SHARE
TWEET

Untitled

a guest May 6th, 2013 87 Never
  1. [ENABLE]
  2. alloc(newmem,2048) //2kb should be enough
  3. label(returnhere)
  4. label(originalcode)
  5. label(exit)
  6.  
  7. newmem: //this is allocated memory, you have read,write,execute access
  8. //place your code here
  9. push eax
  10. push edi
  11. mov eax, ["DATA.exe"+00F49020]
  12. mov eax, [eax+18]
  13. mov eax, [eax+228]
  14. mov eax, [eax+270]
  15. mov eax, [eax+14]
  16. movq xmm0, [eax+a0]
  17. movq [edx], xmm0
  18. movq xmm0, [eax+a8]
  19. movq [edx+8], xmm0
  20. pop edi
  21. pop eax
  22.  
  23. originalcode:
  24.  
  25. exit:
  26. jmp returnhere
  27.  
  28. Aobscan(subs,8B 44 24 04 F3 0F 7E 80 D0 00 00 00 66 0F D6 02 F3 0F 7E 80 D8 00 00 00 66 0F D6 42 08 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
  29.  
  30. subs:
  31. mov eax,[esp+04]
  32. movq xmm0,[eax+000000D0]
  33. jmp newmem
  34. nop
  35. nop
  36. nop
  37. nop
  38. nop
  39. nop
  40. nop
  41. nop
  42. nop
  43. nop
  44. nop
  45. nop
  46. returnhere:
  47. [DISABLE]
  48. Aobscan(subs2, 8B 44 24 04 F3 0F 7E 80 D0 00 00 00 E9 ?? ?? ?? ?? 90 90 90 90 90 90 90 90 90 90 90 90 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
  49.  
  50. subs2:
  51. mov eax,[esp+04]
  52. movq xmm0,[eax+000000D0]
  53. movq [edx],xmm0
  54. movq xmm0,[eax+000000D8]
  55. movq [edx+08],xmm0
RAW Paste Data
Top