Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var tmp
- var valloc
- gpa "VirtualAlloc","kernel32.dll"
- find $RESULT,#c2??00#
- mov valloc, $RESULT
- bp valloc
- esto
- esto
- esto
- esto
- sti
- bc valloc
- find eip,#c20c006800000000c3#
- find $RESULT,#c3#
- mov tmp, $RESULT
- bp tmp
- esto
- sti
- bc tmp
- find eip,#b8????????e8#
- mov tmp, $RESULT
- add tmp, 0a
- bp tmp
- esto
- bc tmp
- sti
- find eip,#7???ff5328#
- mov tmp, $RESULT
- add tmp, 0b
- bp tmp
- esto
- bc tmp
- sti
- find eip,#c9c2??00#
- mov tmp, $RESULT
- inc tmp
- bp tmp
- esto
- sti
- bc tmp
- find eip,#64ff30648920#
- mov tmp, $RESULT
- add tmp, 7
- mov tmp, [tmp]
- bphws tmp,"x"
- esto
- bphwc tmp
- findop eip,#c3#
- mov tmp,$RESULT
- bphws tmp,"x"
- esto
- bphwc tmp
- sti
- find eip,#c3c3#
- mov tmp, $RESULT
- bphws tmp,"x"
- esto
- sti
- bphwc tmp
- sti
- find eip,#e8????????e8????????????e8????????e8????????#
- mov tmp, $RESULT
- add tmp, 11
- bphws tmp, "x"
- esto
- bphwc tmp
- sti
- rtr
- sti
- find eip,#81??010000000f#
- mov tmp, $RESULT
- add tmp, 0c
- bphws tmp, "x"
- esto
- bphwc tmp
- find eip,#5cffe0#
- mov tmp, $RESULT
- inc tmp
- bphws tmp, "x"
- esto
- bphwc tmp
- sti
- cmt eip,"OEP here! Dump & fix imports!"
- ret
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
