Hooking HSCRC_Dynamic before execution

1. /*
2. Themidas hidden call fucker
3. created by Riremito
4. */
5. [Enable]
6. Alloc(Themida_Fucker, 1024)
7. Label(Hook_Hidden_Call)
8. Label(HHC_C1)
9. Label(HHC_Next)
10. Label(HHC_Exit)
11. Label(Hidden_Call_Hook)
12. Label(BreakPoint)
13. RegisterSymbol(BreakPoint)
14.  
15. CreateThread(Hook_Hidden_Call)
16.  
17. Themida_Fucker:
18. Hook_Hidden_Call:
19. mov ecx,EHSvc.dll//address start
20. HHC_C1:
21. cmp ecx,EHSvc.dll+3AC05E//address end
22. ja HHC_Exit
23. cmp byte ptr [ecx],58//pop eax
24. jne HHC_Next
25. cmp [ecx+1],0000C29D//popfd ret 0000
26. jne HHC_Next
27. mov [ecx],E9//jmp
28. mov eax,Hidden_Call_Hook
29. sub eax,ecx
30. sub eax,5
31. mov [ecx+1],eax//FunctionAddress - HookAddress - 5
32. HHC_Next:
33. inc ecx
34. jmp HHC_C1
35. HHC_Exit:
36. ret
37.  
38. Hidden_Call_Hook://write hook code here
39. pop eax
40. popfd
41. push eax
42. mov eax,[esp+4]//function address
43. cmp [eax+33],0FFFFFFF
44. pop eax
45. je BreakPoint
46. ret 0000
47.  
48. BreakPoint:
49. nop
50. nop
51. nop
52. nop
53. nop
54. ret 0000
55.  
56.  
57.  
58. [Disable]
59. UnRegisterSymbol(BreakPoint)
60. DeAlloc(Themida_Fucker)