[求助]关于微狗(MH)模拟,以及重写DLL 向各位前辈请教-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]关于微狗(MH)模拟,以及重写DLL 向各位前辈请教 0.00雪花

发表于: 2008-4-5 19:09 7179

[旧帖] [求助]关于微狗(MH)模拟,以及重写DLL 向各位前辈请教 0.00雪花

vlisp

2008-4-5 19:09

7179

用GetVer分析出来的加密模块的版本信息

Copyright(C)  2004 SafeNet China Ltd.

版本号：3.020
部件号：RC-UMH-LM-W32INTF

小弟用MHMonitor拦截下来的狗数据如下
009 DT:1 Convert  FuncID:04  Ret:0000 Flag:MH Bytes:08 PWD:000A1612 Data: 3533303637202020 Result: 36528933
008 DT:1 Read    FuncID:02  Ret:0000 Flag:MH Addr:14 Bytes:08 PWD:000A1612 Result: 0100000000000000
007 DT:1 Read    FuncID:02  Ret:0000 Flag:MH Addr:23 Bytes:08 PWD:000A1612 Result: 4BCF000000000000
006 DT:1 Read    FuncID:02  Ret:0000 Flag:MH Addr:00 Bytes:08 PWD:000A1612 Result:
005 DT:1 Disable  FuncID:08  Ret:0000 Flag:MH
004 DT:1 DogSeed  FuncID:14  Ret:0000 Flag:MH Result: F3B524C66DCD5760
003 DT:1 CheckDog FuncID:01  Ret:0000 Flag:MH DogID:000F467C
002 DT:1 CheckDog FuncID:01  Ret:27EF Flag:MH DogID:000F467C
001 \\.\LPTMH1  %0X

用DogEdt32读的数据如下
39 39 39 39 39 39 39 39 03 D6 49 4B CF 00 00 4B CF 00 00 00 01 00 00 00 00 00 00 00 00 9F 4B CF 00 00 00 4B CF 00 00 00 00 00 00 86 2E 52 85 07 F5 0F B0 F6 59 AB 86 48 32 EA 95 08 B9 F9 26 28 6F 43 1D D1 C5 A2 35 30 3A 2D 71 F3 25 17 4E 7F EB CD A8 FC D4 E9 C5 48 28 02 89 F8 EF 02 39 6A EC 1F E2 1B 16 ED BC 2F 4B D6 91 87 73 54 A9 23 C2 3B 1B 41 64 88 11 0F 33 DF EC 31 C2 40 C7 17 74 1D 3E 55 C4 60 14 F4 91 74 8B 07 8C F5 02 50 99 13 B8 6C 46 46 4C 3C 1B 72 CC FA F7 02 EE CF 3B 1F 54 2C E2 99 56 E3 68 99 5D 40 8A AE 2B ED B7 59 19 2C 5E A6 C4 F7 D3 F0 1A A7 00 61 38 BD 9C 4E 30 53 AA 55 AA 55

我想软复制狗,可是不知道怎么去做,想用C 直接写新的DLL  可是这样做却不行代码如下:
//  Copyright (C) 2001 Rainbow China Co.,Ltd. All Rights Reserved.

#include "stdio.h"
#include "windows.h"
#include "win32dll.h"

#define MH_SUCCESS 0

//default unload DLL
int PASCAL WEP (int  bSystemExit)
{
return(1);
}

//default Load DLL
BOOL PASCAL DllMain (HINSTANCE hDLL, DWORD dwReason, LPVOID lpReserved)
{
return 1;
}

//---------------------------------------------------------------------
//Routine Description:
// the DLL(Dynamic-Link Library) only one interface function
//
// Return Value:
// if the function succeeds, the return value is MH_SUCCESS
// if the function fails, the return valuse is error code
// For details on error code, see the ErrCode.txt
//
//Parameters:
// pmdp
// Points to a MH_DLL_PARA structure. You must fill the
// structure with the appropriate command and data before
// passing it to the function, and it to be filled in by
// this function.
//
//typedef struct _MH_DLL_PARA
//{
// BYTE Command;
// BYTE Cascade;
// WORD DogAddr;
// WORD DogBytes;
// DWORD DogPassword;
// DWORD DogResult;
// BYTE    DogData[200];
//} MH_DLL_PARA;
//
// Command code:
//1 DogCheck
//2 ReadDog
//3 WriteDog
//4 DogConvert
//5 GetCurrentNo
//6 EnableShare
//7 DisableShare
//
//----------------------------------------------------------------------
BYTE fdogdata[200] = {0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x03,0xD6,
0x49,0x4B,0xCF,0x00,0x00,0x4B,0xCF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x9F,0x4B,0xCF,0x00,0x00,0x00,0x4B,0xCF,0x00,
0x00,0x00,0x00,0x00,0x00,0x86,0x2E,0x52,0x85,0x07,0xF5,0x0F,0xB0,0xF6,
0x59,0xAB,0x86,0x48,0x32,0xEA,0x95,0x08,0xB9,0xF9,0x26,0x28,0x6F,0x43,
0x1D,0xD1,0xC5,0xA2,0x35,0x30,0x3A,0x2D,0x71,0xF3,0x25,0x17,0x4E,0x7F,
0xEB,0xCD,0xA8,0xFC,0xD4,0xE9,0xC5,0x48,0x28,0x02,0x89,0xF8,0xEF,0x02,
0x39,0x6A,0xEC,0x1F,0xE2,0x1B,0x16,0xED,0xBC,0x2F,0x4B,0xD6,0x91,0x87,
0x73,0x54,0xA9,0x23,0xC2,0x3B,0x1B,0x41,0x64,0x88,0x11,0x0F,0x33,0xDF,
0xEC,0x31,0xC2,0x40,0xC7,0x17,0x74,0x1D,0x3E,0x55,0xC4,0x60,0x14,0xF4,
0x91,0x74,0x8B,0x07,0x8C,0xF5,0x02,0x50,0x99,0x13,0xB8,0x6C,0x46,0x46,
0x4C,0x3C,0x1B,0x72,0xCC,0xFA,0xF7,0x02,0xEE,0xCF,0x3B,0x1F,0x54,0x2C,
0xE2,0x99,0x56,0xE3,0x68,0x99,0x5D,0x40,0x8A,0xAE,0x2B,0xED,0xB7,0x59,
0x19,0x2C,0x5E,0xA6,0xC4,0xF7,0xD3,0xF0,0x1A,0xA7,0x00,0x61,0x38,0xBD,
0x9C,0x4E,0x30,0x53,0xAA,0x55,0xAA,0x55};
unsigned long PASCAL GS_MHDog(PMH_DLL_PARA pmdp)
{
MHSTATUS resu;

char tempmessage[500];
DogCascade = pmdp->DogCascade;
DogAddr = pmdp->DogAddr;
DogBytes = pmdp->DogBytes;
DogPassword = pmdp->DogPassword;
DogResult = pmdp->DogResult;
NewPassword = pmdp->NewPassword;
pmdp->DogData = fdogdata;
DogData = pmdp->DogData;
switch(pmdp->Command)
{
case 1:
resu = 0;
break;
case 2:
//memcpy(&DogData,pmdp -> DogData,DogAddr);
pmdp->DogData+=DogBytes;
resu = 0;
break;
case 3:
resu = 0;
break;
case 4:
DogResult = 0x33895236;
resu = 0;
break;
case 5:
resu = 0;
break;
case 6:
resu = MH_SUCCESS;
break;
case 7:
resu = 0;
break;
//Add by Zhengzh
case 8:
{
   resu = 0;
      memcpy(&DogCascade,pmdp -> DogData,1);
   break;
}
case 9:
{
   resu = 0;
      memcpy(&DogPassword,&(pmdp -> NewPassword),4);
   break;
}
}
//add by Zhengzh
pmdp->DogCascade = DogCascade;
pmdp->DogPassword = DogPassword;
pmdp->DogAddr = DogAddr;
pmdp->DogResult = DogResult;
pmdp->DogAddr = DogAddr;
return resu;
}
请高手们指点,我应该怎么样做才能实现无狗运行程序,请各位大哥指点,小弟是一菜鸟有部分数据是朋友们帮我拦截的

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

免费・0

支持

最新回复 (2)
vlisp 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 4 粉丝 0 关注私信	vlisp 2 楼另外我读够的时候,获取狗号的时候竟然发现好几个狗的号竟然是重复的 2008-4-6 08:50 0
cnnets 雪币： 465 活跃值： (46) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 251 粉丝 0 关注私信	cnnets 3 楼可结合laomms的代码写驱动试试。 2008-4-12 12:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

vlisp

发帖

回帖

RANK

关注

私信

他的文章

[求助]关于微狗(MH)模拟,以及重写DLL 向各位前辈请教 7180

关于我们

联系我们

企业服务

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区

最新回复 (2)
vlisp 雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 4 粉丝 0 关注私信	vlisp 2 楼另外我读够的时候,获取狗号的时候竟然发现好几个狗的号竟然是重复的 2008-4-6 08:50 0
cnnets 雪币： 465 活跃值： (46) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 251 粉丝 0 关注私信	cnnets 3 楼可结合laomms的代码写驱动试试。 2008-4-12 12:31 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复