Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [ENABLE]
- aobscanmodule(InfTowers,age3.exe,3B 75 04 0F 8C 22 FF FF FF) // should be unique
- alloc(newmem,$1000)
- label(code)
- label(return)
- newmem:
- pushf
- cmp [edx+978],#1
- jne code
- popf
- //cmp esi,[ebp+04]
- //jl age3.exe+3423A
- jmp return
- code:
- popf
- cmp esi,[ebp+04]
- jl age3.exe+3423A
- jmp return
- InfTowers:
- jmp newmem
- nop
- nop
- nop
- nop
- return:
- registersymbol(InfTowers)
- [DISABLE]
- InfTowers:
- db 3B 75 04 0F 8C 22 FF FF FF
- unregistersymbol(InfTowers)
- dealloc(newmem)
- {
- // ORIGINAL CODE - INJECTION POINT: "age3.exe"+3430F
- "age3.exe"+342EA: 80 7B 51 01 - cmp byte ptr [ebx+51],01
- "age3.exe"+342EE: 0F 84 67 0F 21 00 - je age3.exe+24525B
- "age3.exe"+342F4: 80 7B 52 01 - cmp byte ptr [ebx+52],01
- "age3.exe"+342F8: 0F 84 6D 0F 21 00 - je age3.exe+24526B
- "age3.exe"+342FE: 8B 55 00 - mov edx,[ebp+00]
- "age3.exe"+34301: 8B 04 B2 - mov eax,[edx+esi*4]
- "age3.exe"+34304: 50 - push eax
- "age3.exe"+34305: 8B CB - mov ecx,ebx
- "age3.exe"+34307: E8 9F 05 00 00 - call age3.exe+348AB
- "age3.exe"+3430C: 83 C6 01 - add esi,01
- // ---------- INJECTING HERE ----------
- "age3.exe"+3430F: 3B 75 04 - cmp esi,[ebp+04]
- "age3.exe"+34312: 0F 8C 22 FF FF FF - jl age3.exe+3423A
- // ---------- DONE INJECTING ----------
- "age3.exe"+34318: 5F - pop edi
- "age3.exe"+34319: EB 1F - jmp age3.exe+3433A
- "age3.exe"+3431B: 83 EC 24 - sub esp,24
- "age3.exe"+3431E: 53 - push ebx
- "age3.exe"+3431F: 8B 5C 24 30 - mov ebx,[esp+30]
- "age3.exe"+34323: 85 DB - test ebx,ebx
- "age3.exe"+34325: 55 - push ebp
- "age3.exe"+34326: 8B E9 - mov ebp,ecx
- "age3.exe"+34328: 0F 84 72 0D 21 00 - je age3.exe+2450A0
- "age3.exe"+3432E: 56 - push esi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
