hamid19395 Posted July 22, 2023 Posted July 22, 2023 (edited) hi i have a dll code in delphi language to extract .mp4 and .m4v format. but it doesn't work for .mkv format and when i want to inject the code , i'll get an error. anyone's can help me to solve that and make compile again? the code is written by somebody else : @GautamGreat click to download Edited July 22, 2023 by hamid19395
jackyjask Posted July 23, 2023 Posted July 23, 2023 What SW are you intercepting, seen in your text file ref to CPKernel.dll - it should be part of it...? is it "ThunderSoft DRM Removal for Windows" ?
kao Posted July 23, 2023 Posted July 23, 2023 That code seems to be an unpacker for Gilisoft DRM protection (https://www.gilisoft.com/video-drm-protection.htm), not sure which version exactly.
hamid19395 Posted July 23, 2023 Author Posted July 23, 2023 (edited) 5 hours ago, kao said: That code seems to be an unpacker for Gilisoft DRM protection (https://www.gilisoft.com/video-drm-protection.htm), not sure which version exactly. yeah it is for gilisoft, but it can just extract mp4 format Edited July 23, 2023 by hamid19395
2days Posted July 23, 2023 Posted July 23, 2023 On 7/22/2023 at 9:46 PM, hamid19395 said: hi i have a dll code in delphi language to extract .mp4 and .m4v format. but it doesn't work for .mkv format and when i want to inject the code , i'll get an error. anyone's can help me to solve that and make compile again? the code is written by somebody else : @GautamGreat click to download SetLength(data, 1048576); 1048576 = 1024x1024 1024x1024 = 1Mbit ---- try --- SetLength(data, 2Mbit); 1
hamid19395 Posted July 25, 2023 Author Posted July 25, 2023 (edited) On 7/23/2023 at 8:08 PM, 2days said: SetLength(data, 1048576); 1048576 = 1024x1024 1024x1024 = 1Mbit ---- try --- SetLength(data, 2Mbit); many thanks could you pleased recompiled it?i couldn't add and recompiled Regards Edited July 25, 2023 by hamid19395
2days Posted July 27, 2023 Posted July 27, 2023 On 7/25/2023 at 12:40 PM, hamid19395 said: many thanks could you pleased recompiled it?i couldn't add and recompiled Regards SetLength(data, 4194304); PKernelx86x64.rar 2
hamid19395 Posted July 27, 2023 Author Posted July 27, 2023 (edited) 14 hours ago, 2days said: SetLength(data, 4194304); PKernelx86x64.rar 1.32 MB · 0 downloads thanks but the hook doesn't work and can't extract the .mkv format Edited July 28, 2023 by hamid19395
JochenX Posted January 31 Posted January 31 (edited) On 7/23/2023 at 8:08 PM, 2days said: SetLength(data, 1048576); 1048576 = 1024x1024 1024x1024 = 1Mbit ---- try --- SetLength(data, 2Mbit); Hi @2days, I also did your solution and edited the SetLength but to no avail! And it is possible to extract only for MP4 and it does not extract other types of files. For other formats, this code gives an error message, even the edited code gives an error! Dear @kao, can you solve this problem? Sample file: https://workupload.com/file/sBKWRZgksfk Edited January 31 by JochenX
kao Posted January 31 Posted January 31 2 hours ago, JochenX said: For other formats, this code gives an error message, And we're supposed to guess what this error message says? 1 hour ago, JochenX said: Dear @kao, can you solve this problem? Probably, but I don't need to. You want it, you do it. Here is a very approximate explanation what that hooking DLL does: Line 90: @func := InterceptCreate(GetProcAddress(GetModuleHandle('CPKernel.dll'), PChar(202)), @CPanelHookFunction); This hooks a CPKernel.dll exported function #202. Whenever gilisoft player calls this function, "CPanelHookFunction" will be called instead. So far, so good. If we check who uses CPKernel.dll function #202, we'll see that one of the calls comes from player.dll, and there are references to string "NdfPlayer_OpenFile" near that code: .text:10002621 push offset aNdfplayerOpenf_1 ; "NdfPlayer_OpenFile 4 \n" .text:10002626 call ebp ; OutputDebugStringA .text:10002628 mov ecx, [esi] .text:1000262A push edi .text:1000262B push ecx .text:1000262C call CPKernel_202 .text:10002631 mov edi, eax .text:10002633 add esp, 8 So, we can guess this function is called whenever a protected media file is opened. It would be nice to confirm that this works for all types of media files, not just MP4s - but looks OK so far. Then, inside CPanelHookFunction is this magic: Line 47: // find read and seek function p := context; p := Pointer(DWORD(p)+$10); p := Pointer(p^+$8); p := Pointer(p^+$C); p := Pointer(p^); //avio read s := Pointer(p^ + $18); This code is a total piece of sh!t. There are no error checks, no explanation what it's looking for, nothing. I would guess it works for MP4 files because that's what the original author used for testing. And I would also guess that this part is the one that needs fixing. First, I would take a debugger, and debug this piece of code and see how and why it works with a protected MP4 file. Then I'd do the same with another type of protected file. Find where the differences are and then figure out how to fix them. 1
JochenX Posted February 3 Posted February 3 On 1/31/2024 at 9:54 PM, kao said: First, I would take a debugger, and debug this piece of code and see how and why it works with a protected MP4 file. Then I'd do the same with another type of protected file. Find where the differences are and then figure out how to fix them. Hi @kao, Thanks for always being awesome, have you done the above debugging you mentioned?
kao Posted February 3 Posted February 3 No. As I said... On 1/31/2024 at 7:24 PM, kao said: You want it, you do it.
GautamGreat Posted February 4 Posted February 4 I wrote these codes long ago based on some files which I had, It was just a demo for unpacking some specific files. I didn't had time to fully analyze it and write proper structure for all formats. Line 47: // find read and seek function p := context; p := Pointer(DWORD(p)+$10); p := Pointer(p^+$8); p := Pointer(p^+$C); p := Pointer(p^); //avio read s := Pointer(p^ + $18); As @kao said, to add support for different formats needs to reanalyze again. It is probably different structure for different files.
JochenX Posted February 6 Posted February 6 (edited) On 2/4/2024 at 5:01 PM, GautamGreat said: It is probably different structure for different files. @GautamGreat The player.dll may need to be hooked for other formats!?👍 On 1/31/2024 at 9:54 PM, kao said: .text:10002621 push offset aNdfplayerOpenf_1 ; "NdfPlayer_OpenFile 4 \n" .text:10002626 call ebp ; OutputDebugStringA .text:10002628 mov ecx, [esi] .text:1000262A push edi .text:1000262B push ecx .text:1000262C call CPKernel_202 .text:10002631 mov edi, eax .text:10002633 add esp, 8 Edited February 6 by JochenX
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now