this is a small dll source code that i coded in the past when i was interesting in silkroad development.
What does the job: protecting from sniffing the BFK of the .PK2 files
Code:
#include <windows.h> #include <stdio.h> #include <string.h> #include "xorstr.h" #include "detours.h" #pragma comment(lib,"detours.lib") #define ARRAYSIZE(x) sizeof(x)/sizeof(x[0]) DWORD g_ProtectAddress[] = { 0x004978B8, 0x004CCC4A, 0x004CCE1F, 0x0083A84D, 0x0083A8B1, 0x0083A90D, 0x0083A9C5, 0x0083A969, 0x0083AE69 }; DWORD RandomKey; char* pszKey; DWORD GetRandomValue() { DWORD value; __asm { rdtsc mov value ,eax } return value; } DWORD GetJmpAddr(PBYTE pJmp) { DWORD m_Addr; __asm { mov eax,pJmp add eax,[eax+1] add eax,5 mov m_Addr,eax } return m_Addr; } __declspec(naked) void _protectme() { __asm { pushfd push edx push eax mov eax,RandomKey not eax xor eax,pszKey not eax mov edx,[esp+0xC] mov [esp+0xC],eax mov eax, edx pop edx push eax mov eax, dword ptr [esp+0x8] push eax popfd mov eax, dword ptr [esp+0x4] retn 0x8 } } void Initialize() { RandomKey = GetRandomValue(); pszKey = new char[20]; strcpy(pszKey,/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1E\xD8"+0x1F16EAF3).s); __asm { not pszKey mov eax,RandomKey not eax xor pszKey,eax } DWORD oldProtect; for(int i=0;i<ARRAYSIZE(g_ProtectAddress);i++) { DWORD oldAddress = g_ProtectAddress[i]; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach((void**)&g_ProtectAddress[i],&_protectme); DetourTransactionCommit(); VirtualProtect((PVOID)oldAddress,4,PAGE_EXECUTE_READWRITE,&oldProtect); ((PBYTE)oldAddress)[0] = 0xE8; } } BOOLEAN WINAPI DllMain(HINSTANCE hDllHandle,DWORD nReason,LPVOID Reserved ) { switch(nReason) { case DLL_PROCESS_ATTACH: Initialize(); break; case DLL_PROCESS_DETACH: break; } return TRUE; }
First of all you must get the push address from the client .exe files aka (sro_client.exe , replacer.exe , silkroad.exe)
i will provide here the vsro 188 address
sro_client.exe:
Code:
0x004978B8, 0x004CCC4A, 0x004CCE1F, 0x0083A84D, 0x0083A8B1, 0x0083A90D, 0x0083A9C5, 0x0083A969, 0x0083AE69
Code:
0x00430FD3, 0x00408C15, 0x00408A17
Code:
0x00403B23
Code:
DWORD g_ProtectAddress[] = { };
Code:
/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1E\xD8"+0x1F16EAF3).s
note: i didnt provide how to generate the xor key, cuz i want this section to think how to do that, use your brain , and try to be more respectful in silkroad community, google is your friend
note2: this method have nothing to do with any other methods i used in any servers development i was in, for example Ludoworks
note3: after some days i will provide how to generate the xor key but like i said above i would like to see development instead of creating servers...
note4: you have to recompile the dll 3 times to change the address for every .exe file
source code in attachments, enjoy love ya guys , new hope, crayu , perry , pokemon man , synx , caipi , PowerPoint , and all of my friends and sro community
Greetings: MeGaMaX