over 3 years ago

Cracked by Toby

下載點

版本 檔名 大小 下載點 掃毒報告
1.0 MapleMoon Ver_174.2.2(Cracked).rar 3.33 MB 已移除 註*VirusTotal
1.1 MapleMoon Ver_174.2.2(Cracked).rar 3.33 MB MEGA 註*VirusTotal

註*壓縮檔只增加了MoonPatch_by_Toby.dllMapleMoon.dll為原始的檔案,掃毒報告中只附上MoonPatch_by_Toby.dll

MoonPatch.dll 程式碼

#include <tchar.h>
#include <Windows.h>
#include <Shlwapi.h>

#pragma hdrstop
#pragma argsused
#pragma comment(lib, "shlwapi")

#define JMP(frm,to) (((int)to - (int)frm)-5)

DWORD WINAPI Start(LPVOID lpThreadParameter);

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    if (fdwReason == DLL_PROCESS_ATTACH)
    {
        CreateThread(NULL, 0, Start, hinstDLL, 0, NULL);
    }
    return 1;
}

DWORD CreateThread_Address;
DWORD ReturnAddress;
HANDLE hThread = 0;

void __declspec(naked) CreateThread_Call()
{
    __asm
    {
        Mov Eax, [CreateThread_Address]
        Add Eax, 0x05
        Push Ebp
        Mov Ebp, Esp
        Jmp Eax
    }
}

void __declspec(naked) CreateThread_Hook()
{
    __asm
    {
        Mov Eax, [Esp]
        Sub Eax, 0x0C
        Cmp [Eax], 0x0000FF68
        Jne Return
        Cmp [hThread], 0x00
        Jne Return
        Mov [Esp+0x14], 0x04
        Pop [ReturnAddress]
        Mov Eax, [CreateThread_Address]
        Add Eax, 0x05
        Call CreateThread_Call
        Push Eax
        Pop [hThread]
        Push [ReturnAddress]
        Ret
Return:
        Mov Eax, [CreateThread_Address]
        Add Eax, 0x05
        Push Ebp
        Mov Ebp, Esp
        Jmp Eax
    }
}

DWORD WINAPI Start(LPVOID lpThreadParameter)
{
    TCHAR szPath[MAX_PATH];
    FARPROC fpCreateThread;
    HMODULE hModule;
    DWORD flOldProtect;
    LPVOID lpAddress;

    hModule = GetModuleHandle(_T("kernel32"));
    if (hModule == NULL)
        hModule = LoadLibrary(_T("kernel32"));
    if (hModule == NULL)
        return FALSE;

    fpCreateThread = GetProcAddress(hModule, "CreateThread");
    if (fpCreateThread == NULL)
        return FALSE;

    if (VirtualProtect(fpCreateThread, 5, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;

    ((BYTE *)fpCreateThread)[0] = 0xE9;
    ((DWORD *)((BYTE *)fpCreateThread + 1))[0] = JMP(fpCreateThread, CreateThread_Hook);

    CreateThread_Address = (DWORD)fpCreateThread;

    GetModuleFileName((HINSTANCE)lpThreadParameter, szPath, ARRAYSIZE(szPath));
    PathRemoveFileSpec(szPath);
    _tcscat(szPath, _T("\\MapleMoon.dll"));

    hModule = LoadLibrary(szPath);
    if (hModule == NULL)
        return FALSE;

    while (hThread == NULL)
        Sleep(1000);

    lpAddress = (LPVOID)((DWORD)hModule + 0x7EA9);
    if (VirtualProtect(lpAddress, 5, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;
    ((BYTE *)lpAddress)[0] = 0x90;
    ((DWORD *)((BYTE *)lpAddress + 1))[0] = 0x90909090;

    lpAddress = (LPVOID)((DWORD)hModule + 0x9183);
    if (VirtualProtect(lpAddress, 5, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;
    ((BYTE *)lpAddress)[0] = 0x90;
    ((DWORD *)((BYTE *)lpAddress + 1))[0] = 0x90909090;

    lpAddress = (LPVOID)((DWORD)hModule + 0x927E);
    if (VirtualProtect(lpAddress, 1, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;
    ((BYTE *)lpAddress)[0] = 0xEB;

    lpAddress = (LPVOID)((DWORD)hModule + 0x930B);
    if (VirtualProtect(lpAddress, 6, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;
    ((WORD *)lpAddress)[0] = 0x9090;
    ((DWORD *)((BYTE *)lpAddress + 2))[0] = 0x90909090;

    lpAddress = (LPVOID)((DWORD)hModule + 0x933E);
    if (VirtualProtect(lpAddress, 5, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;
    ((BYTE *)lpAddress)[0] = 0x90;
    ((DWORD *)((BYTE *)lpAddress + 1))[0] = 0x90909090;
  
    char text[] = "歡迎使用MapleMoon!\n您使用的版本:Toby破解版\n免費外掛,請勿販售\n版本:Ver_174.2.2";
    lpAddress = (LPVOID)((DWORD)hModule + 0x3907CA);
    if (VirtualProtect(lpAddress, sizeof(text)+1, PAGE_EXECUTE_READWRITE, &flOldProtect) == NULL)
        return FALSE;
    strcpy((char *)lpAddress, text);

    ResumeThread(hThread);
    return TRUE;
}

← MapleMoon Ver_174.2.1(原楓之明月) 數據 KeyInstaller 外掛金鑰安裝器 →
 
comments powered by Disqus