Jump to content
Tuts 4 You
Sign in to follow this  
high6

VisualAssistX Patch

Recommended Posts

high6

Posted this on another forum and thought I should post it here too.

This is how I made a .dll loader for VisualAssistX.

I don't know if this counts as warez. I have removed the offsets that are patched so you can't use this source to crack the program. If this isn't allowed then I am sorry.

Anyways, to the post.

Here is the code (offsets removed)

#include <windows.h>
#include <string>
#include "detours.h"
#pragma comment (lib,"detours.lib")int PatchAddr = 0; //Removed
int PatchSize = 0; //Removed
//The patch
char Patch[] = { 0 }; //Removed
//The original bytes
char OPatch[] = { 0 }; //Removed//Function pointer
typedef int (__stdcall *MyLoadLibraryWPtr)(WCHAR * filename);
//The trampaline
MyLoadLibraryWPtr MyLoadLibraryWT = 0;int __stdcall MyLoadLibraryW(WCHAR * filename);void Patch1(WCHAR * filename,int base)
{
std::wstring str(filename);
//Was the dll that was just loaded va_x.dll?
if (str.find(L"va_x.dll") != -1)
{
//If it was, patch it! //Was the dll correctly loaded? Or is it the correct version?
if (memcmp((char*)PatchAddr+base,OPatch,PatchSize) != 0)
{
MessageBox(0,"Could not apply patch","VA_X Patch",0);
return;
} //Apply patch
DWORD oldprot;
VirtualProtect((char*)PatchAddr+base,7,4,&oldprot);
memcpy((char*)PatchAddr+base,Patch,PatchSize);
VirtualProtect((char*)PatchAddr+base,7,oldprot,0); //Remove hook, no need to keep checking.
if (MyLoadLibraryWT != 0)
{
DetourRemove((PBYTE)&MyLoadLibraryWT,(PBYTE)&MyLoadLibraryW);
}
}
}int __stdcall MyLoadLibraryW(WCHAR * filename)
{
//Sometimes detours ****s up, this 1 nop generally fixes it.
__asm
{
nop
}
//Load the library
int ret = MyLoadLibraryWT(filename);
//Call my checking/patching function
Patch1(filename,ret);
//return the loadlibrary return
return ret;
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule); //Detour LoadLibrary
MyLoadLibraryWT = (MyLoadLibraryWPtr)DetourFunction((PBYTE)&LoadLibraryW,(PBYTE)&MyLoadLibraryW); }
else if (ul_reason_for_call == DLL_PROCESS_DETACH)
{
//Remove the loadlibrary detour if it hasn't been.
if (MyLoadLibraryWT != 0)
{
DetourRemove((PBYTE)&MyLoadLibraryWT,(PBYTE)&MyLoadLibraryW);
}
}
return TRUE;
}//Fake import so that the dll is automatically loaded.
extern "C" __declspec(dllexport) void DummyImport()
{}

Note: If I don't explain something enough or you don't understand let me know. This is in no particular order.

Intro:

So when it comes to reversing, I am a .net person. Besides .net I am okay but not great, especially when it comes to unpacking. So I thought to myself the only way I am going to be able to crack this is with a loader. But VAX(Visual Assist X) is a dll so an exe loader will not work. So I made a "dll loader".

Overview:

This is how it works. VAXP (VAX_Patch.dll) is loaded before VAX and monitors LoadLibraryW until VAX is loaded then it applies the patch.

Snippets:

//Fake import so that the dll is automatically loaded.
extern "C" __declspec(dllexport) void DummyImport()
{}

"Dummy import? What?"

You can make an exe or dll automatically load a dll at startup by including an import from that dll. I have VAXP export DummyImport and force VaPkg.dll to load my dll by including VAXP's DummyImport as an import.

"Why VaPkg.dll?"

It is loaded just before VAX.dll. I used that because VAX has a crc type deal so forcing it to load VAXP wouldn't work. I just used something that was loaded before VAX and I didn't use VS for compatibility reasons. (IE you can remove VA without breaking ****).

I will add onto this if people like. I have comments in the code, I just wanted to explain the stuff above. Also I don't want to type a **** ton and have a moderator delete.

Again, if you want me to go into detail about something let me know.

Share this post


Link to post
Shub-Nigurrath

using detours makes the dll big enough, You can do the same without detour, resulting in a more independent dll. But absolutely a nice code-shot

Edited by Shub-Nigurrath (see edit history)

Share this post


Link to post
high6
using detours makes the dll big enough, You can do the same without detour, resulting in a more independent dll. But absolutely a nice code-shot

I use detours because it saves with having to handle with relocating the code and not screwing up the stack. But ya you don't have to use detours.

detours only added 16kb to my dll.

Edited by high6 (see edit history)

Share this post


Link to post
Shub-Nigurrath

sure, sure. I always like readymade solutions, it's useless to reinvent the wheel. ^_^

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...