[Help]any1 know Sabotage64.dll?

[sandeagle]

any1 know Sabotage64.dll?

is it a protection dll? or something other?

[Sighed]

Where you found that ? if its something injected in a pack it could be a backdoor, i think is a backdoor, well the word sabotage sounds like.

[Hazel]

http://l2dev.co.cc/tag/sabotage64-dll/

[rej222]

Don't use it imo.

[evilgh0st]

why ? what have that dll ?

[sandeagle]

http://l2dev.co.cc/tag/sabotage64-dll/

 

right,in this pack ,it was been included.

i dont know what is it,any1 know???

[sandeagle]

maybe some1 understand what is it...

 

.text:000000018000BBA4 ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)

.text:000000018000BBA4                 public DllEntryPoint

.text:000000018000BBA4 DllEntryPoint   proc near               ; DATA XREF: .pdata:000000018001C42Co

.text:000000018000BBA4

.text:000000018000BBA4 var_18          = dword ptr -18h

.text:000000018000BBA4 arg_0           = qword ptr  8

.text:000000018000BBA4 arg_8           = qword ptr  10h

.text:000000018000BBA4 arg_10          = qword ptr  18h

.text:000000018000BBA4

.text:000000018000BBA4                 mov     [rsp+arg_0], rbx

.text:000000018000BBA9                 mov     [rsp+arg_8], rsi

.text:000000018000BBAE                 push    rdi

.text:000000018000BBAF                 sub     rsp, 20h

.text:000000018000BBB3                 mov     rdi, r8

.text:000000018000BBB6                 mov     ebx, edx

.text:000000018000BBB8                 mov     rsi, rcx

.text:000000018000BBBB                 cmp     edx, 1

.text:000000018000BBBE                 jnz     short loc_18000BBC5

.text:000000018000BBC0                 call    sub_18000BFDC

.text:000000018000BBC5

.text:000000018000BBC5 loc_18000BBC5:                          ; CODE XREF: DllEntryPoint+1Aj

.text:000000018000BBC5                 mov     r8, rdi

.text:000000018000BBC8                 mov     edx, ebx

.text:000000018000BBCA                 mov     rcx, rsi

.text:000000018000BBCD                 mov     rbx, [rsp+28h+arg_0]

.text:000000018000BBD2                 mov     rsi, [rsp+28h+arg_8]

.text:000000018000BBD7                 add     rsp, 20h

.text:000000018000BBDB                 pop     rdi

.text:000000018000BBDC                 jmp     sub_18000BA6C

.text:000000018000BBDC DllEntryPoint   endp

 

 

//=============================================================================

 

 

.text:000000018000BFDC ; int __cdecl sub_18000BFDC(struct _FILETIME SystemTimeAsFileTime, LARGE_INTEGER PerformanceCount, __int64)

.text:000000018000BFDC sub_18000BFDC   proc near               ; CODE XREF: DllEntryPoint+1Cp

.text:000000018000BFDC                                         ; DATA XREF: .pdata:000000018001C498o

.text:000000018000BFDC

.text:000000018000BFDC SystemTimeAsFileTime= _FILETIME ptr  8

.text:000000018000BFDC PerformanceCount= LARGE_INTEGER ptr  10h

.text:000000018000BFDC arg_10          = qword ptr  18h

.text:000000018000BFDC

.text:000000018000BFDC                 mov     [rsp+arg_10], rbx

.text:000000018000BFE1                 push    rdi

.text:000000018000BFE2                 sub     rsp, 20h

.text:000000018000BFE6                 mov     rax, cs:qword_18001B040

.text:000000018000BFED                 and     qword ptr [rsp+28h+SystemTimeAsFileTime.dwLowDateTime], 0

.text:000000018000BFF3                 mov     rdi, 2B992DDFA232h

.text:000000018000BFFD                 cmp     rax, rdi

.text:000000018000C000                 jz      short loc_18000C00E

.text:000000018000C002                 not     rax

.text:000000018000C005                 mov     cs:qword_18001B048, rax

.text:000000018000C00C                 jmp     short loc_18000C084

.text:000000018000C00E ; ---------------------------------------------------------------------------

.text:000000018000C00E

.text:000000018000C00E loc_18000C00E:                          ; CODE XREF: sub_18000BFDC+24j

.text:000000018000C00E                 lea     rcx, [rsp+28h+SystemTimeAsFileTime] ; lpSystemTimeAsFileTime

.text:000000018000C013                 call    cs:GetSystemTimeAsFileTime

.text:000000018000C019                 mov     rbx, qword ptr [rsp+28h+SystemTimeAsFileTime.dwLowDateTime]

.text:000000018000C01E                 call    cs:GetCurrentProcessId

.text:000000018000C024                 mov     r11d, eax

.text:000000018000C027                 xor     rbx, r11

.text:000000018000C02A                 call    cs:GetCurrentThreadId

.text:000000018000C030                 mov     r11d, eax

.text:000000018000C033                 xor     rbx, r11

.text:000000018000C036                 call    cs:GetTickCount

.text:000000018000C03C                 lea     rcx, [rsp+28h+PerformanceCount] ; lpPerformanceCount

.text:000000018000C041                 mov     r11d, eax

.text:000000018000C044                 xor     rbx, r11

.text:000000018000C047                 call    cs:QueryPerformanceCounter

.text:000000018000C04D                 mov     r11, qword ptr [rsp+28h+PerformanceCount]

.text:000000018000C052                 xor     r11, rbx

.text:000000018000C055                 mov     rax, 0FFFFFFFFFFFFh

.text:000000018000C05F                 and     r11, rax

.text:000000018000C062                 mov     rax, 2B992DDFA233h

.text:000000018000C06C                 cmp     r11, rdi

.text:000000018000C06F                 cmovz   r11, rax

.text:000000018000C073                 mov     cs:qword_18001B040, r11

.text:000000018000C07A                 not     r11

.text:000000018000C07D                 mov     cs:qword_18001B048, r11

.text:000000018000C084

.text:000000018000C084 loc_18000C084:                          ; CODE XREF: sub_18000BFDC+30j

.text:000000018000C084                 mov     rbx, [rsp+28h+arg_10]

.text:000000018000C089                 add     rsp, 20h

.text:000000018000C08D                 pop     rdi

.text:000000018000C08E                 retn

.text:000000018000C08E sub_18000BFDC   endp

 

[evilgh0st]

maybe is an old method to bypass security dll.