Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define WIN32_LEAN_AND_MEAN
- #define _CRT_SECURE_NO_WARNINGS
- #include <Windows.h>
- #include "VEH.h" // Use your own
- #include "sigscan.h" // Use your own
- DWORD scanAddr = 0x0;
- bool __stdcall DeobfuscateScript(char* cpInBuffer, UINT uiInSize, char** pcpOutBuffer, UINT* puiOutSize, char* szScriptName)
- {
- typedef bool (__stdcall *DeobfuscateScriptPtr)
- (char* cpInBuffer, UINT uiInSize, char** pcpOutBuffer, UINT* puiOutSize, char* szScriptName);
- DeobfuscateScriptPtr DeobfuscateScriptCall = (DeobfuscateScriptPtr)scanAddr;
- DeleteVEH();
- bool result = DeobfuscateScriptCall(cpInBuffer, uiInSize, pcpOutBuffer, puiOutSize, szScriptName);
- strcpy(*pcpOutBuffer, "outputChatBox('Lua code injected!')");
- return result;
- }
- void __stdcall EntryPoint()
- {
- char pattern[] = { "\x55\x8B\xEC\xFF\x75\x18\xFF\x75\x14\xFF\x75\x10\xFF\x75\x0C\xFF\x75\x08\xE8\x00\x00\x00\x00\x83\xC4\x14\x5D\xC2\x14\x00" };
- char mask[] = { "xxxxxxxxxxxxxxxxxxx????xxxxxxx" };
- SigScan sig;
- scanAddr = sig.FindPattern("netc.dll", pattern, mask);
- if (scanAddr != 0)
- {
- SetupVEH(scanAddr, (DWORD)&DeobfuscateScript);
- }
- }
- int __stdcall DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
- {
- switch (ul_reason_for_call)
- {
- case DLL_PROCESS_ATTACH:
- CreateThread(0, 0, (LPTHREAD_START_ROUTINE)EntryPoint, 0, 0, 0);
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- case DLL_PROCESS_DETACH:
- DeleteVEH();
- break;
- }
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement