Heya guys,
I'm active on the EU counterpart of CA and I wondered if you guys could give me some signature bytes that you know are also compatible with the EU version of ca.
In exchange I'll post an signature scanning module coded in assembler:
The code is also ported to C++, I don't know if it works there because C++ is a bitch to debug when using mixed code...
Assembler version:
Tested and working
Compile with: Masm v10.0, use makeit.bat
Code:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm32\include\masm32rt.inc
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
; -------------------------------------------
; Build this DLL with the provided MAKEIT.BAT
; -------------------------------------------
; CheckMark made by SCHiM
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;
; Thou shallt not l33ch, only learn
;
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲ CHiM
;
;
;Made by: SCHiM
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Main PROTO
CheckMark PROTO
.data?
hInstance dd ?
.data
GoodTxt db "Address found!",0
Errortxt db "Address not found",0
capt db "SCHiM",0
Mark db 8Bh,0C0h,8Bh,0D8h,33h,0D9h
StartOfSearch dd 0401000h
EndOfSearch dd 040102Ch
.code
DllMain:
DllEntry proc hInst:DWORD, reason:DWORD, reserved1:DWORD
.if reason==DLL_PROCESS_ATTACH ; When the dll is loaded
push hInst
pop hInstance
invoke CreateThread, 0, 0, offset Main, 0, 0 ,0
.endif
mov eax,TRUE
ret
DllEntry endp
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;Check mark PROC
;Expects:
;ptr to address to start = ebx
;ptr to address to stop = edx
;ptr to buffer = eax
;size of buffer = ecx
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
CheckMark proc
xor esi, esi
push ebx
sub edx, ebx
pop ebx
dec ecx
@0:
push eax
mov al, byte ptr[eax]
cmp al, byte ptr[ebx+esi]
je FirstContact
pop eax
inc esi
cmp edx, esi
jne @0
mov eax, 0h
ret
FirstContact:
pop eax
push esi
push ebx
add ebx, esi
mov esi, 1
@1:
push eax
mov al, byte ptr[eax+esi]
cmp al, byte ptr[ebx+esi]
jne NoMatchYet
pop eax
cmp esi, ecx
je Match
inc esi
jmp @1
NoMatchYet:
pop eax
pop ebx
pop esi
inc esi
jmp @0
Match:
pop ebx
pop esi
add ebx, esi
mov eax, ebx
ret
CheckMark endp
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;Check mark PROC
;Expects:
;ptr to address to start = ebx
;ptr to address to stop = edx
;ptr to buffer = eax
;size of buffer = ecx
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Main proc
lea eax, Mark
mov ebx, StartOfSearch
mov edx, EndOfSearch
mov ecx, 6d
call CheckMark
cmp eax, 0h
je Error
invoke MessageBox, 0, addr GoodTxt, addr capt, MB_OK
ret
Error:
invoke MessageBox, 0, addr Errortxt, addr capt, MB_OK
ret
Main endp
end DllMain
MAKEIT.BAT:
Tested and working
Needed: Masm v10.0
Code:
@echo off
if exist FileSearch.obj del FileSearch.obj
if exist FileSearch.dll del FileSearch.dll
\masm32\bin\ml /c /coff FileSearch.asm
\masm32\bin\Link /SUBSYSTEM:WINDOWS /DLL /DEF:FileSearch.def FileSearch.obj
del FileSearch.obj
del FileSearch.exp
dir FileSearch.*
pause
C++ version:
Not tested, does compile
Compiles on: VC++ 6.0 ~ Win server 2008 r2
Needed: VC++ 6.0
Code:
#include <iostream>
#include <windows.h>
DWORD CheckMark(){
DWORD AddressOfMark = 0;
__asm{
/**************************************************************************
CheckMark, made by SCHiM
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;Check mark PROC
;Expects:
;ptr to address to start = ebx
;ptr to address to stop = edx
;ptr to buffer = eax
;size of buffer = ecx
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;
; ???????????????
; ???????????????
; ???????????????
; ???????????????
; ???????
; ???????????????
; ???????????????
; ???????????????
; ???????????????
; ???????????????
; ???????????????
; ???????
; ???????????????
; ???????????????
; ???????????????
; ??????????????? CHiM
;Made by: SCHiM
**************************************************************************/
xor esi, esi
push ebx
sub edx, ebx
pop ebx
dec ecx
Label00:
push eax
mov al, byte ptr[eax]
cmp al, byte ptr[ebx+esi]
je FirstContact
pop eax
inc esi
cmp edx, esi
jne Label00
mov eax, 0h
jmp OutLoop
FirstContact:
pop eax
push esi
push ebx
add ebx, esi
mov esi, 1
Label01:
push eax
mov al, byte ptr[eax+esi]
cmp al, byte ptr[ebx+esi]
jne NoMatchYet
pop eax
cmp esi, ecx
je Match
inc esi
jmp Label01
NoMatchYet:
pop eax
pop ebx
pop esi
inc esi
jmp Label00
Match:
pop ebx
pop esi
add ebx, esi
mov eax, ebx
jmp OutLoop
OutLoop:
lea ebx, AddressOfMark
mov [ebx], eax
}
return AddressOfMark;
}
int anyfunction(){
/*
example call:
*/
unsigned char Mark[4] = { 0x00, 0xEF, 0x11, 0x31 };
__asm{
mov ebx, 0x1010101 // Address to start = 0xaddres
mov edx, 0x2222222 // Address to stop = 0xaddress
lea eax, Mark // Buffer to compare to = *buffer
mov ecx, 4 // int size = sizeof(Mark) = 4
}
DWORD MyAddy = CheckMark();
return 0;
}
Prototype:
Code:
Input:
eax = Buffer with the bytes to search for
ebx = ptr to address to start
edx = ptr to address to stop
ecx = size of buffer
Return:
eax = address or 0 on error
-SCHiM
Thanks for the signatures
Edit:
Working sample code:
Code:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm32\include\masm32rt.inc
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
; -------------------------------------------
; Build this DLL with the provided MAKEIT.BAT
; -------------------------------------------
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;
; Thou shallt not l33ch, only learn
;
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
; ▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲ CHiM
;
;
;Made by: SCHiM
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Main PROTO
CheckMark PROTO
.data?
hInstance dd ?
.data
GoodTxt db "Address found!",0
Errortxt db "Address not found",0
capt db "SCHiM",0
hModule db "Engine.exe",0
Mark db 6Ah, 01h, 6Ah, 07h, 8Bh, 95h
EndOfSearch dd 74E000h
GlassWalls dd 0h
GlassWallsBuff db 06Ah, 0h
.code
DllMain:
DllEntry proc hInst:DWORD, reason:DWORD, reserved1:DWORD
.if reason==DLL_PROCESS_ATTACH ; When the dll is loaded
push hInst
pop hInstance
invoke CreateThread, 0, 0, offset Main, 0, 0 ,0
.endif
mov eax,TRUE
ret
DllEntry endp
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;Check mark PROC
;Expects:
;ptr to address to start = ebx
;ptr to address to stop = edx
;ptr to buffer = eax
;size of buffer = ecx
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
CheckMark proc
xor esi, esi
push ebx
sub edx, ebx
pop ebx
dec ecx
@0:
push eax
mov al, byte ptr[eax]
cmp al, byte ptr[ebx+esi]
je FirstContact
pop eax
inc esi
cmp edx, esi
jne @0
mov eax, 0h
ret
FirstContact:
pop eax
push esi
push ebx
add ebx, esi
mov esi, 1
@1:
push eax
mov al, byte ptr[eax+esi]
cmp al, byte ptr[ebx+esi]
jne NoMatchYet
pop eax
cmp esi, ecx
je Match
inc esi
jmp @1
NoMatchYet:
pop eax
pop ebx
pop esi
inc esi
jmp @0
Match:
pop ebx
pop esi
add ebx, esi
mov eax, ebx
ret
CheckMark endp
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;Check mark PROC
;Expects:
;ptr to address to start = ebx
;ptr to address to stop = edx
;ptr to buffer = eax
;size of buffer = ecx
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;ExtData PROC
;Expects:
;eax = address to move to
;ebx = size to move
;edx = addres to the buffer to exchange
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
ExtData proc
xor esi, esi
@2:
push eax
push edx
push ecx
push ebp
mov ecx, eax
mov ebp, edx
mov al, byte ptr[eax + esi]
mov dl, byte ptr[edx + esi]
XCHG al, dl
mov byte ptr[ecx + esi], al
mov byte ptr[ebp + esi], dl
pop ebp
pop ecx
pop edx
pop eax
inc esi
cmp esi, ebx
jne @2
ret
ExtData endp
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;ExtData PUBLIC
;Expects:
;eax = address to move to
;ebx = size to move
;edx = addres to the buffer to exchange
;¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Main proc
invoke GetModuleHandle, addr hModule ;get our start address
mov ebx, eax
lea eax, Mark
mov edx, EndOfSearch
mov ecx, 6d
call CheckMark
cmp eax, 0h
je Error
mov GlassWalls, eax ; find the address to patch
Mainloop:
invoke Sleep, 100d
invoke GetAsyncKeyState, VK_INSERT ;wait for signal
cmp eax, 0
jne Hack
jmp Mainloop
Hack:
mov eax, [GlassWalls]
mov ebx, 2
lea edx, GlassWallsBuff
call ExtData ;patch and exhange
jmp Mainloop
ret
Error:
invoke MessageBox, 0, addr Errortxt, addr capt, MB_OK
ret
Main endp
end DllMain