Advertisement
Riremito

1337 Hook

Sep 20th, 2014
649
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.02 KB | None | 0 0
  1. systemcall x64
  2. wow64cpu.dll+2320 - EA 1E270974 3300 - jmp 0033:wow64cpu.dll+271E
  3. wow64cpu.dll+2327 - 00 00 - add [rax],al
  4. wow64cpu.dll+2329 - CC - int 3
  5. wow64cpu.dll+232A - CC - int 3
  6. wow64cpu.dll+232B - CC - int 3
  7.  
  8. 1. write long jump
  9. wow64cpu.dll+2320 - EA 1E270974 3300 - jmp 0033:wow64cpu.dll+271E
  10. wow64cpu.dll+2327 - E9 XXXXXXXX - jmp XXXXXXXX
  11.  
  12. 1.write 64bit jump in XXXXXXXX
  13. 1A020000 - 90 - nop//write hook code here
  14. 1A020001 - 90 - nop
  15. 1A020002 - 90 - nop
  16. 1A020003 - 90 - nop
  17. 1A020004 - 90 - nop
  18. 1A020005 - EA 1E270974 3300 - jmp 0033:wow64cpu.dll+271E
  19.  
  20.  
  21. 2.write short jump
  22. wow64cpu.dll+2320 - EB 05 - jmp wow64cpu.dll+2327
  23. wow64cpu.dll+2322 - 27 - daa
  24. wow64cpu.dll+2323 - 09 74 33 00 - or [rbx+rsi+00],esi
  25. wow64cpu.dll+2327 - E9 XXXXXXXX - jmp XXXXXXXX
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement