Bueno muchachos e encontrado algo para aquellos programadores puedan divertirse un poco. Es un programilla que me causa mucha gracia, y a mi parecer es un Api hook, pero no entiendo bien la estructura y como podria recompilarlo..
http://www.ziddu.com/download/3419494/KickaoII.exe.html
http://www.ziddu.com/download/3419528/ki.ck.rar.html
Este exe tiene un resource dentro el cual es el ki.ck, el cual e decompilado
http://www.ziddu.com/download/3419507/ki.rar.html
bueno decompilando o mejor atacheando el proceso en el juego y luego analizando el modulo del ki
http://www.ziddu.com/download/341955...lyDbg.txt.html
Código:
signed int __cdecl sub_13571F6F(int a1, void *a2, unsigned int a3, signed int a4)
{
void *v5; // eax@5
void *v6; // eax@32
signed int v7; // [sp+44h] [bp-4h]@1
unsigned int v8; // [sp+30h] [bp-18h]@1
unsigned int v9; // [sp+2Ch] [bp-1Ch]@1
DWORD v10; // [sp+28h] [bp-20h]@2
void *v12; // [sp+38h] [bp-10h]@5
int v13; // [sp+40h] [bp-8h]@14
DWORD v14; // [sp+24h] [bp-24h]@14
signed int v15; // [sp+18h] [bp-30h]@21
int v16; // [sp+3Ch] [bp-Ch]@25
void *v17; // [sp+34h] [bp-14h]@32
v7 = 0;
v8 = 0;
v9 = 0;
if ( !a1 )
{
if ( !a2 || !a3 )
return v7;
v12 = a2;
v9 = a3;
LABEL_13:
while ( v8 + 6 <= v9 )
{
v13 = (int)((char *)v12 + v8);
v14 = *(_WORD *)((char *)v12 + v8);
if ( !v14 || v8 + v14 > v9 )
{
v14 = v9 - v8;
v7 = 1;
}
if ( !v7 )
{
if ( sub_135718FD() )
{
if ( a4 == 1 )
{
v15 = *(_WORD *)(v13 + 4);
if ( v15 == 8465 )
{
if ( *(_WORD *)v13 > 0xDu )
{
v16 = (int)(v12 + v8 + 6);
if ( !*(_WORD *)(v12 + v8 + 6) )
byte_13578028 = *(_BYTE *)(v16 + 3);
}
}
else
{
if ( v15 == 8481 )
byte_13578028 = 0;
}
}
else
{
if ( a4 == 2 )
{
if ( *(_WORD *)(v13 + 4) == 20736 )
{
if ( *(_WORD *)v13 > 6u )
{
v6 = malloc(*(_WORD *)v13 - 5);
v17 = v6;
if ( v6 )
{
memset(v17, 0, *(_WORD *)v13 - 5);
strncpy((char *)v17, (const char *)v12 + v8 + 6, *(_WORD *)v13 - 6);
if ( sub_13571D85((const char *)v17, "/get") )
sub_13571D54();
free(v17);
}
}
}
}
}
}
}
if ( a1 )
WriteFile(*(HANDLE *)(a1 + 4), (LPCVOID)v13, v14, &v10, 0);
v8 += v14;
}
if ( v8 < v9 )
{
if ( a1 )
WriteFile(*(HANDLE *)(a1 + 4), (char *)v12 + v8, v9 - v8, &v10, 0);
v7 = 1;
}
goto LABEL_43;
}
if ( !PeekNamedPipe(*(HANDLE *)(a1 + 8), 0, 0, 0, &v10, 0) || !v10 )
return v7;
v5 = malloc(v10 + 1);
v12 = v5;
if ( !v5 )
return v7;
if ( ReadFile(*(HANDLE *)(a1 + 8), v12, v10, (LPDWORD)&v9, 0) )
goto LABEL_13;
LABEL_43:
if ( a1 )
free(v12);
return v7;
}
Código:
int __cdecl sub_13572957()
{
int result; // eax@8
char *v1; // eax@3
char v2; // [sp+20h] [bp-118h]@3
const char *v3; // [sp+1Ch] [bp-11Ch]@3
GetModuleFileNameA((HMODULE)dword_1357802C, (CHAR *)&unk_13578280, 0x104u);
if ( byte_13575004 )
sub_13571772(dword_1357802C);
GetModuleFileNameA((HMODULE)dword_13578030, &v2, 0x104u);
v1 = strrchr(&v2, 92);
v3 = v1;
if ( v1 )
++v3;
else
v3 = &v2;
if ( !stricmp(v3, "gunbound.gme") )
dword_13578020 = 1;
dword_13578040 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0(0, "KERNEL32", "CreateProcessA", (int (__stdcall *)())sub_135724E6);
dword_13578040 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))sub_1357130E("KERNEL32", "CreateProcessA", (int (__stdcall *)())sub_135724E6);
dword_13578044 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0(0, "KERNEL32", "CreateProcessW", (int (__stdcall *)())sub_13572742);
result = sub_1357130E("KERNEL32", "CreateProcessW", (int (__stdcall *)())sub_13572742);
dword_13578044 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD, _DWORD))result;
if ( dword_13578020 )
{
dword_13578038 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0(
0,
"WS2_32",
"recv",
(int (__stdcall *)())sub_1357227E);
dword_13578038 = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))sub_1357130E(
"WS2_32",
"recv",
(int (__stdcall *)())sub_1357227E);
dword_1357803C = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))sub_135711D0(
0,
"WS2_32",
"send",
(int (__stdcall *)())sub_1357246D);
result = sub_1357130E("WS2_32", "send", (int (__stdcall *)())sub_1357246D);
dword_1357803C = (int (__stdcall *)(_DWORD, _DWORD, _DWORD, _DWORD))result;
}
dword_13575000 = 1;
return result;
}
haber si alguien me ayudar con esto, yo diria a simple vista ... inyecta la dll en el proceso gunbound.gme luego, hace un Api hook y verifica el envio de /get y nose que