Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   [C++, WinAPI] Enigma HWID patcher with hardware breakpoints (https://forum.exetools.com/showthread.php?t=16039)

mr.exodia 07-31-2014 00:47
[C++, WinAPI] Enigma HWID patcher with hardware breakpoints
 
1 Attachment(s)
Hey guys,
 
This is a small project I did for a friend some time ago, basically it's a DLL you inject into an engima process (by loader, or by inline) and it will put a hardware breakpoint somewhere and write a new HWID.
 
Attached the full source code, you have to manually find the HWID patch offset, but for someone who works with Enigma often this should be no problem...
 
Little hint:
Code:
0044F168  ^\75 A7           JNZ SHORT test1.0044F111
0044F16A    85F6            TEST ESI,ESI
0044F16C  /-7E 25           JLE SHORT test1.0044F193            ; This is the patch place.
0044F16E  | 8D45 EC         LEA EAX,DWORD PTR SS:[EBP-0x14]
0044F171  | 66:83E3 0F      AND BX,0xF
0044F175  | 0FB7D3          MOVZX EDX,BX
0044F178  | B9 04F24400     MOV ECX,test1.0044F204              ; ASCII "ABCDEF1234567890- \t\r\n"
0044F17D  | 8A1411          MOV DL,BYTE PTR DS:[ECX+EDX]
0044F180  | E8 0F25FCFF     CALL test1.00411694
0044F185  | 8B55 EC         MOV EDX,DWORD PTR SS:[EBP-0x14]
0044F188  | 8B0F            MOV ECX,DWORD PTR DS:[EDI]
0044F18A  | 8BC7            MOV EAX,EDI
0044F18C  | E8 3726FCFF     CALL test1.004117C8
0044F191  | EB 23           JMP SHORT test1.0044F1B6
0044F193  \-8B07            MOV EAX,DWORD PTR DS:[EDI]
0044F195    E8 E225FCFF     CALL test1.0041177C
0044F19A    85C0            TEST EAX,EAX
 
As a bonus there is two extra functions: dputs and dprintf, just puts and printf, but they will output debug strings (so you can use DbgView to get logging information).
 
Greetings,
 
Mr. eXoDia

ZeNiX 07-31-2014 11:50
This has been an old problem not solved by Enigma Protector.
We can always locate and modify the HWID easily.

I hope Vladimir can solve this issue soon.

For WinLicense, there are additional checksums on the HWID.
For VMProtect, it is difficult to locate the HWID.


All times are GMT +8. The time now is 13:33.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX