C8 program bundling Method
"Trojan ads for isolated fantasy games" describes the basic situation of C8 programs. Friends who do not know why C8 can refer to this article. At that time, I wrote a patch pack to continue playing the fantasy game while using Kingsoft drug overlord. This patch pack not only helped the C8 program to guard against the detection and removal of the drug overlord, but also restricted its access to the network.
These two days, I wanted to translate the game "fairy mother-in-law and fairy tale kingdom" to play with my family. So I carefully looked at the game program bound with C8 and found that the method of binding the C8 program was very simple. The main program name of the original game is game.exe. The bundling methods of several fantasy games I downloaded are as follows:
- Change the name of game.exe after shelling to c8.dll
- Name the main program of the c8program game.exe
- When the user runs the program named game.exe (actually the C8 Program), the C8 program obtains the execution right.
- While executing the monitoring function, the C8 program loads and runs c8.dll to run the original game.
After running the game, we can see two processes in the Process Manager: The game program name (such as tilequest.exe) and c8.dll. Among them, the process with "game program name" is actually a C8 program, and c8.dll is the real game process. At this time, we only need to end the process with the "game program name", we can concentrate on playing our game.
Remove the C8 program bound to fantasy games
In this way, you can get a clean game program. I have tested several programs I have downloaded, so that they can run normally.
After you rename c8.dll, the difference between the game program and the original game program is that the game program is shelled. The so-called shelling is to use the shell program to package the original program and compress and encrypt it as the data of the shell program. During running, the shell program first executes the opposite operation to obtain the original code, and then executes the original code.
We can shell the c8.dll to get the original game program. For example, the c8.dll of fairy mother-in-law and fairy tale kingdom is shelled with aspack2.12, and can be directly shelled with the aspackdie tool to get the game program. Delete all the files related to c8in the game, and restore the name of the game program to fgt_o.exe to get a clean game.
Automatically close the C8 Program
At first, I did not notice that c8.dll can be run directly by renaming it. To automatically close the C8 program, I specifically wrote a small program called kill_c8. Kill_c8 can be used to start the C8 program of a fake game program. kill_c8 immediately ends the C8 program process after the C8 program is run to unpack the real game program. I use kill_c8 like this:
- Copy kill_c8.exe to the game directory, for example, "C:/program files/fantasy game series/Wonderland Quest"
- Check whether the game program name is correct. For example, tilequest.exe
- Change kill_c8.exeto kill_tilequest.exe, that is, use "Kill _ game program name" as the name of the kill_c8 program.
- This step is very important. I use this method to tell which process the kill_c8 program starts.
- Create a desktop shortcut for the kill_c8program (for example, kill_tilequest.exe)
- Change the name of the desktop shortcut to the game name (for example, "Wonderland Quest ")
- Change the icon of the desktop shortcut to the original game icon (right-click the icon and choose "properties"> "modify" icon, for example, "tilequest.exe)
If you have similar requirements, you can download kill_c8 and use it as follows:
Download kill_c8 execution Program
Programmers can download the source code of this program.
Download the source code of kill_c8
If you change the name of c8.dll to run it, then the C8 patch package introduced in kill_c8 and "Trojan ads for isolated fantasy games" is useless. However, the kill_c8 program may have some reference values for friends who are learning programming. This 100-line program demonstrates how to create, enumerate, and terminate processes.
Postscript
Fantasy improved the bundling method, and I wrote an unbinding machine. Friends who are not familiar with computer operations can use the unbind machine to unbind files from the game. Friends who are familiar with computer operations can create their own unbind files and publish unbind files to share with other friends. For details, refer to "C8 unbind server instructions"