Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- systemcall x64
- wow64cpu.dll+2320 - EA 1E270974 3300 - jmp 0033:wow64cpu.dll+271E
- wow64cpu.dll+2327 - 00 00 - add [rax],al
- wow64cpu.dll+2329 - CC - int 3
- wow64cpu.dll+232A - CC - int 3
- wow64cpu.dll+232B - CC - int 3
- 1. write long jump
- wow64cpu.dll+2320 - EA 1E270974 3300 - jmp 0033:wow64cpu.dll+271E
- wow64cpu.dll+2327 - E9 XXXXXXXX - jmp XXXXXXXX
- 1.write 64bit jump in XXXXXXXX
- 1A020000 - 90 - nop//write hook code here
- 1A020001 - 90 - nop
- 1A020002 - 90 - nop
- 1A020003 - 90 - nop
- 1A020004 - 90 - nop
- 1A020005 - EA 1E270974 3300 - jmp 0033:wow64cpu.dll+271E
- 2.write short jump
- wow64cpu.dll+2320 - EB 05 - jmp wow64cpu.dll+2327
- wow64cpu.dll+2322 - 27 - daa
- wow64cpu.dll+2323 - 09 74 33 00 - or [rbx+rsi+00],esi
- wow64cpu.dll+2327 - E9 XXXXXXXX - jmp XXXXXXXX
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement