Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <Windows.h>
- #include <iostream>
- #include <tlhelp32.h>
- #include <Psapi.h>
- using namespace std;
- char module[] = "server.dll";
- char sig[] = "\x89\x37\x5F\xB8\x00\x00\x00\x00";
- char mask[] = "xxxx????";
- char nopOppCode[] = "\x90\x90\x90";
- MODULEINFO GetModuleInfo(char *szModule)
- {
- MODULEINFO modinfo{ 0 };
- HMODULE hModule = GetModuleHandle(szModule);
- if (hModule == 0)
- return modinfo;
- GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
- return modinfo;
- }
- void WriteToMemory(uintptr_t addressToWrite, char* valueToWrite, int byteNum)
- {
- unsigned long OldProtection;
- VirtualProtect((LPVOID)(addressToWrite), byteNum, PAGE_EXECUTE_READWRITE, &OldProtection);
- memcpy((LPVOID)addressToWrite, valueToWrite, byteNum);
- VirtualProtect((LPVOID)(addressToWrite), byteNum, OldProtection, NULL);
- }
- DWORD FindPattern(char *module, char *pattern, char *mask)
- {
- MODULEINFO mInfo = GetModuleInfo(module);
- DWORD base = (DWORD)mInfo.lpBaseOfDll;
- DWORD size = (DWORD)mInfo.SizeOfImage;
- DWORD patternLength = (DWORD)strlen(mask);
- for (DWORD i = 0; i < size - patternLength; i++)
- {
- bool found = true;
- for (DWORD j = 0; j < patternLength; j++)
- {
- found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
- }
- if (found)
- {
- return base + i;
- }
- }
- return NULL;
- }
- void startDLL()
- {
- DWORD foundAddy = FindPattern(module, sig, mask);
- WriteToMemory(foundAddy, nopOppCode, 1);
- }
- BOOL WINAPI DllMain(
- HINSTANCE hinstDLL,
- DWORD fwdReason,
- LPVOID lpReserved)
- {
- switch (fwdReason)
- {
- case DLL_PROCESS_ATTACH:
- MessageBoxA(NULL, "Good to Go", "", 0);
- startDLL();
- break;
- }
- return TRUE;
- }
Add Comment
Please, Sign In to add comment
