API tools faq
paste
Advertisement
Riremito

Untitled

Riremito
Apr 17th, 2021
1,877
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 0.72 KB | None | 0 0
raw download clone embed print report
  1. [Enable]
  2. Alloc(IAT_Hook_GetLastError, 256)
  3. Label(Return)
  4. Label(IAT)
  5. Label(ModifyGMFlag)
  6.  
  7. IAT_Hook_GetLastError:
  8. // Return Address Filter
  9. cmp [esp],03182616
  10. jne Return
  11. cmp [esp+C],0316B355
  12. jne Return
  13. cmp [esp+10],02F76072
  14. jne Return
  15. mov [esp+10],ModifyGMFlag
  16. Return:
  17. jmp dword ptr [IAT]
  18.  
  19. ModifyGMFlag:
  20. mov ecx,[edi+00002230]
  21. mov edx,00009A65
  22. mov [ecx+01],al
  23. mov ecx,[edi+00002230]
  24. mov al,[ecx+01]
  25. mov [ecx+04],dx
  26. test al,al
  27. movzx ebx,al
  28. mov edx,0000002A
  29. cmove ebx,edx
  30. mov al,bl
  31. mov byte ptr [ebp+0C],01
  32. xor al,[ebp+0C]
  33. mov [ecx],al
  34. jmp 02F760A1
  35.  
  36. IAT:
  37. dd KERNEL32.GetLastError
  38.  
  39.  
  40. 037430FC:
  41. dd IAT_Hook_GetLastError
  42.  
  43. [Disable]
  44. 037430FC:
  45. dd KERNEL32.GetLastError
  46.  
  47. DeAlloc(IAT_Hook_GetLastError)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!