Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // DarkCowUnit
- // W8baby.com
- #include <Windows.h>
- #include <string>
- using namespace std;
- #include <algorithm>
- #include <sstream>
- /***********************************************FUNCTIONS**********************************************************/
- #define jmp(frm, to) (int)(((int)to - (int)frm) - 5);
- bool Call(unsigned long ulAddress, void* Function, unsigned long ulNops)
- {
- __try
- {
- *(unsigned char*)ulAddress = 0xE8;
- *(unsigned long*)(ulAddress + 1) = jmp(ulAddress, Function);
- memset((void*)(ulAddress + 5), 0x90, ulNops);
- return true;
- }
- __except (EXCEPTION_EXECUTE_HANDLER) { return false; }
- }
- void MakePageWritable(unsigned long ulAddress, unsigned long ulSize)
- {
- MEMORY_BASIC_INFORMATION* mbi = new MEMORY_BASIC_INFORMATION;
- VirtualQuery((void*)ulAddress, mbi, ulSize);
- if (mbi->Protect != PAGE_EXECUTE_READWRITE)
- {
- unsigned long* ulProtect = new unsigned long;
- VirtualProtect((void*)ulAddress, ulSize, PAGE_EXECUTE_READWRITE, ulProtect);
- delete ulProtect;
- }
- delete mbi;
- }
- void WriteMemory(unsigned long ulAddress, unsigned long ulAmount, ...)
- {
- va_list va;
- va_start(va, ulAmount);
- MakePageWritable(ulAddress, ulAmount);
- for (unsigned long ulIndex = 0; ulIndex < ulAmount; ulIndex++)
- {
- *(unsigned char*)(ulAddress + ulIndex) = va_arg(va, unsigned char);
- }
- va_end(va);
- }
- /****************************************************************************************************************/
- typedef struct _PACKET_MESSAGE_STRUCT
- {
- WORD Opcode;
- BYTE Data[1];
- }
- PACKET_MESSAGE;
- typedef struct _PACKET_STRUCT
- {
- DWORD dwUnknown1;
- union
- {
- LPVOID lpvData;
- LPBYTE lpBytes;
- PACKET_MESSAGE* pMessage;
- };
- DWORD dwLength;
- DWORD dwUnknown2;
- }
- PACKET;
- unsigned long ulSendAddress = 0x004C4270, // Need to update after each patch. Array of Bytes to scan: "55 8B EC 6A FF 68 ? ? ? 00 64 ? 00 00 00 00 50 83 EC 34 53".
- ulSendHookRet = ulSendAddress+5,
- ulSendPacket = 0x004064AF; // Need to update after each patch; some empty memory region. Just search for an address with 00 bytes.
- typedef void (WINAPI* lpfnSendPacket)(PACKET* pPacket);
- lpfnSendPacket SendPacketWrapper = NULL;
- bool GenerateWrapper()
- {
- MakePageWritable(ulSendPacket, 18);
- WriteMemory(ulSendPacket, 18, 0x8B, 0x0D, 0x94, 0x30, 0xDC, 0x00, 0xFF, 0x74, 0x24, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC2, 0x04, 0x00 );
- // Need to update after each patch. mov ecx,[00DC3098] ; ServerBase -4 Array of Bytes to scan: "8B 0D ? ? DC 00 8D 44 24 ? 50 E8 [First Address]" (0x8B, 0x0D, 0x94, 0x30, 0xDC, 0x00,).
- // push [esp+04] 0xFF, 0x74, 0x24, 0x04,
- // Space for the call to send addy (0x00, 0x00, 0x00, 0x00, 0x00,).
- // ret 0004 (0xC2, 0x04, 0x00).
- Call(ulSendPacket+10, (void*)ulSendAddress, 0); // Write the call to send addy in the space we left.
- SendPacketWrapper = (lpfnSendPacket)ulSendPacket;
- if(*(BYTE*)ulSendPacket == 0x8B) return true;
- return false;
- }
- void SendRawPacket(LPBYTE lpData, int size)
- {
- PACKET* p = new PACKET;
- ZeroMemory(p, sizeof(PACKET));
- p->lpBytes = lpData;
- p->dwLength = size;
- SendPacketWrapper(p);
- delete(p);
- }
- void EraseSpaces(string &str)
- {
- for (unsigned i = 0; i < str.length(); i++)
- {
- if (str[i] == ' ') str.erase(i--, 1);
- }
- }
- void ToUpper(string &str)
- {
- transform(str.begin(), str.end(), str.begin(), toupper);
- }
- BYTE randb()
- {
- return rand()%0xFF;
- }
- bool msSendPacket(string str)
- {
- EraseSpaces(str);
- ToUpper(str);
- if(str.length()%2) return false;
- for (unsigned i = 0; i < str.length(); i++){
- if (str[i] >= 0x30 && str[i] <= 0x39) continue; // 0-9
- if (str[i] >= 0x41 && str[i] <= 0x46) continue; // A-F
- if (str[i] == 0x2A) continue; // *
- return false;
- }
- BYTE* bPacket = (BYTE*)malloc(MAX_PATH);
- int* iSize = new int(0);
- for (unsigned j = 0; j != str.length()/2; j++) {
- if(!strcmp(str.substr(j*2, 2).c_str(), "**")) bPacket[j] = randb();
- else bPacket[j] = strtol(str.substr(j*2, 2).c_str(), NULL, 16);
- (*iSize)++;
- }
- SendRawPacket(bPacket, *iSize);
- delete iSize;
- free(bPacket);
- return true;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement