Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- #include <Windows.h>
- const unsigned int ValidOffsets[] = {
- 0x008CED10,
- 0x003E9BA0,
- 0x001CA9E0,
- 0x001CABA0,
- 0x002E4523,
- 0x001B99F0,
- 0x00306430,
- 0x00293AD1,
- 0x0039D520,
- 0x0039DF60,
- 0x001D1E70,
- 0x0039CB20,
- 0x00372BDD,
- 0x0034A229,
- 0x0039F915,
- 0x002FA851,
- 0x0023C2FE,
- 0x0065BB5F,
- 0x003D3B20,
- 0x003AAA3C,
- 0x00388B10,
- 0x00388B67,
- 0x003DAAE0,
- 0x003459B9,
- 0x002A7430,
- 0x004ABDC0,
- 0x0024F548,
- 0x004B0B80,
- 0x00372345,
- 0x004ECC90,
- 0x0039D584,
- 0x001B1BCC,
- 0x001B3BC5,
- 0x001B38D9,
- 0x00198990,
- 0x002177E0,
- 0x00691AD0,
- 0x001EAC10,
- 0x00199320,
- 0x00601C20,
- 0x00248830,
- 0x001CAD50,
- 0x001904A0,
- 0x001CB660,
- 0x003EE85F,
- 0x006E1780,
- 0x006E10D0,
- 0x001B38C0,
- 0x003EA510,
- 0x003EE7D0,
- 0x001991E0,
- 0x002C749F,
- 0x001BEB09,
- 0x0034DACA,
- 0x003C2B62,
- 0x0039D566,
- 0x003EE819,
- 0x006015DE,
- 0x006018B0,
- 0x00396A48,
- 0x001C9DEC,
- 0x003B8B23,
- 0x001B4760,
- 0x003DDBD8,
- 0x005FA0FC,
- 0x001935CD,
- 0x00180763,
- 0x008C37A7,
- 0x0029D0D7,
- 0x001C9A60,
- 0x00296910,
- 0x00340CD5,
- 0x00394BD0,
- 0x005F6B97,
- 0x005F6BA5,
- 0x003AAA4A,
- 0x00388B10,
- 0x005F6B97,
- 0x005F6BA5,
- 0x00193E14,
- 0x008C62E0,
- 0x008C69E0,
- 0x002493A7,
- 0x001C9E78,
- 0x00335B70,
- 0x001B24D0,
- };
- class Patcher {
- private:
- HANDLE hFile;
- DWORD Size;
- HANDLE hMapping;
- PVOID Mapping;
- void Cleanup() {
- if (Mapping) UnmapViewOfFile(Mapping);
- if (hMapping) CloseHandle(hMapping);
- if (hFile) {
- FlushFileBuffers(hFile);
- CloseHandle(hFile);
- }
- Mapping = NULL;
- hMapping = NULL;
- hFile = NULL;
- }
- public:
- Patcher() : hFile(NULL), Size(0), hMapping(NULL), Mapping(NULL) {}
- ~Patcher() {
- Cleanup();
- }
- bool LoadFile(LPCWSTR File) {
- Cleanup();
- hFile = CreateFile(File, FILE_ALL_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
- if (hFile == INVALID_HANDLE_VALUE) {
- DWORD LE = GetLastError();
- Cleanup();
- return false;
- }
- Size = GetFileSize(hFile, NULL);
- if (!Size) {
- Cleanup();
- return false;
- }
- hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, Size, L"OnetapFileMapping");
- if (!hMapping) {
- Cleanup();
- return false;
- }
- Mapping = MapViewOfFile(hMapping, FILE_MAP_ALL_ACCESS, 0, 0, Size);
- if (!Mapping) {
- Cleanup();
- return false;
- }
- return true;
- }
- bool Patch(const unsigned int* OffsetsTable, ULONG OffsetsCount, SIZE_T PatchSectionOffsetInFile, SIZE_T JmpToPatchSectionOffset) {
- static const unsigned char Shell[] = {
- 0xE8, 0x00, 0x00, 0x00, 0x00, // call @NextInstruction ; --+
- 0x8B, 0x04, 0x24, // mov eax, [esp] ; <--------+
- 0x83, 0xC4, 0x04, // add esp, 4
- 0x83, 0xE8, 0x05, // sub eax, 5
- 0x83, 0xC0, 0x20, // add eax, 32
- 0x8B, 0x04, 0x88, // mov eax, [eax + ecx * 4]
- 0x03, 0x45, 0x80, // add eax, [ebp - 80h]
- 0xE9, 0xCA, 0xF6, 0xE6, 0xFF, // jmp @Continue
- 0x90, 0x90, 0x90, 0x90 // Just for alignment*/
- };
- auto PatchSection = reinterpret_cast<PBYTE>(Mapping) + PatchSectionOffsetInFile;
- memcpy(PatchSection, Shell, sizeof(Shell));
- memcpy(PatchSection + sizeof(Shell), OffsetsTable, OffsetsCount * sizeof(DWORD));
- static const unsigned char JmpToShellInstr[] = { 0xE9, 0x1B, 0x09, 0x19, 0x00 };
- auto JmpToPatch = reinterpret_cast<PBYTE>(Mapping) + JmpToPatchSectionOffset;
- memcpy(JmpToPatch, JmpToShellInstr, sizeof(JmpToShellInstr));
- return true;
- }
- };
- int main()
- {
- constexpr ULONG PatchSectionOffsetInFile = 0x1CE600;
- constexpr ULONG TxtSectionOffsetInFile = 0x400;
- constexpr ULONG JumpToPatchOffsetFromTxtSection = 0x3F6E0;
- constexpr ULONG JumpToPatchOffsetInFile = TxtSectionOffsetInFile + JumpToPatchOffsetFromTxtSection;
- Patcher patcher;
- bool Status = patcher.LoadFile(L"C:\\Temp\\onetap.dll");
- if (!Status) {
- printf("Unable to load file!\r\n");
- return 0;
- }
- //sizeof(ValidOffsets) / sizeof(ValidOffsets*)
- Status = patcher.Patch(ValidOffsets, sizeof(ValidOffsets), PatchSectionOffsetInFile, JumpToPatchOffsetInFile);
- if (!Status) {
- printf("Unable to patch file!\r\n");
- system("pause");
- return 0;
- }
- printf("Well done!\r\n");
- system("pause");
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement