📄 unit2.pas
字号:
unit Unit2;
interface
uses
Windows,SysUtils,Messages;
{包结构}
type
//第一次接的包结构
TFirstPackage=packed record
Packed_Len:Word;
Packed_Class:Word;
Packed_Data:DWORD;
end;
//第二次接的包结构
TSecondPackage=packed record
Packed_Len:Word;
Packed_Class:Word;
Packed_Data1:DWORD;
Packed_Data2:DWORD;
Packed_Data3:DWORD;
Packed_Data4:DWORD;
Packed_Info:array[0..31] of Char;
end;
//第二次发包
TSendSecondPackage=packed record
packed_Len:word;
packed_class:Word;
packed_Data1:DWORD;
packed_Data2:DWORD;
packed_Data3:DWORD;
packed_Data4:array [0..11] of Char;
end;
//KEY参数
TKEYVa=packed record
KEY:array [0..15] of Char;
end;
//登录包结构
TLoginPackage=packed record
Packed_Len:Word;
Packed_Class:Word;
Packed_Data:DWORD;
Packed_Name:array[0..31] of Char;
Packed_Pass:array[0..31] of Char;
Packed_ServerName:array[0..31] of Char;
Packed_ServerNumber:array[0..31] of Char;
end;
{包结构}
{函数和过程}
procedure CreateCipherTable; //生成密钥
procedure MakeTable; //制作密钥表
procedure Decrypt(var buf;nLen:integer);
procedure Encrypt(var buf;nLen:integer);
procedure EnOrDecryptData; //加解密过程
procedure CreateKEYVa;
procedure CreateKEY;
procedure MakeKEY;
procedure CreateMiMaPacked;
procedure MakePass;
procedure CreateLoginPacked;
function conertde(s:string):string;
function StrToAsc(pp:PChar;nLen:integer):string;
function hextoint(s: string): Integer;
{函数和过程}
type
TRand=function:Integer;stdcall;
TSRand=procedure(seed:dword);cdecl;
{定义全局参数}
var
PackageID:integer;
RecvCipherTable:array[0..1055] of char;
MidCipherTable:array[0..1055] of char;
SendCipherTable:array[0..1055] of char;
SendmCipherTable:array[0..1055] of char;
FirstPackage:TFirstPackage;
SecondPackage:TSecondPackage;
SendSecondPackage:TSendSecondPackage;
LoginPackage:TLoginPackage;
KEY:array[0..128] of Char;
RandKey:array[0..15] of Char;
DllHandle:THandle;
Rand:TRand;
SRand:TSRand;
{定义全局参数}
implementation
function hextoint(s: string): Integer;
begin //$代表16进制
Result:=StrToInt('$'+s);
end;
procedure CreateKEYVa;
var
i:Integer;
s:string;
begin
s:='kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk';
SRand(FirstPackage.Packed_Data);
asm
pushad
xor esi,esi
end;
for i:=1 to 16 do
begin
Rand();
asm
lea edx,RandKey
and eax, $800000FF // 取低位
jns @ONE // 大于0跳走
dec eax
or eax, $FFFFFF00
inc eax
@ONE:
mov [edx+esi], al
inc esi
end;
end;
asm
popad
end;
end;
function conertde(s:string):string;
var
i:integer;
begin
for i:=1 to length(s) do
result:=result+inttohex(ord(s[i]),2);
end;
function StrToAsc(pp:PChar;nLen:integer):string;
var
i:Integer;
p:PChar;
begin
p:=@pp;
for i:=0 to nLen do
result:=result+inttohex(ord(p[i]),2);
end;
procedure CreateLoginPacked;
asm
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+$C] //; 帐号
push edi
test esi, esi //; 判断是否为空
mov ebx, ecx
je @ONE
mov edi, esi
or ecx, $FFFFFFFF
xor eax, eax
repne scas byte ptr es:[edi]
not ecx
dec ecx
cmp ecx, $20
jnb @ONE
mov eax, [ebp+$10] //; 取密码
test eax, eax //; 是否为空
je @ONE
mov edi, [ebp+$14] //; 取服务器名称
test edi, edi //; 是否为空
je @ONE
or ecx, $FFFFFFFF
xor eax, eax
repne scas byte ptr es:[edi]
not ecx
dec ecx
cmp ecx, $20
jnb @ONE //; 判断服务器名称大小
mov ecx, ebx
call @GoBegin
mov eax, [ebx+$404]
mov edx, esi //; 取帐号
add eax, $8 // ; 从第8位放帐号
@THREE:
mov cl, [edx]
inc edx
mov [eax], cl
inc eax
test cl, cl
jnz @THREE //; 放帐号完毕
mov edi, [ebx+$404]
mov esi, [ebp+$10] //; 取密码地址
mov edx, [ebp+$14] //; 取服务器名称
add edi, 28 //; 从第28位开始放密码
mov ecx, 8 //; 一共放4*8=32个字节
rep movs dword ptr es:[edi], dword ptr[esi] //; 这里要看,登录数据有关的
mov eax, [ebx+$404] //; 从第48位放服务器名称
add eax, $48 //; 这里放服务器名称
@TWO:
mov cl, [edx]
inc edx
mov [eax], cl
inc eax
test cl, cl
jnz @TWO // ; 放完
mov eax, [ebx+$404]
mov ecx, [ebp+$8] // ; 取参数5
mov edx, [ebp+$18] // ; 取参数版本号
mov [eax+$4], ecx // ; 第二个双字,放一个参数05
mov eax, [ebx+$404]
add eax, $68 // ; 第68位放版本号
@FOUR:
mov cl, [edx]
inc edx
mov [eax], cl
inc eax
test cl, cl
jnz @FOUR /// ; 放完
mov edx, [ebx+$404]
pop edi
pop esi
mov word ptr [edx+$2], $442 // ; 第二个字放442
mov eax, [ebx+$404]
pop ebx
mov word ptr [eax], $88 // ; 第一个字放88
mov eax, $1
pop ebp
jmp @GoEnd
@ONE:
pop edi
pop esi
xor eax, eax
pop ebx
pop ebp
jmp @GoEnd
@GoBegin:
mov edx, ecx
push esi
push edi
mov ecx, $100
lea esi, [edx+$4]
xor eax, eax
mov edi, esi
rep stos dword ptr es:[edi]
mov [esi], ax
pop edi
mov [edx+$6], ax
pop esi
retn
@GoEnd:
nop
end;
procedure MakeKEY;
begin
asm
pushad
lea ecx,RandKey
push ecx // 随机数作为参数
lea ecx,Key // 存放KEY的缓冲区
end;
CreateKEY;
asm
add esp,$4
popad
end;
end;
procedure CreateKEY;
asm
push ecx //存放最后KEY的地址
mov eax, [esp+$8] // 取随机数的地址
push ebx
push ebp
push esi
mov esi, [eax] // 取随机数1-4位放ESI
mov edx, ecx //取最后KEY的地址给EDX
push edi
mov [esp+$10], ecx
mov [edx], esi //放入随机数(1-4)
mov esi, [eax+$4]
mov [edx+$4], esi // 5-8
mov esi, [eax+$8]
mov [edx+$8], esi // 9-12
mov eax, [eax+$C]
mov dword ptr [ecx+$10], $B7E15163 // 最后KEY的17-20放固定值
mov [edx+$C], eax // 13-16
lea eax, [ecx+$14] // 取KEY21开始的地址
mov edx, $19
@ONE:
mov esi, [eax-$4]
add eax, $4
sub esi, $61C88647
dec edx
mov [eax-$4], esi
jnz @ONE
xor ebx, ebx
xor esi, esi
xor ebp, ebp
xor edi, edi
mov dword ptr [esp+$18], $4E
jmp @TWO
@FOUR:
mov ecx, [esp+$10]
@TWO:
mov ecx, [ecx+edi*$4+$10]
push $3
add ecx, ebx
add ecx, esi
push ecx
call @Begin
mov ecx, [esp+$18]
mov esi, eax
mov [ecx+edi*$4+$10], eax
lea eax, [edi+$1]
cdq
mov edi, $1A
idiv edi
mov eax, [ecx+ebp*$4]
add eax, ebx
add eax, esi
mov edi, edx
lea edx, [ebx+esi]
push edx
push eax
call @Begin
mov ecx, [esp+$20]
add esp, $10
mov ebx, eax
mov [ecx+ebp*$4], eax
inc ebp
and ebp, $80000003
jns @THREE
dec ebp
or ebp, $FFFFFFFC
inc ebp
@THREE:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -