Jump to content
--> Place your ad text here <--
Get Free Banners - Giveaway MaxCheaters.com
We're Rebuilding – Join Our Staff Team
  • 0

[Help]any1 know Sabotage64.dll?

sandeagle

Asked by sandeagle,

 Share

Question

7 answers to this question

Recommended Posts

  • 0
Sighed Newbie

Sighed

Posted
Posted

Where you found that ? if its something injected in a pack it could be a backdoor, i think is a backdoor, well the word sabotage sounds like.

  • 0
sandeagle Collaborator

sandeagle

Posted
  • Author
Posted

maybe some1 understand what is it...

 

.text:000000018000BBA4 ; BOOL __stdcall DllEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)

.text:000000018000BBA4                 public DllEntryPoint

.text:000000018000BBA4 DllEntryPoint   proc near               ; DATA XREF: .pdata:000000018001C42Co

.text:000000018000BBA4

.text:000000018000BBA4 var_18          = dword ptr -18h

.text:000000018000BBA4 arg_0           = qword ptr  8

.text:000000018000BBA4 arg_8           = qword ptr  10h

.text:000000018000BBA4 arg_10          = qword ptr  18h

.text:000000018000BBA4

.text:000000018000BBA4                 mov     [rsp+arg_0], rbx

.text:000000018000BBA9                 mov     [rsp+arg_8], rsi

.text:000000018000BBAE                 push    rdi

.text:000000018000BBAF                 sub     rsp, 20h

.text:000000018000BBB3                 mov     rdi, r8

.text:000000018000BBB6                 mov     ebx, edx

.text:000000018000BBB8                 mov     rsi, rcx

.text:000000018000BBBB                 cmp     edx, 1

.text:000000018000BBBE                 jnz     short loc_18000BBC5

.text:000000018000BBC0                 call    sub_18000BFDC

.text:000000018000BBC5

.text:000000018000BBC5 loc_18000BBC5:                          ; CODE XREF: DllEntryPoint+1Aj

.text:000000018000BBC5                 mov     r8, rdi

.text:000000018000BBC8                 mov     edx, ebx

.text:000000018000BBCA                 mov     rcx, rsi

.text:000000018000BBCD                 mov     rbx, [rsp+28h+arg_0]

.text:000000018000BBD2                 mov     rsi, [rsp+28h+arg_8]

.text:000000018000BBD7                 add     rsp, 20h

.text:000000018000BBDB                 pop     rdi

.text:000000018000BBDC                 jmp     sub_18000BA6C

.text:000000018000BBDC DllEntryPoint   endp

 

 

//=============================================================================

 

 

.text:000000018000BFDC ; int __cdecl sub_18000BFDC(struct _FILETIME SystemTimeAsFileTime, LARGE_INTEGER PerformanceCount, __int64)

.text:000000018000BFDC sub_18000BFDC   proc near               ; CODE XREF: DllEntryPoint+1Cp

.text:000000018000BFDC                                         ; DATA XREF: .pdata:000000018001C498o

.text:000000018000BFDC

.text:000000018000BFDC SystemTimeAsFileTime= _FILETIME ptr  8

.text:000000018000BFDC PerformanceCount= LARGE_INTEGER ptr  10h

.text:000000018000BFDC arg_10          = qword ptr  18h

.text:000000018000BFDC

.text:000000018000BFDC                 mov     [rsp+arg_10], rbx

.text:000000018000BFE1                 push    rdi

.text:000000018000BFE2                 sub     rsp, 20h

.text:000000018000BFE6                 mov     rax, cs:qword_18001B040

.text:000000018000BFED                 and     qword ptr [rsp+28h+SystemTimeAsFileTime.dwLowDateTime], 0

.text:000000018000BFF3                 mov     rdi, 2B992DDFA232h

.text:000000018000BFFD                 cmp     rax, rdi

.text:000000018000C000                 jz      short loc_18000C00E

.text:000000018000C002                 not     rax

.text:000000018000C005                 mov     cs:qword_18001B048, rax

.text:000000018000C00C                 jmp     short loc_18000C084

.text:000000018000C00E ; ---------------------------------------------------------------------------

.text:000000018000C00E

.text:000000018000C00E loc_18000C00E:                          ; CODE XREF: sub_18000BFDC+24j

.text:000000018000C00E                 lea     rcx, [rsp+28h+SystemTimeAsFileTime] ; lpSystemTimeAsFileTime

.text:000000018000C013                 call    cs:GetSystemTimeAsFileTime

.text:000000018000C019                 mov     rbx, qword ptr [rsp+28h+SystemTimeAsFileTime.dwLowDateTime]

.text:000000018000C01E                 call    cs:GetCurrentProcessId

.text:000000018000C024                 mov     r11d, eax

.text:000000018000C027                 xor     rbx, r11

.text:000000018000C02A                 call    cs:GetCurrentThreadId

.text:000000018000C030                 mov     r11d, eax

.text:000000018000C033                 xor     rbx, r11

.text:000000018000C036                 call    cs:GetTickCount

.text:000000018000C03C                 lea     rcx, [rsp+28h+PerformanceCount] ; lpPerformanceCount

.text:000000018000C041                 mov     r11d, eax

.text:000000018000C044                 xor     rbx, r11

.text:000000018000C047                 call    cs:QueryPerformanceCounter

.text:000000018000C04D                 mov     r11, qword ptr [rsp+28h+PerformanceCount]

.text:000000018000C052                 xor     r11, rbx

.text:000000018000C055                 mov     rax, 0FFFFFFFFFFFFh

.text:000000018000C05F                 and     r11, rax

.text:000000018000C062                 mov     rax, 2B992DDFA233h

.text:000000018000C06C                 cmp     r11, rdi

.text:000000018000C06F                 cmovz   r11, rax

.text:000000018000C073                 mov     cs:qword_18001B040, r11

.text:000000018000C07A                 not     r11

.text:000000018000C07D                 mov     cs:qword_18001B048, r11

.text:000000018000C084

.text:000000018000C084 loc_18000C084:                          ; CODE XREF: sub_18000BFDC+30j

.text:000000018000C084                 mov     rbx, [rsp+28h+arg_10]

.text:000000018000C089                 add     rsp, 20h

.text:000000018000C08D                 pop     rdi

.text:000000018000C08E                 retn

.text:000000018000C08E sub_18000BFDC   endp

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing


  • Posts

    • tomlondon12
      ✅ Mass DM Panel | Instagram, Twitter, Telegram and Discord!

      By tomlondon12 · Posted

      We are taking new orders. DM us on Telegram!
    • Goddardd
      WTS L2REBORN / E-Global x Lu4

      By Goddardd · Posted

      HELLO EVERYONE. WE ARE SELLING A LOT OF ADENA ON L2 REBORN / E-Global x Lu4 DISCORD - GODDARDSHOP   HURRY TO BUY OR YOU MAY NOT MAKE IT!!!
    • Kenrix
      Lin2Web CMS - L2J & PTS (l2off)

      By Kenrix · Posted

      Added: 🎁 Seasonal Bonus System When the seasonal bonus is enabled, players receive additional bonus coins equal to bonus_season_percent of their donation amount. 💡 How it works (example): A player donates through their personal account and immediately receives regular coins. At the same time, bonus coins equal to 30% of the donation are credited. Example: Donation: 1000 coins → Bonus: 300 coins (30%) These bonus coins are not available immediately — they can be claimed later when the next season begins. 📅 When the bonus can be claimed: bonus_season_claim_start_date – the date when the "Claim" button becomes available. bonus_season_claim_end_date – the date after which the bonus can no longer be claimed. During this time window, the "Claim" button will appear in the personal account, allowing players to collect their accumulated bonus. 'bonus_season_enabled' => true, // Enable/disable the seasonal bonus system 'bonus_season_percent' => 30, // Percentage of the donation to be given as bonus coins (30 = 30%) 'bonus_season_claim_start_date' => '2025-07-30 00:00:00', // Date when the Claim button becomes available in the new season   'bonus_season_enabled' => true, // Вкл./Выкл Сезонную бонусную систему? 'bonus_season_percent' => 30, // Процент, при донате получает монеты в процентах 30 = 30%, которые может использовать в следующем открытии 'bonus_season_claim_start_date' => '2025-07-30 00:00:00', // Дата когда доступна кнопка Claim в новом сезоне 'bonus_season_claim_end_date' => '2025-08-15 20:00:00', // Дата окончания когда кнопка Claim в новом сезоне
    • Seaniel
      [L2J] L2 Sanctuary

      By Seaniel · Posted

    • Utchiha-Market
      Full Mail Access 2008 - 2013 Twitter Account's Only $2.99

      By Utchiha-Market · Posted

      Discord         :  utchiha_market Telegram        : https://t.me/utchiha_market  

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock