Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ENABLE]
- aobscanmodule(MOUNT,Wow.exe,8B 83 C0 09 00 00) // should be unique
- alloc(newmem,$1000)
- label(code)
- label(return)
- newmem:
- //mov [ebx+000009C0],#31992 //2-х местная ракета
- //mov [ebx+000009C0],#31156 //Обагренный ледяной покоритель (цлк)
- //mov [ebx+000009C0],#31958 //небесный скакун (донат)
- mov [ebx+000009C0],#18724
- //29379 курица 21973 тигр
- code:
- mov eax,[ebx+000009C0]
- jmp return
- MOUNT:
- jmp newmem
- nop
- return:
- registersymbol(MOUNT)
- [DISABLE]
- MOUNT:
- db 8B 83 C0 09 00 00
- unregistersymbol(MOUNT)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "Wow.exe"+33D5F2
- "Wow.exe"+33D5D0: 55 - push ebp
- "Wow.exe"+33D5D1: 8B EC - mov ebp,esp
- "Wow.exe"+33D5D3: 83 EC 54 - sub esp,54
- "Wow.exe"+33D5D6: 53 - push ebx
- "Wow.exe"+33D5D7: 8B D9 - mov ebx,ecx
- "Wow.exe"+33D5D9: 83 BB 8C 09 00 00 00 - cmp dword ptr [ebx+0000098C],00
- "Wow.exe"+33D5E0: 56 - push esi
- "Wow.exe"+33D5E1: 57 - push edi
- "Wow.exe"+33D5E2: C7 83 7C 0F 00 00 00 00 00 00 - mov [ebx+00000F7C],00000000
- "Wow.exe"+33D5EC: 0F 85 DC 02 00 00 - jne Wow.exe+33D8CE
- // ---------- INJECTING HERE ----------
- "Wow.exe"+33D5F2: 8B 83 C0 09 00 00 - mov eax,[ebx+000009C0]
- // ---------- DONE INJECTING ----------
- "Wow.exe"+33D5F8: 8B 0D C8 34 AD 00 - mov ecx,[Wow.exe+6D34C8]
- "Wow.exe"+33D5FE: 3B C1 - cmp eax,ecx
- "Wow.exe"+33D600: 0F 8C 28 03 00 00 - jl Wow.exe+33D92E
- "Wow.exe"+33D606: 3B 05 C4 34 AD 00 - cmp eax,[Wow.exe+6D34C4]
- "Wow.exe"+33D60C: 0F 8F 1C 03 00 00 - jg Wow.exe+33D92E
- "Wow.exe"+33D612: 2B C1 - sub eax,ecx
- "Wow.exe"+33D614: 8B 0D D8 34 AD 00 - mov ecx,[Wow.exe+6D34D8]
- "Wow.exe"+33D61A: 8B 04 81 - mov eax,[ecx+eax*4]
- "Wow.exe"+33D61D: 85 C0 - test eax,eax
- "Wow.exe"+33D61F: 89 45 FC - mov [ebp-04],eax
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
