Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [enable]
- alloc(mscrc,100)
- alloc(hscrc,100)
- alloc(copy,1024)
- alloc(dump,10482664)
- createthread(copy)
- label(exitmscrc)
- label(mscrcret)
- label(hscrcret)
- label(llop)
- label(getoutahere)
- mscrc:
- cmp ecx,00401000
- jl exitmscrc
- cmp ecx,00E00000
- jg exitmscrc
- sub ecx,00401000
- push eax
- lea eax,[dump]
- add ecx,eax
- pop eax
- exitmscrc:
- movzx ecx,byte ptr [ecx]
- mov edx,[ebp+14]
- jmp mscrcret
- copy:
- mov eax,00401000
- lea ecx,[dump]
- llop:
- xor ebx,ebx
- movzx ebx,byte ptr [eax]
- mov byte ptr [ecx],bl
- inc eax
- inc ecx
- cmp eax,00E00000
- jg getoutahere
- jmp llop
- getoutahere:
- lea ebx,[dump]
- add ebx,749cdb//B4ACDB - 401000
- xor eax,eax
- mov al,0F
- mov byte ptr [ebx],al
- inc ebx
- mov al,B6
- mov byte ptr [ebx],al
- inc ebx
- mov al,09
- mov byte ptr [ebx],al
- inc ebx
- mov al,8B
- mov byte ptr [ebx],al
- inc ebx
- mov al,55
- mov byte ptr [ebx],al
- ret
- hscrc:
- mov eax,fs:[20]
- cmp eax,[esp+0c]
- jne hscrcret
- mov fs:[34],57
- xor eax,eax
- ret 000c
- hscrcret:
- mov edi,edi
- push ebp
- mov ebp,esp
- jmp OpenProcess+05
- 00B4EF15:
- jmp mscrc
- db 14
- mscrcret:
- OpenProcess:
- jmp hscrc
- [disable]
- 00B4EF15:
- db 0F B6 09 8B 55 14
- OpenProcess:
- db 8B FF 55 8B EC
- dealloc(mscrc)
- dealloc(hscrc)
- dealloc(dump)
- dealloc(copy)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
