Help Change HGUARD IP/Domain from unpacked Fire.dll

CubAfull · October 2, 2020

Anyone knows where/how to change the IP/Domain inside the unpacked Fire.dll?

https://mmo-dev.info/threads/hguard-cracked.1568/

CubAfull · March 11, 2021

Ok, I'm going to continue with this because I really want the client HWID and the basic protection from this DLL.

Maybe others with the same need and more knowledge or wanting to help can join in this crusade

This is what I have/found.

https://mega.nz/file/MMtAzKTK#uUsTz_QDuiqXrk2UR9UnWlUKuZ2zbT8F0TiD52kTGyw

This contain 5 files:

Fire_U.dll - Unpacked. Found in RUS forum.
Fire_P1.dll - Packed. Same file as Fire_U.dll but Packed.
Fire_U1.dll - Unpacked Fire_P1.dll by me.
Fire_P2.dll - Packed. Another version.
Fire_U2.dll - Unpacked Fire_P2.dll by me.

If you use Fire_U.dll (rename to Fire.dll in your system) the client show you an error after loading the dll:

Runtime error 216 at 1314421A

All the unpacked files throw the same error and the error happen here.

.text:131441F0 loc_131441F0:                           ; CODE XREF: System::__linkproc__ StartLib(void)+44↑j
.text:131441F0 mov     dword_1319C63C, ecx
.text:131441F6 mov     eax, offset j_RaiseException
.text:131441FB mov     dword_1319C014, eax
.text:13144200 mov     eax, offset j_RtlUnwind
.text:13144205 mov     dword_1319C018, eax
.text:1314420A call    unknown_libname_67              ; BDS 2005-2007 and Delphi6-7 Visual Component Library
.text:1314420F mov     eax, [ebp+0Ch]
.text:13144212 inc     eax                             ; Increment by 1
.text:13144213 mov     byte_1319C658, al
.text:13144218 dec     eax                             ; Decrement by 1
.text:13144219 pop     ecx
.text:1314421A mov     edx, [ecx]                      ; Error: Runtime error 216 at 1314421A
.text:1314421C mov     dword_1319C654, edx
.text:13144222 jz      short loc_1314422B              ; Jump if Zero (ZF=1)
.text:13144224 cmp     al, 3                           ; Compare Two Operands
.text:13144226 jge     short loc_1314422B              ; Jump if Greater or Equal (SF=OF)
.text:13144228 call    dword ptr [ecx+eax*4]           ; Indirect Call Near Procedure

Pseudocode:

int __userpurge System::__linkproc__ StartLib@<eax>(int *a1@<eax>, int a2@<edx>, int a3@<ecx>, int a4@<ebx>, int a5@<ebp>, int a6@<edi>, int a7@<esi>, void (__cdecl *a8)(int *))
{
  int v8; // ecx
  int v9; // eax
  int v10; // eax
  int *v11; // ecx
  int v12; // eax
  int *v15; // [esp-4h] [ebp-4h]

  qmemcpy((void *)(a5 - 60), &dword_1319C630, 0x2Cu);
  dword_1319C650 = a6;
  dword_1319C64C = a7;
  dword_1319C644 = a5;
  dword_1319C648 = a4;
  dword_1319C638 = (int)a1;
  dword_1319C640 = a2;
  dword_1319C630 = a5 - 60;
  v8 = 0;
  if ( !*(_DWORD *)(a5 + 12) )
    v8 = *a1;
  dword_1319C63C = v8;
  dword_1319C014 = (int)j_RaiseException;
  dword_1319C018 = (int)j_RtlUnwind;
  unknown_libname_67((_EXCEPTION_REGISTRATION_RECORD *)a5);
  v9 = *(_DWORD *)(a5 + 12) + 1;
  byte_1319C658 = *(_BYTE *)(a5 + 12) + 1;
  v10 = v9 - 1;
  v11 = (int *)a3;
  dword_1319C654 = *(_DWORD *)a3; // The error happen here
  if ( v10 && (char)v10 < 3 )
    (*(void (**)(void))(a3 + 4 * v10))();
  v15 = v11;
  if ( a8 )
    a8(v11);
  v12 = *(_DWORD *)(a5 + 12);
  if ( (char)v12 >= 3 )
    ((void (*)(void))v15[v12])();
  if ( !dword_1319C02C )
    byte_1319C034 = 1;
  if ( *(_DWORD *)(a5 + 12) != 1 )
    System::__linkproc__ Halt0(a8);
  return System::_16705();
}

This is all for the moment. I update the post when have more info :)

Help Change HGUARD IP/Domain from unpacked Fire.dll

Question

CubAfull

1 answer to this question

Recommended Posts

CubAfull

Posts

Topics

Browse

Activity

Store