Jump to content
  • 0

Question

1 answer to this question

Recommended Posts

  • 0
Posted

Ok, I'm going to continue with this because I really want the client HWID and the basic protection from this DLL.

Maybe others with the same need and more knowledge or wanting to help can join in this crusade :laughing:

 

This is what I have/found.

https://mega.nz/file/MMtAzKTK#uUsTz_QDuiqXrk2UR9UnWlUKuZ2zbT8F0TiD52kTGyw

 

This contain 5 files:

Fire_U.dll - Unpacked. Found in RUS forum.
Fire_P1.dll - Packed. Same file as Fire_U.dll but Packed.
Fire_U1.dll - Unpacked Fire_P1.dll by me.
Fire_P2.dll - Packed. Another version.
Fire_U2.dll - Unpacked Fire_P2.dll by me.

 

If you use Fire_U.dll (rename to Fire.dll in your system) the client show you an error after loading the dll:

 

Runtime error 216 at 1314421A

 

All the unpacked files throw the same error and the error happen here.

 

.text:131441F0 loc_131441F0:                           ; CODE XREF: System::__linkproc__ StartLib(void)+44j
.text:131441F0 mov     dword_1319C63C, ecx
.text:131441F6 mov     eax, offset j_RaiseException
.text:131441FB mov     dword_1319C014, eax
.text:13144200 mov     eax, offset j_RtlUnwind
.text:13144205 mov     dword_1319C018, eax
.text:1314420A call    unknown_libname_67              ; BDS 2005-2007 and Delphi6-7 Visual Component Library
.text:1314420F mov     eax, [ebp+0Ch]
.text:13144212 inc     eax                             ; Increment by 1
.text:13144213 mov     byte_1319C658, al
.text:13144218 dec     eax                             ; Decrement by 1
.text:13144219 pop     ecx
.text:1314421A mov     edx, [ecx]                      ; Error: Runtime error 216 at 1314421A
.text:1314421C mov     dword_1319C654, edx
.text:13144222 jz      short loc_1314422B              ; Jump if Zero (ZF=1)
.text:13144224 cmp     al, 3                           ; Compare Two Operands
.text:13144226 jge     short loc_1314422B              ; Jump if Greater or Equal (SF=OF)
.text:13144228 call    dword ptr [ecx+eax*4]           ; Indirect Call Near Procedure

 

Pseudocode:

 

int __userpurge System::__linkproc__ StartLib@<eax>(int *a1@<eax>, int a2@<edx>, int a3@<ecx>, int a4@<ebx>, int a5@<ebp>, int a6@<edi>, int a7@<esi>, void (__cdecl *a8)(int *))
{
  int v8; // ecx
  int v9; // eax
  int v10; // eax
  int *v11; // ecx
  int v12; // eax
  int *v15; // [esp-4h] [ebp-4h]

  qmemcpy((void *)(a5 - 60), &dword_1319C630, 0x2Cu);
  dword_1319C650 = a6;
  dword_1319C64C = a7;
  dword_1319C644 = a5;
  dword_1319C648 = a4;
  dword_1319C638 = (int)a1;
  dword_1319C640 = a2;
  dword_1319C630 = a5 - 60;
  v8 = 0;
  if ( !*(_DWORD *)(a5 + 12) )
    v8 = *a1;
  dword_1319C63C = v8;
  dword_1319C014 = (int)j_RaiseException;
  dword_1319C018 = (int)j_RtlUnwind;
  unknown_libname_67((_EXCEPTION_REGISTRATION_RECORD *)a5);
  v9 = *(_DWORD *)(a5 + 12) + 1;
  byte_1319C658 = *(_BYTE *)(a5 + 12) + 1;
  v10 = v9 - 1;
  v11 = (int *)a3;
  dword_1319C654 = *(_DWORD *)a3; // The error happen here
  if ( v10 && (char)v10 < 3 )
    (*(void (**)(void))(a3 + 4 * v10))();
  v15 = v11;
  if ( a8 )
    a8(v11);
  v12 = *(_DWORD *)(a5 + 12);
  if ( (char)v12 >= 3 )
    ((void (*)(void))v15[v12])();
  if ( !dword_1319C02C )
    byte_1319C034 = 1;
  if ( *(_DWORD *)(a5 + 12) != 1 )
    System::__linkproc__ Halt0(a8);
  return System::_16705();
}

 

This is all for the moment. I update the post when have more info :)

Guest
This topic is now closed to further replies.


  • Posts

    • Vilmis is the biggest scammer in history. He bans his members when they complain about something. I know more than one who's banned him. He updates shit, but he charges you like he's doing something serious.
    • I did not want to, but I will tell a few things (just because of other members that might understand something wrong): 1. Nothing held as hostage some kinda customer of yours. I think even now could find your donate panel code at my source code. So, stop spreading a lie because of your head progressive diseases. 2. Don't use my old customer's post as counterargument. We all had the worst customers which think they are the righest ones no matter what. He was one of them. He caused a lot of problems to me. Also, he was rude and disrespectful. 3. You're just simply hater. No matter what good I'm gonna say you gonna say in reverse. Smarter people sees the truth. 4. Look, you don't like me, I don't like you, but it's unnecessary to comment all post about my project and write everything worst just because you hate me. 😉
    • I've seen this many times, to be honest, let's hope that this time it will actually happen. I would suggest building something that helps develop trust within the community's sales. It could be something similar to FunPay, for example, which ensures secure trades for both the seller and the buyer, along with a rating system for both parties. I would also recommend doing something about the voting site, which has been paused for I don't know how many years since the Fiverr failure. Last but not least, I’d suggest creating an open blog or at least publishing weekly articles that can attract more people to the forum or encourage members to return and read them. The topics of these articles could include overviews and opinions on L2 or GTA V servers, PUBG, Fortnite, tech news, coding updates, or even general news that the author finds interesting.   How could you know such an information? 🤔 And yeah I agree on the part about the poor management
    • ➡ Discount for your purchase: JUNE2025 (10% discount) ➡ Our Online Shop: https://socnet.store  ➡ Our SMM-Boosting Panel: https://socnet.pro  ➡ Telegram Shop Bot: https://socnet.shop  ➡ Telegram Support: https://t.me/solomon_bog  ➡ Telegram Channel: https://t.me/accsforyou_shop  ➡ Discord Support: @AllSocialNetworksShop  ➡ Discord Server: https://discord.gg/y9AStFFsrh  ➡ WhatsApp Support: https://wa.me/79051904467 ➡ WhatsApp Channel: https://whatsapp.com/channel/0029Vau0CMX002TGkD4uHa2n  ➡ Email Support: solomonbog@socnet.store 
    • there are extenders that already have all that included ingame 🙂 for example GX-EXT
  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock