Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // https://pastebin.com/1Rh6yd21 からv399.1用に更新 ><
- [Enable]
- Alloc(IAT_Hook_GetLastError, 256)
- Label(Return)
- Label(IAT)
- Label(ModifyGMFlag)
- IAT_Hook_GetLastError:
- // Return Address Filter
- cmp [esp],03227CB6
- jne Return
- cmp [esp+C],03210B27
- jne Return
- cmp [esp+10],030189C2
- jne Return
- mov [esp+10],ModifyGMFlag
- Return:
- jmp dword ptr [IAT]
- ModifyGMFlag:
- mov ecx,[edi+00002230]
- mov edx,00009A65
- mov [ecx+01],al
- mov ecx,[edi+00002230]
- mov al,[ecx+01]
- mov [ecx+04],dx
- test al,al
- movzx ebx,al
- mov edx,0000002A
- cmove ebx,edx
- mov al,bl
- mov byte ptr [ebp+0C],01
- xor al,[ebp+0C]
- mov [ecx],al
- jmp 030189F1
- IAT:
- dd KERNEL32.GetLastError
- 037FE0FC:
- dd IAT_Hook_GetLastError
- [Disable]
- 037FE0FC:
- dd KERNEL32.GetLastError
- DeAlloc(IAT_Hook_GetLastError)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
