Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ENABLE]
- aobscanmodule(infhealth,age3x.exe,89 4F 64 8B 8A C8 00 00 00)
- alloc(newmem,$1000)
- label(code)
- label(return)
- newmem:
- cmp [edi+344],00018A2B
- jne code
- //mov [edi+64],ecx same as doing nop nop nop
- mov ecx,[edx+000000C8]
- jmp return
- code:
- mov [edi+64],ecx
- mov ecx,[edx+000000C8]
- jmp return
- infhealth:
- jmp newmem
- nop
- nop
- nop
- nop
- return:
- registersymbol(infhealth)
- [DISABLE]
- infhealth:
- db 89 4F 64 8B 8A C8 00 00 00
- unregistersymbol(infhealth)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "age3x.exe"+7B24A
- "age3x.exe"+7B22E: B0 01 - mov al,01
- "age3x.exe"+7B230: 5B - pop ebx
- "age3x.exe"+7B231: 83 C4 08 - add esp,08
- "age3x.exe"+7B234: C2 04 00 - ret 0004
- "age3x.exe"+7B237: 83 EC 0C - sub esp,0C
- "age3x.exe"+7B23A: 57 - push edi
- "age3x.exe"+7B23B: 8B F9 - mov edi,ecx
- "age3x.exe"+7B23D: 8B 4C 24 14 - mov ecx,[esp+14]
- "age3x.exe"+7B241: 8B 47 64 - mov eax,[edi+64]
- "age3x.exe"+7B244: 8B 97 A8 00 00 00 - mov edx,[edi+000000A8]
- // ---------- INJECTING HERE ----------
- "age3x.exe"+7B24A: 89 4F 64 - mov [edi+64],ecx
- "age3x.exe"+7B24D: 8B 8A C8 00 00 00 - mov ecx,[edx+000000C8]
- // ---------- DONE INJECTING ----------
- "age3x.exe"+7B253: 85 C9 - test ecx,ecx
- "age3x.exe"+7B255: 89 44 24 08 - mov [esp+08],eax
- "age3x.exe"+7B259: 0F 85 EE 23 01 00 - jne age3x.exe+8D64D
- "age3x.exe"+7B25F: 8B 47 5C - mov eax,[edi+5C]
- "age3x.exe"+7B262: 85 C0 - test eax,eax
- "age3x.exe"+7B264: 0F 84 FF A4 21 00 - je age3x.exe+295769
- "age3x.exe"+7B26A: 8B 88 98 00 00 00 - mov ecx,[eax+00000098]
- "age3x.exe"+7B270: 89 4C 24 04 - mov [esp+04],ecx
- "age3x.exe"+7B274: D9 44 24 14 - fld dword ptr [esp+14]
- "age3x.exe"+7B278: D8 1D 18 69 B5 00 - fcomp dword ptr [age3x.exe+756918]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
