Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Enable]
- Alloc(Hook, 256)
- Label(Return)
- Label(Rune)
- RegisterSymbol(Rune)
- Hook:
- push rax
- push rbx
- mov rax,[rcx+08] // packet
- mov ebx,[rcx+1C] // decoded
- add rax,ebx
- mov ebx,[rax+8]
- mov byte ptr [Rune],bl // 1
- mov ebx,[rax+C]
- mov byte ptr [Rune+1],bl // 2
- mov ebx,[rax+10]
- mov byte ptr [Rune+2],bl // 3
- mov ebx,[rax+14]
- mov byte ptr [Rune+3],bl // 4
- pop rbx
- pop rax
- mov [rsp+08],rbx
- mov [rsp+10],rsi
- push rdi
- sub rsp,20
- jmp Return
- Rune:
- db 0
- db 0
- db 0
- db 0
- 143555160:
- jmp Hook
- nop
- Return:
- [Disable]
- 143555160:
- mov [rsp+08],rbx
- mov [rsp+10],rsi
- push rdi
- sub rsp,20
- UnRegisterSymbol(Rune)
- DeAlloc(Hook)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
