Hey guys,
This is a small project I did for a friend some time ago, basically it's a DLL you inject into an engima process (by loader, or by inline) and it will put a hardware breakpoint somewhere and write a new HWID.
Attached the full source code, you have to manually find the HWID patch offset, but for someone who works with Enigma often this should be no problem...
Little hint:
Code:
0044F168 ^\75 A7 JNZ SHORT test1.0044F111
0044F16A 85F6 TEST ESI,ESI
0044F16C /-7E 25 JLE SHORT test1.0044F193 ; This is the patch place.
0044F16E | 8D45 EC LEA EAX,DWORD PTR SS:[EBP-0x14]
0044F171 | 66:83E3 0F AND BX,0xF
0044F175 | 0FB7D3 MOVZX EDX,BX
0044F178 | B9 04F24400 MOV ECX,test1.0044F204 ; ASCII "ABCDEF1234567890- \t\r\n"
0044F17D | 8A1411 MOV DL,BYTE PTR DS:[ECX+EDX]
0044F180 | E8 0F25FCFF CALL test1.00411694
0044F185 | 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14]
0044F188 | 8B0F MOV ECX,DWORD PTR DS:[EDI]
0044F18A | 8BC7 MOV EAX,EDI
0044F18C | E8 3726FCFF CALL test1.004117C8
0044F191 | EB 23 JMP SHORT test1.0044F1B6
0044F193 \-8B07 MOV EAX,DWORD PTR DS:[EDI]
0044F195 E8 E225FCFF CALL test1.0041177C
0044F19A 85C0 TEST EAX,EAX
As a bonus there is two extra functions: dputs and dprintf, just puts and printf, but they will output debug strings (so you can use DbgView to get logging information).
Greetings,
Mr. eXoDia