Advertisement
Guest User

Untitled

a guest
Jul 6th, 2017
108
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
MPASM 2.53 KB | None | 0 0
  1. include c:\masm32\include\masm32rt.inc
  2. .data?
  3. align dword
  4. Me32            MODULEENTRY32       <>
  5. StartAPP        db MAX_PATH  dup(?)
  6. hProcess        dd ?
  7. lpBuffer        dd ?
  8. lpNumberOfBytes dd ?
  9. hwnd            dd ?
  10. lpdwProcessId   dd ?
  11. .data
  12. Execute     db "open",0
  13. SteamAppURL db "steam://rungameid/550",0
  14. lpWindowName  db "Left 4 Dead 2",0
  15. SearchDLL   db "engine.dll",0
  16. rAddress    dd          0005475Eh
  17. Patch       db          090h,090h
  18. OrgByte     dd          000002EBh
  19. PatchError  db          "Ups something is wrong, couldnt patch process!",0
  20. .code
  21. main:
  22. ;start steam application uncut
  23. invoke lstrcpy,addr StartAPP,addr SteamAppURL
  24. invoke ShellExecute,0,addr Execute,addr StartAPP,0,0,SW_SHOWMINNOACTIVE
  25. ; is application window running?
  26. @searchwindow:
  27. invoke Sleep,1
  28. invoke FindWindow,NULL,offset lpWindowName
  29. cmp eax,0
  30. je @searchwindow
  31. mov hwnd,eax ;handle to the window
  32. ;get the process identifier of the window
  33. invoke GetWindowThreadProcessId,hwnd,offset lpdwProcessId
  34. mov hProcess,eax
  35. ;snapshot of used modules
  36. invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,lpdwProcessId
  37. mov edi, eax
  38. mov Me32.dwSize, sizeof MODULEENTRY32
  39. invoke Module32First, edi, addr Me32
  40. ;search loop to find engine.dll in memory
  41. @searchengine:
  42. mov eax,dword ptr [Me32.szModule]
  43. cmp eax,dword ptr [SearchDLL]
  44. je @domymagic ; do my magic if dll is found
  45. invoke Module32Next, edi, addr Me32
  46. test eax, eax
  47. jmp @searchengine
  48. @domymagic:
  49. ;calculate offsets
  50. mov eax,Me32.modBaseAddr
  51. add eax,rAddress ;patchoffset1
  52. mov rAddress,eax
  53. ;hook process
  54. invoke OpenProcess,PROCESS_ALL_ACCESS,0,lpdwProcessId
  55. mov hProcess,eax ;handle to the process
  56. ;patch memory
  57. invoke ReadProcessMemory,hProcess,rAddress,addr lpBuffer,2,addr lpNumberOfBytes ;compare code
  58. mov eax,dword ptr [lpBuffer]
  59. cmp dword ptr [OrgByte],eax
  60. je @patch
  61. jmp @Error
  62. @patch:
  63. invoke WriteProcessMemory,hProcess,rAddress,addr Patch,2,addr lpNumberOfBytes   ;Patch jmp to nop
  64. invoke Sleep,30000
  65. ;repatch memory and close launcher
  66. invoke WriteProcessMemory,hProcess,rAddress,addr OrgByte,2,addr lpNumberOfBytes ;Patch nop to jmp
  67.  
  68. jmp @Exit
  69. @Error:
  70. invoke MessageBox,0,addr PatchError,0,0
  71. @Exit:
  72. invoke ExitProcess,NULL
  73. end main
  74.  
  75. ;documentation
  76. ;searchstring in engine.dll
  77. ;100547C2   68 C43A3010      PUSH engine.10303AC4                     ; ASCII "LOWVIOLENCE"
  78. ;1005475C  |. FFD0           CALL EAX                                 ;  call steamclient danach is al/eax auf 1
  79. ;1005475E  |. EB 02          JMP SHORT engine.10054762 <- jmp nopen um al/eax auf 0 zu setzen (0 = uncut / 1=cut)
  80. ;10054760  |> 32C0           XOR AL,AL
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement