EasyAntiCheat HWID System Reverseing
dumped time :2020/6/5
game :apex legends
//reg
__int64 __fastcall EAC_HWID_GEN_REG(unsigned int a1)
{
unsigned int v1; // ecx
int v2; // ecx
int v3; // ecx
int v4; // ecx
unsigned int v6; // ecx
int v7; // ecx
int v8; // ecx
unsigned int v9; // ecx
int v10; // ecx
int v11; // ecx
int v12; // ecx
unsigned int v13; // ecx
int v14; // ecx
int v15; // ecx
if ( a1 <= 0xC )
{
if ( a1 == 12 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xCBE;// registrymachinehardwaredescriptionsystemcentralProcessorProcessorNameString
if ( a1 > 6 )
{
v6 = a1 - 8;
if ( !v6 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xBAC;// //SystemProductName
v7 = v6 - 1;
if ( !v7 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xBD0;// /RegistryMachineHardwareDeviceMapScsiScsi Port 0Scsi Bus 0Target Id 0 Logical Unit Id 0
v8 = v7 - 1;
if ( !v8 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xC8E;// //ldentifier
if ( v8 == 1 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xCA4;// //SerialNumber
}
else
{
if ( a1 == 6 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xB86;// //systemManufacturer
v1 = a1 - 1;
if ( !v1 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xA3A;// RegistryMachineSystemCurrentControlSetControlSystemInformation
v2 = v1 - 1;
if ( !v2 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xAC4;// /ComputerHardwareId
v3 = v2 - 1;
if ( !v3 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xAEA;// //RegistryMachineHardwareDescriptionSystemBIOS
v4 = v3 - 1;
if ( !v4 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xB50;// BIOSVendor
if ( v4 == 1 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xB66;// BIOSReleaseDate
}
return 0i64;
}
if ( a1 <= 0x12 )
{
if ( a1 == 18 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xEDE;// ProductId
v9 = a1 - 13;
if ( !v9 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xD40;// ProcessorNameString
v10 = v9 - 1;
if ( !v10 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xD68;// RegistryMachineSystemCurrentControlSetControlClass{4d36e968-e325-11ce-bfc1-08002be10318}000
v11 = v10 - 1;
if ( v11 )
{
v12 = v11 - 1;
if ( !v12 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xE48;// RegistryMachineSoftwareMicrosoftWindows NT CurrentVersion
if ( v12 == 1 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xEC6;// InstallDate
return 0i64;
}
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xE32;// DriverDesc
}
v13 = a1 - 19;
if ( !v13 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xEF2;// RegistryMachineSoftwareMicrosoftWindowsCurrentVersionWindowsUpdate
v14 = v13 - 1;
if ( !v14 )
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xF86;// SusClientId
v15 = v14 - 1;
if ( v15 )
{
if ( v15 != 1 )
return 0i64;
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xE32;
}
return EAC_MEMORY_UNICODE_STRING_TABLE + 0xF9E;// RegistryMachineSystemCurrentControlSetControlClass{4d36e972-e325-11ce-bfc1-08002be10318}001
}//disk
NTSTATUS __fastcall HWID_EAC_CALL_DRIVER(unsigned int function_enc_index, __int64 DeviceObject, __int64 a3, unsigned int a4, __int64 OutputBuffer, int a6)
{
unsigned int InputBufferLength_1; // edi
__int64 InputBuffer; // rsi
struct _DEVICE_OBJECT *DeviceObject_1; // rbx
__int64 IoControlCode; // rbp
unsigned __int8 v10; // al
__int64 (__fastcall *IoBuildDeviceIoControlRequest)(_QWORD, struct _DEVICE_OBJECT *, __int64, _QWORD, __int64, int, char, struct _KEVENT *, NTSTATUS *); // rax
char InternalDeviceIoControl; // ST30_1
int OutputBufferLength; // ST28_4
struct _IRP *irp; // rax
NTSTATUS result; // eax
NTSTATUS IoStatusBlock; // [rsp+50h] [rbp-38h]
struct _KEVENT Event; // [rsp+60h] [rbp-28h]
InputBufferLength_1 = a4;
InputBuffer = a3;
DeviceObject_1 = (struct _DEVICE_OBJECT *)DeviceObject;
IoControlCode = function_enc_index;
if ( KeGetCurrentIrql() || (unsigned __int8)KeAreAllApcsDisabled() )
return 0xC0000148;
KeInitializeEvent(&Event, 0, 0);
Eac_import2(v10, (__int64)enc_Table, *(__int64 *)enc_Table, IoControlCode, 0);// //IOCTL_STORAGE_QUERY_PROPERTY SMART_RCV_DRIVE_DATA
if ( IoBuildDeviceIoControlRequest )
{
InternalDeviceIoControl = 0;
OutputBufferLength = a6;
irp = (struct _IRP *)IoBuildDeviceIoControlRequest(
(unsigned int)IoControlCode,
DeviceObject_1,
InputBuffer,
InputBufferLength_1,
OutputBuffer,
OutputBufferLength,
InternalDeviceIoControl,
&Event,
&IoStatusBlock);
}
else
{
irp = 0i64;
}
if ( !irp )
return 0xC0000017;
result = IofCallDriver(DeviceObject_1, irp);
if ( result == 0x103 )
{
sub_FFFFF80014EBE980((__int64)&Event, 0i64, 0i64, 0i64, 3u, IoControlCode, 0i64);
result = IoStatusBlock;
}
return result;
}//mac address
char __usercall GetFirstNetworkDeviceMacAddress@(__int64 a1@, unsigned int *a2@, __int64 a3@)
{
unsigned int *v3; // rsi
__int64 v4; // rdi
char notFound; // bl
__int64 v6; // r12
unsigned int (__fastcall *IoGetDeviceInterfaces)(__int64, _QWORD, _QWORD, __int64 *); // rax
signed int v8; // eax
_WORD *v9; // rbp
signed __int64 v10; // rcx
_WORD *v11; // rdi
bool v12; // zf
signed __int64 v13; // rcx
_WORD *v14; // rdi
__int64 i; // rbp
_WORD *v16; // r12
signed __int64 v17; // rcx
_WORD *v18; // rdi
signed __int64 v19; // rcx
_WORD *v20; // rdi
__int64 v21; // rbp
_WORD *v22; // rdx
char notFound_1; // dl
signed __int64 v24; // rcx
_WORD *v25; // rdi
char v27; // [rsp+20h] [rbp-38h]
__int64 v28; // [rsp+70h] [rbp+18h]
v3 = a2;
v4 = a1;
notFound = 1;
v6 = 0i64;
if ( !sub_FFFFF80014EE0114 || KeGetCurrentIrql() )
return 0;
IoGetDeviceInterfaces = (unsigned int (__fastcall *)(__int64, _QWORD, _QWORD, __int64 *))Eac_import2(
qword_FFFFF80014F045F8,
&qword_FFFFF80014F045F8,
0i64);
v8 = IoGetDeviceInterfaces ? IoGetDeviceInterfaces(v4, 0i64, 0i64, &v28) : 0xC0000002;
if ( v8 < 0 )
return 0;
do
{
v9 = (_WORD *)(v28 + 2 * v6);
if ( !*v9 )
break;
v10 = -1i64;
v11 = (_WORD *)(v28 + 2 * v6);
do
{
if ( !v10 )
break;
v12 = *v11 == 0;
++v11;
--v10;
}
while ( !v12 );
if ( (_WORD *)strstrIgnoreCaseW(v28 + 2 * v6, EAC_MEMORY_UNICODE_STRING_TABLE + 0x3B4, ~v10 - 1) != v9 )// //PCI
goto LABEL_16;
InitializeUnicodeStringWithCStr(&v27, v9);
if ( !v3 )
goto LABEL_15;
if ( vmprotect_GetAdapterMacAddress(*v3, (__int64)&v27, *((_QWORD *)v3 + 1)) == 1 )
{
*((_BYTE *)v3 + 16) = 1;
LABEL_15:
notFound = 0;
goto LABEL_16;
}
notFound = 1;
LABEL_16:
v13 = -1i64;
v14 = (_WORD *)(v28 + 2 * v6);
do
{
if ( !v13 )
break;
v12 = *v14 == 0;
++v14;
--v13;
}
while ( !v12 );
v6 += ~v13;
}
while ( notFound );
for ( i = 0i64; notFound; i += ~v19 )
{
v16 = (_WORD *)(v28 + 2 * i);
if ( !*v16 )
break;
v17 = -1i64;
v18 = (_WORD *)(v28 + 2 * i);
do
{
if ( !v17 )
break;
v12 = *v18 == 0;
++v18;
--v17;
}
while ( !v12 );
if ( (_WORD *)strstrIgnoreCaseW(v28 + 2 * i, EAC_MEMORY_UNICODE_STRING_TABLE + 0x3C4, ~v17 - 1) == v16 )// //USB
{
InitializeUnicodeStringWithCStr(&v27, v16);
if ( v3 )
{
if ( vmprotect_GetAdapterMacAddress(*v3, (__int64)&v27, *((_QWORD *)v3 + 1)) != 1 )
{
notFound = 1;
goto LABEL_31;
}
*((_BYTE *)v3 + 16) = 1;
}
notFound = 0;
}
LABEL_31:
v19 = -1i64;
v20 = (_WORD *)(v28 + 2 * i);
do
{
if ( !v19 )
break;
v12 = *v20 == 0;
++v20;
--v19;
}
while ( !v12 );
}
v21 = 0i64;
if ( notFound )
{
while ( 1 )
{
v22 = (_WORD *)(v28 + 2 * v21);
if ( !*v22 )
goto LABEL_46;
InitializeUnicodeStringWithCStr(&v27, v22);
if ( !v3 )
goto LABEL_41;
if ( vmprotect_GetAdapterMacAddress(*v3, (__int64)&v27, *((_QWORD *)v3 + 1)) == 1 )
break;
notFound_1 = 1;
LABEL_42:
v24 = -1i64;
v25 = (_WORD *)(v28 + 2 * v21);
do
{
if ( !v24 )
break;
v12 = *v25 == 0;
++v25;
--v24;
}
while ( !v12 );
v21 += ~v24;
if ( !notFound_1 )
goto LABEL_46;
}
*((_BYTE *)v3 + 16) = 1;
LABEL_41:
notFound_1 = 0;
goto LABEL_42;
}
LABEL_46:
MEMORY[0](v28, 0i64);
return 1;
} //wmi query
//IoWMIQueryAllData
//SMBIOS_DATA_GUID
//MS_SYSTEM_INFORMATIONGUID
//UNKNOW_GUID
char __fastcall EAC_WMI_QUERY(const __m128i *a1, __int64 *a2)
{
char v2; // bl
__int64 *v3; // rsi
const __m128i *v4; // rbp
signed int (__fastcall *v6)(__int128 *, signed __int64, __int64 *); // rdi
signed __int64 v7; // rax
__int128 v8; // [rsp+20h] [rbp-28h]
__int64 v9; // [rsp+58h] [rbp+10h]
__int64 v10; // [rsp+60h] [rbp+18h]
v2 = 0;
v3 = a2;
v4 = a1;
if ( !a2 )
return 0;
v6 = (signed int (__fastcall *)(__int128 *, signed __int64, __int64 *))IoWMIOpenBlock;
if ( !IoWMIOpenBlock )
{
v6 = (signed int (__fastcall *)(__int128 *, signed __int64, __int64 *))eAc_import();
IoWMIOpenBlock = (__int64)v6;
if ( !v6 )
return 0;
}
if ( !IoWMIQueryAllData )
{
IoWMIQueryAllData = (__int64 (__fastcall *)(_QWORD, _QWORD, _QWORD))eAc_import();
if ( !IoWMIQueryAllData )
return 0;
}
_mm_storeu_si128((__m128i *)&v8, _mm_loadu_si128(v4));
if ( v6(&v8, 1i64, &v10) >= 0 )
{
LODWORD(v9) = 0;
if ( (unsigned int)IoWMIQueryAllData(v10, &v9, 0i64) == 0xC0000023 )
{
v7 = sub_40E94();
*v3 = v7;
if ( v7 )
{
if ( (signed int)IoWMIQueryAllData(v10, &v9, v7) < 0 )
free(*v3);
else
v2 = 1;
}
}
MEMORY[0](v10);
}
return v2;
}
//以及
SystemRoot//System32//restore//MachineGuid.txt
