Pastebin is 300% more awesome when you are logged in. Sign Up, it's FREE!
Guest

Untitled

By: a guest on May 6th, 2013  |  syntax: None  |  size: 1.09 KB  |  hits: 71  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. [ENABLE]
  2. alloc(newmem,2048) //2kb should be enough
  3. label(returnhere)
  4. label(originalcode)
  5. label(exit)
  6.  
  7. newmem: //this is allocated memory, you have read,write,execute access
  8. //place your code here
  9. push eax
  10. push edi
  11. mov eax, ["DATA.exe"+00F49020]
  12. mov eax, [eax+18]
  13. mov eax, [eax+228]
  14. mov eax, [eax+270]
  15. mov eax, [eax+14]
  16. movq xmm0, [eax+a0]
  17. movq [edx], xmm0
  18. movq xmm0, [eax+a8]
  19. movq [edx+8], xmm0
  20. pop edi
  21. pop eax
  22.  
  23. originalcode:
  24.  
  25. exit:
  26. jmp returnhere
  27.  
  28. Aobscan(subs,8B 44 24 04 F3 0F 7E 80 D0 00 00 00 66 0F D6 02 F3 0F 7E 80 D8 00 00 00 66 0F D6 42 08 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
  29.  
  30. subs:
  31. mov eax,[esp+04]
  32. movq xmm0,[eax+000000D0]
  33. jmp newmem
  34. nop
  35. nop
  36. nop
  37. nop
  38. nop
  39. nop
  40. nop
  41. nop
  42. nop
  43. nop
  44. nop
  45. nop
  46. returnhere:
  47. [DISABLE]
  48. Aobscan(subs2, 8B 44 24 04 F3 0F 7E 80 D0 00 00 00 E9 ?? ?? ?? ?? 90 90 90 90 90 90 90 90 90 90 90 90 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
  49.  
  50. subs2:
  51. mov eax,[esp+04]
  52. movq xmm0,[eax+000000D0]
  53. movq [edx],xmm0
  54. movq xmm0,[eax+000000D8]
  55. movq [edx+08],xmm0