:wavey:
Only tested in Stormz
Credits:
forest_
BadBurrito
Only tested in Stormz
PHP Code:
void Jump(BYTE *src, const BYTE *dst)
{
DWORD dwback;
VirtualProtect(src, 5, PAGE_EXECUTE_READWRITE, &dwback);
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
}
void BypassTeclado()
{
char Processo[] = "StormZv1.exe";
DWORD jump_1 = 0;
DWORD jump_2 = 0;
DWORD jump_destino = 0;
jump_1 = FindPattern(Processo,"\x72\xE8\x6A\x0A\xFF\xD3\xEB\xE0\x6A\x00\xFF\x15\x00\x00\x00\x00\x5F\x5E\x5B\xCC\xCC\xCC\xCC\xCC\x56","xxxxxxxxxxxx????xxxxxxxxx");
jump_2 = FindPattern(Processo,"\x75\x0C\x46\x83\xFE\x14\x72\xE8\x6A\x0A\xFF\xD3\xEB\xE0\x6A\x00\xFF\x15\x00\x00\x00\x00\x5F\x5E\x5B\xCC\xCC\xCC\xCC\xCC\x56","xxxxxxxxxxxxxxxxxx????xxxxxxxxx");
jump_destino = FindPattern(Processo,"\xEB\xE0\x6A\x00\xFF\x15\x00\x00\x00\x00\x5F\x5E\x5B\xCC\xCC\xCC\xCC\xCC\x56","xxxxxx????xxxxxxxxx");
Jump((BYTE*)jump_1,(BYTE*)jump_destino);
Jump((BYTE*)jump_2,(BYTE*)jump_destino);
}
forest_
BadBurrito
Aucun commentaire:
Enregistrer un commentaire