Full Disclosure mailing list archives
WGA patch for LegitCheckControl.dll
From: "M. Mohr" <m.mohr () laposte net>
Date: Thu, 11 Aug 2005 04:35:58 +0200
I'm not sure this got through the first time, so I'll resend it. Sorry if there is a dupe. /* Name: Windows Genuine Advantage Validation Patch Copyright: NeoSecurityTeam Author: HaCkZaTaN <hck_zatan () hotmail com> Date: 31/07/05 21:42 Description: LegitCheckControl.dll (1.3.254.0) [N]eo [S]ecurity [T]eam [NST]® - http://www.neosecurityteam.net/ Irc.GigaChat.Net #uruguay ---------------------------------------------------------------- Code cleanup and input validation by Arashi Original code from: http://dkcs.void.ru/index.php?module=exploits&FullArticle=exploits/380 */ #include <fcntl.h> #include <stdio.h> #include <unistd.h> #include <string.h> typedef struct bytepair BYTEPAIR; struct bytepair { long offset; unsigned char old; unsigned char new; }; static const BYTEPAIR byte_pairs[3]= { {0x2BE98, 0x8B, 0x33}, {0x2BE99, 0x45, 0xC0}, {0x2BE9A, 0xD8, 0x90}, }; int main() { unsigned short i; int LegitCheckControl; unsigned char check, ver[10]; printf("\n\n\n\nLegitCheckControl.dll 1.3.254.0 WGA validation patch.\n\n" "Code cleanup and validation by Arashi\n" "Author: HaCkZaTaN <hck_zatan () hotmail com>\n" "®[N]eo [S]ecurity [T]eam [NST]\n" " - http://www.neosecurityteam.net/\n" " - Irc.GigaChat.Net #uruguay\n\n" "-----------------------------------------------------\n\n"); printf("Verifying LegitCheckControl.dll...\n"); LegitCheckControl = open("LegitCheckControl.dll", O_RDWR); if (LegitCheckControl == -1) { perror("LegitCheckControl.dll"); return 1; } else printf(" * LegitCheckControl.dll opened succesfully.\n"); if((lseek(LegitCheckControl,0xD2A0,SEEK_SET) == -1)) { perror(" ! lseek"); return 1; } if((read(LegitCheckControl,&ver,10) != 10)) { perror(" ! read"); return 1; } if(strncmp(ver, "1.3.0254.0", 10)) { fprintf(stderr, " ! Invalid version information\n\nAborted.\n"); return 1; } else printf(" * Version information is confirmed.\n"); for(i=0;i<3;i++) { if((lseek(LegitCheckControl, byte_pairs[i].offset, SEEK_SET) == -1)) { perror(" ! lseek"); return 1; } if((read(LegitCheckControl,&check,1) != 1)) { perror(" ! read"); return 1; } if(check != byte_pairs[i].old) { fprintf(stderr, " ! Unable to verify patch bytes.\n\nAborted.\n"); return 1; } } printf(" * LegitCheckControl.dll validated.\n\nApplying patch...\n"); for(i=0;i<3;i++) { if((lseek(LegitCheckControl, byte_pairs[i].offset, SEEK_SET) == -1)) { perror(" ! lseek"); return 1; } if((write(LegitCheckControl, &byte_pairs[i].new, 1) != 1)) { perror(" ! write"); return 1; } } close(LegitCheckControl); printf("Patch complete.\n\n\n"); return 0; } Accédez au courrier électronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34/mn) ; tél : 08 92 68 13 50 (0,34/mn) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WGA patch for LegitCheckControl.dll M. Mohr (Aug 10)
- RE: WGA patch for LegitCheckControl.dll Debasis Mohanty (Aug 11)