made recommended changes and tested
This commit is contained in:
parent
a1ea69b3f9
commit
e3c04f08bb
@ -2156,16 +2156,8 @@ bool InsertBGI4Hook()
|
|||||||
0x56, // 56 push esi
|
0x56, // 56 push esi
|
||||||
0x57, // 57 push edi
|
0x57, // 57 push edi
|
||||||
0x33, 0xFF, // 33 FF xor edi,edi
|
0x33, 0xFF, // 33 FF xor edi,edi
|
||||||
0xE8, 0x23, 0xFD, 0xFF, 0xFF, // E8 23FDFFFF call saclet.exe+A0990
|
0xE8, XX4, // E8 23FDFFFF call saclet.exe+A0990
|
||||||
0x8B, 0xF0, // 8B F0 mov esi,eax
|
0x8B, 0xF0 // 8B F0 mov esi,eax
|
||||||
0x8B, 0x45, 0x10, // 8B 45 10 mov eax,[ebp+10]
|
|
||||||
0x2B, 0xC7, // 2B C7 sub eax,edi
|
|
||||||
0x74, 0x0C, // 74 0C je saclet.exe+A0C82
|
|
||||||
0x83, 0xE8, 0x01, // 83 E8 01 sub eax,01
|
|
||||||
0x75, 0x0C, // 75 0C jne saclet.exe+A0C87
|
|
||||||
0xBE, 0xE9, 0xFD, 0x00, 0x00, // BE E9FD0000 mov esi,0000FDE9
|
|
||||||
0xEB, 0x05, // EB 05 jmp saclet.exe+A0C87
|
|
||||||
0xBE, 0xA4, 0x03, 0x00, 0x00 // BE A4030000 mov esi,000003A4
|
|
||||||
};
|
};
|
||||||
|
|
||||||
for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress))
|
for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress))
|
||||||
|
Loading…
Reference in New Issue
Block a user