SHARE
TWEET

Untitled

a guest Sep 16th, 2019 101 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. void *lpOrg_WOW32Dispatcher = nullptr;
  2.  
  3. NTSTATUS WINAPIV NtQueryInformationProcess(
  4.     HANDLE          ProcessHandle,
  5.     int             ProcessInformationClass,
  6.     PVOID           ProcessInformation,
  7.     ULONG           ProcessInformationLength,
  8.     PULONG          ReturnLength )
  9. {
  10.     __asm mov esp, ebp
  11.     __asm pop ebp
  12.     __asm jmp lpOrg_WOW32Dispatcher
  13. }
  14.  
  15. __declspec( naked ) void hk_WOW32Reserved_Dispatcher( void )
  16. {
  17.     __asm
  18.     {
  19.         cmp eax, 0x19
  20.         je NtQueryInformationProcess
  21.  
  22.         jmp lpOrg_WOW32Dispatcher
  23.     }
  24. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top