冰楓論壇
標題:
TWMS v228.1 ICS PickNDL
[打印本頁]
作者:
tjralsdl4
時間:
2020-10-4 05:48
標題:
TWMS v228.1 ICS PickNDL
本帖最後由 乂Boyue乂 於 2020-10-4 13:09 編輯
[ENABLE]
alloc(SuperPickHook,128)
alloc(KimK,04)
label(exit)
label(originalcode)
label(Hook)
SuperPickHook:
cmp [esp+54],02D91CAD
//c7 45 fc ? ? ? ? 8d 4d ? e8 ? ? ? ? 8b 4d ? 64 89 ? ? ? ? ? 59 5f 5e 5b 8b e5 5d c2 ? ? 55
jne kernel32.GetProcessHeap
mov [esp+54],exit
jmp kernel32.GetProcessHeap
exit:
cmp dword ptr [ebp-30],0
je Hook
jmp 02D91CAD
Hook:
cmp [KimK],00000005 // A or 5
je originalcode
add [KimK],00000001
mov edx,[ebp-20]
mov [edx+000022F8],00000000
//mov byte ptr [ebp-04],00
jmp 02D91CAD
originalcode:
mov [KimK],00
jmp 02D91CAD
044FDA04:
dd SuperPickHook
//ff 15 ? ? ? ? 50 ff 15 ? ? ? ? 85 c0 74 ? c7 00 ? ? ? ? 8d 50 ? eb ? 33 d2 c7 02 ? ? ? ? bf ? ? ? ? c7 42 04 ? ? ? ? 83 c2 ? 8b f2 8d 46 ? 89 06 8d 48 ? c7 40 fc ? ? ? ? 89 08 8d 41 ? c7 41 fc ? ? ? ? 89 01 8d 48 ? c7 40 fc ? ? ? ? 8d 71 ? 89 08 c7 41 fc ? ? ? ? 89 31 c7 46 fc ? ? ? ? 83 ef ? 75 ? 8b 4d ? 8b 7d ? c7 06 ? ? ? ? 89 51 ? 8b 71 ? c6 45 fc
[DISABLE]
dealloc(newmem)
044FDA04:
dd kernel32.GetProcessHeap
歡迎光臨 冰楓論壇 (https://bingfong.com/)
Powered by 冰楓