• 标 题:oicq目录下面的hash.dat
  • 作 者:最弱智
  • 时 间:2000-12-1 16:19:15
  • 链 接:http://bbs.pediy.com

是oicq.exe的md5校验和。oicq就是通过这个判断是否被修改了的。

  • 标 题:md5 generator
  • 作 者:最弱智
  • 时 间:2000-12-1 16:31:17

VC6 编译:

c:\> cl mdx.c

使用:

c:\> cl oicq.exe

md5 = xx xx ............

[MDX.C]
#include    <io.h>
#include    <conio.h>
#include    <fcntl.h>
#include    <stdio.h>
#include    <stdlib.h>

#pragma intrinsic( _rotl )

#define    BLOCK    0x40
#define    BUFFER    0x6000

typedef    unsigned char    BYTE;
typedef    unsigned int    WORD;
typedef    unsigned long    DWORD;

void MDInit( DWORD *pMD )
{
    pMD[ 0 ] = 0x67452301;
    pMD[ 1 ] = 0xefcdab89;
    pMD[ 2 ] = 0x98badcfe;
    pMD[ 3 ] = 0x10325476;
}

void MD5Calc( DWORD *pData, DWORD *pMD5 )
{
    static DWORD MD51[] = {
        0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
        0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
        0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
        0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821
    };
    static DWORD MD52[] = {
        0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
        0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
        0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
        0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a
    };
    static DWORD MD53[] = {
        0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
        0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
        0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05,
        0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665
    };
    static DWORD MD54[] = {
        0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
        0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
        0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
        0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
    };

    WORD    i;
    DWORD    t1, t2, t3, t4;

    t1 = pMD5[ 0 ];
    t2 = pMD5[ 1 ];
    t3 = pMD5[ 2 ];
    t4 = pMD5[ 3 ];

    for( i = 0; i < 0x4; i ++ ){
        t1 += ( ( ~t2 & t4 ) | ( t2 & t3 ) ) + MD51[ i * 4 ];
        t1 = _rotl( t1 + pData[ i * 4 ], 7 ) + t2;

        t4 += ( ( ~t1 & t3 ) | ( t1 & t2 ) ) + MD51[ i * 4 + 1];
        t4 = _rotl( t4 + pData[ i * 4 + 1 ], 0xc ) + t1;

        t3 += ( ( ~t4 & t2 ) | ( t4 & t1 ) ) + MD51[ i * 4 + 2 ];
        t3 = _rotl( t3 + pData[ i * 4 + 2 ], 0x11 ) + t4;

        t2 += ( ( ~t3 & t1 ) | ( t3 & t4 ) ) + MD51[ i * 4 + 3 ];
        t2 = _rotl( t2 + pData[ i * 4 + 3 ], 0x16 ) + t3;
    }

    for( i = 0; i < 0x4; i ++ ){
        t1 += ( ( ~t4 & t3 ) | ( t2 & t4 ) ) + MD52[ i * 4 ];
        t1 = _rotl( t1 + pData[ ( i * 4 + 1 ) & 0xf ], 5 ) + t2;

        t4 += ( ( ~t3 & t2 ) | ( t1 & t3 ) ) + MD52[ i * 4 + 1 ];
        t4 = _rotl( t4 + pData[ ( i * 4 + 0x6 ) & 0xf ], 9 ) + t1;

        t3 += ( ( ~t2 & t1 ) | ( t4 & t2 ) ) + MD52[ i * 4 + 2 ];
        t3 = _rotl( t3 + pData[ ( i * 4 + 0xb ) & 0xf ], 0xe ) + t4;

        t2 += ( ( ~t1 & t4 ) | ( t3 & t1 ) ) + MD52[ i * 4 + 3 ];
        t2 = _rotl( t2 + pData[ ( i * 4 ) & 0xf ], 0x14 ) + t3;
    }

    for( i = 0; i < 0x4; i ++ ){
        t1 += ( t2 ^ t3 ^ t4 ) + MD53[ i * 4 ];
        t1 = _rotl( t1 + pData[ ( i * 0xc + 5 ) & 0xf ], 4 ) + t2;

        t4 += ( t1 ^ t2 ^ t3 ) + MD53[ i * 4 + 1 ];
        t4 = _rotl( t4 + pData[ ( i * 0xc + 8 ) & 0xf ], 0xb ) + t1;

        t3 += ( t1 ^ t4 ^ t2 ) + MD53[ i * 4 + 2 ];
        t3 = _rotl( t3 + pData[ ( i * 0xc + 0xb ) & 0xf ], 0x10 ) + t4;

        t2 += ( t3 ^ t4 ^ t1 ) + MD53[ i * 4 + 3 ];
        t2 = _rotl( t2 + pData[ ( i * 0xc + 0xe ) & 0xf ], 0x17 ) + t3;
    }

    for( i = 0; i < 0x4; i ++ ){
        t1 += ( ( ~t4 | t2 ) ^ t3 ) + MD54[ i * 4 ];
        t1 = _rotl( t1 + pData[ ( i * 0xc ) & 0xf ], 6 ) + t2;

        t4 += ( ( ~t3 | t1 ) ^ t2 ) + MD54[ i * 4 + 1 ];
        t4 = _rotl( t4 + pData[ ( i * 0xc + 0x7 ) & 0xf ], 0xa ) + t1;

        t3 += ( ( ~t2 | t4 ) ^ t1 ) + MD54[ i * 4 + 2 ];
        t3 = _rotl( t3 + pData[ ( i * 0xc + 0xe ) & 0xf ], 0xf ) + t4;

        t2 += ( ( ~t1 | t3 ) ^ t4 ) + MD54[ i * 4 + 3 ];
        t2 = _rotl( t2 + pData[ ( i * 0xc + 0x5 ) & 0xf ], 0x15 ) + t3;
    }

    pMD5[ 0 ] += t1;
    pMD5[ 1 ] += t2;
    pMD5[ 2 ] += t3;
    pMD5[ 3 ] += t4;

}

main( int argc, char *argv[] )
{
    int    nHandle, nSize, i, nFlag;
    BYTE    *pBuffer;
    DWORD    MD5[ 4 ], *pData;
    long    lSize;

    if( argc == 1 ){
        printf( "Usage: MDX <file>\n" );
        exit( -1 );
    }

    pBuffer = ( BYTE * )malloc( ( BUFFER + 0x50 ) * sizeof( BYTE ) );
    if( !pBuffer ){
        printf( "Mallocate memory error.\n" );
        exit( -1 );
    }

    nHandle = open( argv[ 1 ], O_RDONLY | O_BINARY );
    if( nHandle == -1l ){
        printf( "Can not opening file \"%s\".\n", argv[ 1 ] );
        exit( -1 );
    }

    lSize = filelength( nHandle );
    if( lSize == 0 | lSize == -1 ){
        printf( "File is empty or too large\n" );
        exit( -1 );
    }

    MDInit( MD5 );
    nFlag = 1;
    while( nFlag ){
        nSize = read( nHandle, pBuffer, BUFFER );
        if( nSize == -1 ){
            printf( "Can not read from file.\n" );
            exit( -1 );
        }
        if( nSize != BUFFER ){
            nFlag = 0;
            memset( &pBuffer[ nSize ], 0, 0x4f );
            pBuffer[ nSize++ ] = 0x80;
            i = 0x40 - ( nSize & 0x3f );
            nSize += ( i > 7 ) ? i : i + 0x40 ;
            *( (long *)&pBuffer[ nSize - 8 ] ) = ( lSize << 3 );
        }
        for( i = 0; i < nSize; i += 0x40 ){
            pData = ( DWORD * )( &pBuffer[ i ] );
            MD5Calc( pData, MD5 );
        }
    };

    close( nHandle );
    free( pBuffer );

    pBuffer = ( BYTE * ) MD5;
    printf( "\nMD5 = ", argv[ 1 ] );
    for( i = 0; i < 0x10; i ++ ) printf( "%02X ", *pBuffer ++ );
    printf( "\n" );
}

  • 标 题:答复
  • 作 者:Netguy
  • 时 间:2000-11-24 14:20:04

Disclaimer:  This is only for educational purpose. Use it at your own risk!

Take the following steps to simply prevent oicq2000 build 1115 from displaying advertisement pics:
1、rename "oicq.exe" to "old_oicq.exe"(It is packed with ASPack).
2、compile the following prog to "oicq.exe", put it in the same directory with old_oicq.exe.

Version:   oicq 2000 build 1115

#include <windows.h>
#include <stdio.h>

const  char   FileName[ ]    = "Old_OICQ.exe";
const  long   PATCH_SIZE     = 3;
void          *BaseAddr      = (void *)0x0042A9D2L;

const char             NewBytes[] = { 0xE9, 0x22, 0x01 };
const char             OldBytes[] = { 0x53, 0x68, 0x80 };
char                   TmpBytes[3];
     
void main(void)
{
    STARTUPINFO            StartInfo;
    PROCESS_INFORMATION    ProcessInfo;
    unsigned long          OldProtect;
    unsigned long          BytesWritten;
    unsigned long          BytesRead;
    int                    k, len;
    char                   Path[512];

    printf("AD remover for OICQ 2000 buid 1115.\n");
    printf("Coded by Netguy.\n");
    printf("Please wait while OICQ is loading...\n");

    __try
    {
        GetModuleFileName(NULL, Path, 512);
        len = lstrlen(Path);
        Path[len - 8] = '\0';
        SetCurrentDirectory(Path);

        ZeroMemory(& StartInfo, sizeof(StartInfo));
        StartInfo.cb = sizeof(StartInfo);
        if (CreateProcess(  FileName,
                            NULL,
                            NULL,
                            NULL,
                            FALSE,
                            NULL,
                            NULL,
                            NULL,
                            &StartInfo,  
                            &ProcessInfo
                        ) == 0)
        {
            __leave;
        }

        if (WaitForInputIdle(ProcessInfo.hProcess, INFINITE) != 0)
        {
            __leave;
        }



        if (VirtualProtectEx(ProcessInfo.hProcess, BaseAddr, PATCH_SIZE,
                PAGE_READWRITE, &OldProtect) == 0)
        {
            __leave;
        }

        if (ReadProcessMemory(ProcessInfo.hProcess,  BaseAddr,  TmpBytes,  PATCH_SIZE,
                &BytesRead) == 0)
        {
            __leave;
        }

        k = 0;
        while(OldBytes[k] == TmpBytes[k]) k++;
        if (k < PATCH_SIZE)  __leave;

        WriteProcessMemory(ProcessInfo.hProcess,  BaseAddr,  NewBytes,  PATCH_SIZE,
                &BytesWritten);
    }
    __finally
    {
        if (ProcessInfo.hProcess)
        {
            CloseHandle(ProcessInfo.hProcess);
            CloseHandle(ProcessInfo.hThread);
        }
    }
}