Post

Visualizzazione dei post da agosto, 2009

Luxand FaceSDK (Proof of concept)

This library is published with a working demo, they used a valid license with the demo exe…so here we go… 1034B0F0 >/$ 55             PUSH EBP   ;  Entry Point ActivateLibrary 1034B0F1  |. 8BEC           MOV EBP,ESP 1034B0F3  |. 83E4 F8        AND ESP,FFFFFFF8 1034B0F6  |. 83EC 6C        SUB ESP,6C 1034B0F9  |. A1 18653710    MOV EAX,DWORD PTR DS:[10376518]          ;  The license is here...
Posta un commento
Continua a leggere

KeyClone 1.9.7.0 (Proof of concept)

Immagine
Before: 004814BA  |. E8 E161FDFF    CALL keyclone.004576A0  ;  First check 004814BF  |. 0FB6C0         MOVZX EAX,AL 004814C2  |. 85C0           TEST EAX,EAX 004814C4     0F84 AB000000  JE keyclone.00481575 004576A0  /$ 55             PUSH EBP 004576A1  |. 8BEC           MOV EBP,ESP 004576A3  |. 51             PUSH ECX 004576A4  |. 894D FC        MOV DWORD PTR SS:[EBP-4],ECX 004576A7  |. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4] 004576AA     8A80 2D060000  MOV AL,BYTE PTR DS:[EAX+62D]   ; >>  MOV AL,1 004576B0  |. 8BE5           MOV ESP,EBP 004576B2  |. 5D             POP EBP 004576B3  \. C3             RETN Patched for 6 Bytes This is called from: keyclone.00433DCA, keyclone.00434A90, keyclone.00455701 004364B0  /$ 55             PUSH EBP 004364B1  |. 8BEC           MOV EBP,ESP 004364B3  |. 51             PUSH ECX
Posta un commento
Continua a leggere