#define WIN32_LEAN_AND_MEAN#define _CRT_SECURE_NO_WARNINGS#include <Windows.

1. #define WIN32_LEAN_AND_MEAN
2. #define _CRT_SECURE_NO_WARNINGS
3. #include <Windows.h>
4. #include "VEH.h" // Use your own
5. #include "sigscan.h" // Use your own
6. DWORD scanAddr = 0x0;
7. bool __stdcall DeobfuscateScript(char* cpInBuffer, UINT uiInSize, char** pcpOutBuffer, UINT* puiOutSize, char* szScriptName)
8. {
9. typedef bool (__stdcall *DeobfuscateScriptPtr)
10. (char* cpInBuffer, UINT uiInSize, char** pcpOutBuffer, UINT* puiOutSize, char* szScriptName);
11. DeobfuscateScriptPtr DeobfuscateScriptCall = (DeobfuscateScriptPtr)scanAddr;
12. DeleteVEH();
13. bool result = DeobfuscateScriptCall(cpInBuffer, uiInSize, pcpOutBuffer, puiOutSize, szScriptName);
14. strcpy(*pcpOutBuffer, "outputChatBox('Lua code injected!')");
15. return result;
16. }
17. void __stdcall EntryPoint()
18. {
19. char pattern[] = { "\x55\x8B\xEC\xFF\x75\x18\xFF\x75\x14\xFF\x75\x10\xFF\x75\x0C\xFF\x75\x08\xE8\x00\x00\x00\x00\x83\xC4\x14\x5D\xC2\x14\x00" };
20. char mask[] = { "xxxxxxxxxxxxxxxxxxx????xxxxxxx" };
21. SigScan sig;
22. scanAddr = sig.FindPattern("netc.dll", pattern, mask);
23. if (scanAddr != 0)
24. {
25. SetupVEH(scanAddr, (DWORD)&DeobfuscateScript);
26. }
27. }
28. int __stdcall DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
29. {
30. switch (ul_reason_for_call)
31. {
32. case DLL_PROCESS_ATTACH:
33. CreateThread(0, 0, (LPTHREAD_START_ROUTINE)EntryPoint, 0, 0, 0);
34. break;
35. case DLL_THREAD_ATTACH:
36. break;
37. case DLL_THREAD_DETACH:
38. break;
39. case DLL_PROCESS_DETACH:
40. DeleteVEH();
41. break;
42. }
43. return 1;
44. }