Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ENABLE]
- alloc(newmem,2048) //2kb should be enough
- label(returnhere)
- label(originalcode)
- label(exit)
- newmem: //this is allocated memory, you have read,write,execute access
- //place your code here
- push eax
- push edi
- mov eax, ["DATA.exe"+00F49020]
- mov eax, [eax+18]
- mov eax, [eax+228]
- mov eax, [eax+270]
- mov eax, [eax+14]
- movq xmm0, [eax+a0]
- movq [edx], xmm0
- movq xmm0, [eax+a8]
- movq [edx+8], xmm0
- pop edi
- pop eax
- originalcode:
- exit:
- jmp returnhere
- Aobscan(subs,8B 44 24 04 F3 0F 7E 80 D0 00 00 00 66 0F D6 02 F3 0F 7E 80 D8 00 00 00 66 0F D6 42 08 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
- subs:
- mov eax,[esp+04]
- movq xmm0,[eax+000000D0]
- jmp newmem
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- returnhere:
- [DISABLE]
- Aobscan(subs2, 8B 44 24 04 F3 0F 7E 80 D0 00 00 00 E9 ?? ?? ?? ?? 90 90 90 90 90 90 90 90 90 90 90 90 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
- subs2:
- mov eax,[esp+04]
- movq xmm0,[eax+000000D0]
- movq [edx],xmm0
- movq xmm0,[eax+000000D8]
- movq [edx+08],xmm0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement