Leeched - Garena BS Weapon File Checking Function

**ijikix** · 01-10-2013

Leeched.

Originally Posted by Xorr

If you want to bypass this check, just detour/hook it and you should know what to do next.

Garena BS's File Checking Function:

Code:

int __thiscall sub_10047690(int this, const char *a2)
{
  int v2; // ebp@1
  HANDLE v3; // eax@5
  void *v4; // esi@5
  struct _RTL_CRITICAL_SECTION *v5; // ecx@6
  DWORD v6; // ebp@7
  void *v7; // edi@7
  unsigned int v8; // ecx@10
  void *v10; // [sp-4h] [bp-4Ch]@16
  char v11; // [sp+13h] [bp-35h]@1
  struct _RTL_CRITICAL_SECTION *v12; // [sp+14h] [bp-34h]@1
  DWORD NumberOfBytesRead; // [sp+18h] [bp-30h]@7
  void *v14; // [sp+20h] [bp-28h]@1
  int v15; // [sp+30h] [bp-18h]@1
  unsigned int v16; // [sp+34h] [bp-14h]@1
  int v17; // [sp+44h] [bp-4h]@1


  v2 = this + 264;
  v12 = (struct _RTL_CRITICAL_SECTION *)(this + 264);
  sub_1004A2D0((LPCRITICAL_SECTION)(this + 264));
  v11 = 5;
  v16 = 15;
  v15 = 0;
  //Found By Xorr
  LOBYTE(v14) = 0;
  sub_100033F0(a2, strlen(a2));
  v17 = 0;
  if ( sub_10041BF0("_SG", 0, 3) != -1 )
    v11 = 6;
  strncpy(FileName, a2, 0x303u);
  _strlwr(FileName);
  _splitpath(FileName, byte_101B580C, byte_101B5810, byte_101B5910, byte_101B5A10);
  if ( *(_DWORD *)(dword_101B56A8 + 260) )
    sprintf(byte_101B5A10, ".bsv");
  _makepath(FileName, byte_101B580C, byte_101B5810, byte_101B5910, byte_101B5A10);
  v3 = CreateFileA(FileName, 0x80000000u, 1u, 0, 3u, 0x80u, 0);
  v4 = v3;
  //Found By Xorr
  if ( v3 == (HANDLE)-1 )
  {
    MessageBoxA(0, FileName, "error", 0);
    v5 = (struct _RTL_CRITICAL_SECTION *)v2;
    goto LABEL_18;
  }
  v6 = GetFileSize(v3, 0);
  NumberOfBytesRead = 0;
  v7 = operator new(v6);
  if ( ReadFile(v4, v7, v6, &NumberOfBytesRead, 0) )
  {
    CloseHandle(v4);
    if ( *(_DWORD *)(dword_101B56A8 + 260) )
    {
      v8 = 0;
      if ( v6 )
      {
        do
        {
          *((_BYTE *)v7 + v8) -= v8 * v8 % (unsigned __int8)v11;
          ++v8;
        }
        while ( v8 < v6 );
      }
    }
    if ( !*(_DWORD *)dword_101B56A8 || !sub_101374F0(*(_DWORD *)dword_101B56A8, v7, v6, a2) )
    {
      j_j__free(v7);
      v5 = v12;
LABEL_18:
      sub_1004A2F0(v5);
      if ( v16 >= 0x10 )
      {
        v10 = v14;
        goto LABEL_20;
      }
      return unknown_libname_11();
    }
    j_j__free(v7);
    MessageBoxA(0, "3 Can't find blackshot files. Please re-install blackshot.", "error", 0);
  }
  else
  {
    j_j__free(v7);
    MessageBoxA(0, "2 Can't find blackshot files. Please re-install blackshot.", "error", 0);
    CloseHandle(v4);
  }
  sub_1004A2F0(v12);
  if ( v16 >= 0x10 )
  {
    v10 = v14;
LABEL_20:
    j__free(v10);
  }
  return unknown_libname_11();
}

Enjoy.

Credites goes to @Xorr

**Reyo.** · 01-10-2013

then paste where ?

**Hazique911** · 01-10-2013

What is this?

**ijikix** · 01-10-2013

Originally Posted by Reyo.

then paste where ?

If you are a programmer...you should know.

---------- Post added at 09:55 PM ---------- Previous post was at 09:54 PM ----------

Originally Posted by Hazique911

What is this?

Xorr says it a function that multiplay_sg.dll uses to check the files. Which means, you can detour it and change it up (bypass).

**Sky_____** · 01-10-2013

Oh its mean,edit the multiplay_sg?

**ijikix** · 01-10-2013

Originally Posted by KillingInSpree

Oh its mean,edit the multiplay_sg?

Kinda. It means that multiplay_sg is using that function to check if the files are correct and so on. So, to bypass this check you must detour it. After you detour you COULD possibly use rapid fire files with no errors.