[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] WGA patch for LegitCheckControl.dll
- To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] WGA patch for LegitCheckControl.dll
- From: "M. Mohr" <m.mohr@xxxxxxxxxxx>
- Date: Thu, 11 Aug 2005 04:35:58 +0200
I'm not sure this got through the first time, so I'll resend
it. Sorry if there is a dupe.
/*
Name: Windows Genuine Advantage Validation Patch
Copyright: NeoSecurityTeam
Author: HaCkZaTaN <hck_zatan@xxxxxxxxxxx>
Date: 31/07/05 21:42
Description: LegitCheckControl.dll (1.3.254.0)
[N]eo [S]ecurity [T]eam [NST]® - http://www.neosecurityteam.net/
Irc.GigaChat.Net #uruguay
----------------------------------------------------------------
Code cleanup and input validation by Arashi
Original code from:
http://dkcs.void.ru/index.php?module=exploits&FullArticle=exploits/380
*/
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
typedef struct bytepair BYTEPAIR;
struct bytepair
{
long offset;
unsigned char old;
unsigned char new;
};
static const BYTEPAIR byte_pairs[3]= {
{0x2BE98, 0x8B, 0x33},
{0x2BE99, 0x45, 0xC0},
{0x2BE9A, 0xD8, 0x90},
};
int main() {
unsigned short i;
int LegitCheckControl;
unsigned char check, ver[10];
printf("\n\n\n\nLegitCheckControl.dll 1.3.254.0 WGA
validation patch.\n\n"
"Code cleanup and validation by Arashi\n"
"Author: HaCkZaTaN <hck_zatan@xxxxxxxxxxx>\n"
"®[N]eo [S]ecurity [T]eam [NST]\n"
" - http://www.neosecurityteam.net/\n";
" - Irc.GigaChat.Net #uruguay\n\n"
"-----------------------------------------------------\n\n");
printf("Verifying LegitCheckControl.dll...\n");
LegitCheckControl = open("LegitCheckControl.dll", O_RDWR);
if (LegitCheckControl == -1) {
perror("LegitCheckControl.dll");
return 1;
}
else printf(" * LegitCheckControl.dll opened succesfully.\n");
if((lseek(LegitCheckControl,0xD2A0,SEEK_SET) == -1)) {
perror(" ! lseek");
return 1;
}
if((read(LegitCheckControl,&ver,10) != 10)) {
perror(" ! read");
return 1;
}
if(strncmp(ver, "1.3.0254.0", 10)) {
fprintf(stderr, " ! Invalid version
information\n\nAborted.\n");
return 1;
}
else printf(" * Version information is confirmed.\n");
for(i=0;i<3;i++) {
if((lseek(LegitCheckControl, byte_pairs[i].offset,
SEEK_SET) == -1)) {
perror(" ! lseek");
return 1;
}
if((read(LegitCheckControl,&check,1) != 1)) {
perror(" ! read");
return 1;
}
if(check != byte_pairs[i].old) {
fprintf(stderr, " ! Unable to verify patch
bytes.\n\nAborted.\n");
return 1;
}
}
printf(" * LegitCheckControl.dll validated.\n\nApplying
patch...\n");
for(i=0;i<3;i++) {
if((lseek(LegitCheckControl, byte_pairs[i].offset,
SEEK_SET) == -1)) {
perror(" ! lseek");
return 1;
}
if((write(LegitCheckControl, &byte_pairs[i].new, 1) != 1)) {
perror(" ! write");
return 1;
}
}
close(LegitCheckControl);
printf("Patch complete.\n\n\n");
return 0;
}
Accédez au courrier électronique de La Poste : www.laposte.net ;
3615 LAPOSTENET (0,34?/mn) ; tél : 08 92 68 13 50 (0,34?/mn)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/