Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- void _declspec(naked) AddrCheck(){
- _asm{
- pushfd
- mov edi,[esp+0x04]
- cmp edi,[Memory_Start]
- jb EndingAC
- cmp edi,[Memory_End]
- ja EndingAC
- sub edi,[Memory_Start]
- add edi,[Memory]
- EndingAC:
- popfd
- ret 0x0004
- }
- }
- DWORD mov_eax_peax_ret = 0x00974166;
- void _declspec(naked) mov_eax_peax(){
- _asm{
- push edi
- push eax
- call AddrCheck
- mov eax,[edi]
- pop edi
- mov word ptr [esp],0xA95C//org
- jmp dword ptr [mov_eax_peax_ret]
- }
- }
- DWORD mov_al_pedx_ret = 0x0052ECB9;
- void _declspec(naked) mov_al_pedx(){
- _asm{
- push edi
- push edx
- call AddrCheck
- mov al,[edi]
- pop edi
- push [esp]//org
- jmp dword ptr [mov_al_pedx_ret]
- }
- }
- DWORD xor_al_pedx_ret = 0x0096FE0A;
- void _declspec(naked) xor_al_pedx(){
- _asm{
- push edi
- push edx
- call AddrCheck
- xor al,[edi]
- pop edi
- jmp dword ptr [xor_al_pedx_ret]
- }
- }
- DWORD mov_ax_peax_ret1 = 0x005FE357;
- void _declspec(naked) mov_ax_peax1(){
- _asm{
- push edi
- push eax
- call AddrCheck
- mov ax,[edi]
- pop edi
- pushad//org
- jmp dword ptr [mov_ax_peax_ret1]
- }
- }
- DWORD mov_ax_peax_ret2 = 0x005FDF84;
- void _declspec(naked) mov_ax_peax2(){
- _asm{
- push edi
- push eax
- call AddrCheck
- mov ax,[edi]
- pop edi
- pushad//org
- mov word ptr [esp+0x1C],0x69D0
- jmp dword ptr [mov_ax_peax_ret2]
- }
- }
- void VMCRC(){
- AM.WriteHook(0x0097415E, JMP, mov_eax_peax);
- AM.WriteHook(0x0052ECB4, JMP, mov_al_pedx);
- AM.WriteHook(0x0096DC0D, JMP, xor_al_pedx);
- AM.WriteHook(0x0096FEE5, JMP, mov_ax_peax1);
- AM.WriteHook(0x005FDF79, JMP, mov_ax_peax2);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
