Начинающий
Начинающий
- Статус
- Оффлайн
- Регистрация
- 5 Фев 2019
- Сообщения
- 8
- Реакции
- 0
_DllMain.cpp
C++:
#include <process.h>
#include "PreDllMain.h"
//#include "LicenseRun.h"
template <class T>
void checkpoint(T i) {
std::ofstream out("C:\\NEON\\injlog.txt", std::ios::app);
if (out.is_open())
{
out << i << std::endl;
}
out.close();
}
int __stdcall DllMain(
HINSTANCE hinst_dll,
DWORD reason,
LPVOID reserved)
{
if (reason == DLL_PROCESS_ATTACH){
VMProtectBeginUltra("dllmain");
checkpoint(1);
typedef HANDLE(__cdecl* create_simple_thread_fn)(LPVOID, LPVOID, SIZE_T);
auto create_simple_thread = reinterpret_cast<create_simple_thread_fn>(
_GetProcAddress(_GetModuleHandleA("tier0.dll"), "CreateSimpleThread"));
checkpoint(2);
typedef int(__cdecl* release_thread_handle_fn)(HANDLE);
auto release_thread_handle = reinterpret_cast<release_thread_handle_fn>(
_GetProcAddress(_GetModuleHandleA("tier0.dll"), "ReleaseThreadHandle"));
checkpoint(3);
std::string szKey;
IKey* m_pKey = new IKey();
if (m_pKey) {
szKey = m_pKey->Get();
}
else
szKey = XORSTR("none");
delete m_pKey;
INetWork* m_pWeb = new INetWork;
m_pWeb->SetUserAgent(XORSTR("UAgent_NEON"));
m_pWeb->SetUrl(XORSTR("https://cheat.best/AECkgkszpj/Index1.php"));
m_pWeb->addQueryParam(XORSTR("MESSAGE"), XORSTR("CHECKDLL"));
m_pWeb->addQueryParam(XORSTR("T"), "48239472");
m_pWeb->addQueryParam(XORSTR("KEY"), szKey);
m_pWeb->addQueryParam(XORSTR("P"), "0");
checkpoint(4);
if (!m_pWeb->Post()) {
delete m_pWeb;
ExitProcess(0);
return FALSE;
}
checkpoint(5);
std::string Base64Answer = IUtilit::HexDecode(m_pWeb->getBody());
std::string szJsonAnswer = IUtilit::Base64Decrypt(Base64Answer);
delete m_pWeb;
if (std::atoi(szJsonAnswer.data()) == 1) {
ExitProcess(0);
}
std::string szMetadata;
std::string szSoltdata;
std::ifstream in("C:\\NEON\\info\\witp2.txt");
if (in.is_open()){
getline(in, szMetadata);
}
in.close();
std::ifstream in2("C:\\NEON\\info\\witp1.txt");
if (in2.is_open()){
getline(in2, szSoltdata);
}
in2.close();
INetWork* m_pWeb2 = new INetWork;
Sleep(3001);
std::string szKey;
IKey* m_pKey1 = new IKey();
if (m_pKey1) {
szKey = m_pKey1->Get();
}
else
szKey = XORSTR("none");
delete m_pKey1;
m_pWeb2->SetUserAgent(XORSTR("UAgent_NEON"));
m_pWeb2->SetUrl(XORSTR("https://cheat.best/AECkgkszpj/Index1.php"));
m_pWeb2->addQueryParam(XORSTR("MESSAGE"), XORSTR("PASS"));
m_pWeb2->addQueryParam(XORSTR("KEY"), szKey);
m_pWeb2->addQueryParam(XORSTR("T"), "4723894");
m_pWeb2->addQueryParam(XORSTR("P"), "0");
if (!m_pWeb2->Post()){
delete m_pWeb2;
return FALSE;
}
std::string pass = IUtilit::HexDecode(m_pWeb2->getBody()) + szKey;
delete m_pWeb2;
checkpoint(6);
std::string res = IUtilit::AESDecrypt(
IUtilit::HexDecode(szMetadata),
szSoltdata,
pass
);
checkpoint(7);
char tvar[10];
for (int i = 0; i < 9; ++i) {
tvar[i] = res[i];
}
for (int i = 0; i < 9; ++i) {
init2[i] = res[9 + i];
}
for (int i = 0; i < 13; ++i) {
init3[i] = res[18 + i];
}
//res = "IDI NAHOOY";
if (auto handle = create_simple_thread(&Init, reserved, 0)) {
release_thread_handle(handle);
}
VMProtectEnd();
return TRUE;
}
else if (reason == DLL_PROCESS_DETACH && !reserved)
{
return TRUE;
}
return TRUE;
}
Последнее редактирование:
