback's a bitch.

Share this post


Link to post
Share on other sites



I guess I'm going to have to figure this out on my own??? Any help at all would be appreciated.


What goes around comes around... Payback's a bitch.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0