Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <$mirc_34.195447>
- JMP $$2266D7 ; Bottone Timer, jmp al pushad
- NOP
- <$mirc_34.2266D7>
- NOP; Y HALO THAR CAVA DESU~
- pushad
- ;jmp @Fine
- CALL GetProcessHeap
- test eax, eax ; test if eax=0
- jz @No
- mov ecx, eax
- push ecx ; stakko che cambia a caso
- PUSH 0xff
- PUSH 0x08
- PUSH ecx
- CALL RtlAllocateHeap
- test eax, eax ; test if eax=0
- jz @No
- mov ebx, eax
- push 0x00
- push 0xFF
- push ebx
- call RtlFillMemory
- push 0x40
- push 0xFe
- push ebx
- call RtlFillMemory
- push 0x41
- push 0x50
- push ebx
- call RtlFillMemory
- mov edx, ebx
- add edx, 0x10
- push edx ; stakko che cambia a caso
- push 0x42
- push 0x40
- push edx
- call RtlFillMemory
- pop edx ; recupero
- push 0x3
- push @TestYes
- push edx
- call ntdll.RtlMoveMemory
- jmp @Test
- @Yes:
- PUSH 0
- PUSH @Test1
- PUSH @TestYes
- PUSH 0
- CALL MessageBoxA
- jmp @Fine
- @No:
- PUSH 0
- PUSH @Test1
- PUSH @TestNo
- PUSH 0
- CALL MessageBoxA
- jmp @Fine
- @Test:
- PUSH 0
- PUSH @Test1
- PUSH ebx
- PUSH 0
- CALL MessageBoxA
- jmp @Fine2
- @Fine2:
- pop ecx ; recupero
- push ebx
- push 0
- push ecx
- call RtlFreeHeap
- test eax, eax ; test if eax=0
- jnz @Fine ; If the function succeeds, the return value is nonzero.
- jmp @No
- @Fine:
- mov eax, 0
- mov ebx, 0
- mov ecx, 0
- popad
- MOV EDX,DWORD PTR DS:[$$430E58] ; Bottone Timer, jmp al pushad
- jmp $$19544c
- @Dest:
- "0123456789\0"
- @Test1:
- "Test 1\0"
- @TestYes:
- "Yes\0"
- @TestNo:
- "No\0"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
