Advertisement
Guest User

Untitled

a guest
May 6th, 2013
146
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.09 KB | None | 0 0
  1. [ENABLE]
  2. alloc(newmem,2048) //2kb should be enough
  3. label(returnhere)
  4. label(originalcode)
  5. label(exit)
  6.  
  7. newmem: //this is allocated memory, you have read,write,execute access
  8. //place your code here
  9. push eax
  10. push edi
  11. mov eax, ["DATA.exe"+00F49020]
  12. mov eax, [eax+18]
  13. mov eax, [eax+228]
  14. mov eax, [eax+270]
  15. mov eax, [eax+14]
  16. movq xmm0, [eax+a0]
  17. movq [edx], xmm0
  18. movq xmm0, [eax+a8]
  19. movq [edx+8], xmm0
  20. pop edi
  21. pop eax
  22.  
  23. originalcode:
  24.  
  25. exit:
  26. jmp returnhere
  27.  
  28. Aobscan(subs,8B 44 24 04 F3 0F 7E 80 D0 00 00 00 66 0F D6 02 F3 0F 7E 80 D8 00 00 00 66 0F D6 42 08 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
  29.  
  30. subs:
  31. mov eax,[esp+04]
  32. movq xmm0,[eax+000000D0]
  33. jmp newmem
  34. nop
  35. nop
  36. nop
  37. nop
  38. nop
  39. nop
  40. nop
  41. nop
  42. nop
  43. nop
  44. nop
  45. nop
  46. returnhere:
  47. [DISABLE]
  48. Aobscan(subs2, 8B 44 24 04 F3 0F 7E 80 D0 00 00 00 E9 ?? ?? ?? ?? 90 90 90 90 90 90 90 90 90 90 90 90 F3 0F 7E 80 E0 00 00 00 66 0F D6 01 F3 0F 7E 80 E8 00 00 00 66 0F D6 41 08 C2 04 00)
  49.  
  50. subs2:
  51. mov eax,[esp+04]
  52. movq xmm0,[eax+000000D0]
  53. movq [edx],xmm0
  54. movq xmm0,[eax+000000D8]
  55. movq [edx+08],xmm0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement