Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Tue Mar 31, 2015 7:49 pm Post subject: |
|
|
Code: | [ENABLE]
aobscanmodule(inject1,calc.exe,48 89 74 24 08 48 89 7C 24 10 41)
aobscanmodule(inject2,calc.exe,48 81 EC B0 00 00 00 83)
alloc(newmem1,$1000,"calc.exe"+1B9D0)
alloc(newmem2,$1000,"calc.exe"+1B9DC)
label(code1)
label(return1)
label(code2)
label(return2)
newmem1:
code1:
mov [rsp+08],rsi
jmp return1
inject1:
jmp code1
return1:
newmem2:
code2:
sub rsp,000000B0
jmp return2
inject2:
jmp code2
nop
nop
return2:
registersymbol(inject1)
registersymbol(inject2)
[DISABLE]
inject1:
db 48 89 74 24 08
inject2:
db 48 81 EC B0 00 00 00
unregistersymbol(inject1)
unregistersymbol(inject2)
dealloc(newmem1)
dealloc(newmem2) |
|
|