|
||
|
Senior Member
 ¥[¤J¤é´Á: May 2002
¤å³¹: 1,133
|
CE¸}¥»°ÝÃD (²Õ¦X»y¨¥)
³o¬O¥~°ê¤H¼gªº¸}¥»,µL¼Ä+¤@§Y¥²±þ¥N½X
¤j¤è¦Vºâ¬O¬Ý±oÀ´,¦ý¦³¨Ç¤£©ú¥Õ¥Î·N,½Ð¬Ý±oÀ´ªººô¤Í¸Ñµª ai³¡¤À,¬Ý¨Ó¬On§âEAX ªºXOR¥[±Kµ²ªG¬°0 §Ú¤@¬Ý¥N½X¥H¬°¼g¿ù¤F,¹CÀ¸·|±Y¼ì....¦ý¬O°õ¦æ¬O¥¿½Tªº¨S°ÝÃD ¬°¤°»ò¬Opop eax ¤§«á¤S¬Opush eax ¬Ý©³¤Uªºì©l¥N½X,¥ý«e¨Ã¨S¦³push°Ê§@«opop,¤§«á¤]push¤]µLpop°Ê§@ ¬°¦ó³o¼Ë¼g? ¨S¦³±Y¼ì? define(address,"Chaosbane.exe"+3F32A5) define(bytes,89 83 30 02 00 00) [ENABLE] assert(address,bytes) alloc(newmem,$1000,"Chaosbane.exe"+3F32A5) label(code) label(return) label(ai) label(player) newmem: cmp rdx,00002DA5 je player cmp rdx,00002DA5 jne ai jmp code code: mov [rbx+00000230],eax jmp return player: mov eax,[rbx+00000228] mov [rbx+00000230],eax jmp return ai: pop eax mov eax,BABEEBAB push eax mov [rbx+00000230],eax jmp return address: jmp newmem nop return: [DISABLE] address: db bytes // mov [rbx+00000230],eax dealloc(newmem) { // ORIGINAL CODE - INJECTION POINT: "Chaosbane.exe"+3F32A5 "Chaosbane.exe"+3F3276: 8B 44 24 50 - mov eax,[rsp+50] "Chaosbane.exe"+3F327A: 0F 2F 44 24 58 - comiss xmm0,[rsp+58] "Chaosbane.exe"+3F327F: 0F 47 C1 - cmova eax,ecx "Chaosbane.exe"+3F3282: 89 44 24 50 - mov [rsp+50],eax "Chaosbane.exe"+3F3286: 89 4C 24 58 - mov [rsp+58],ecx "Chaosbane.exe"+3F328A: F3 0F 10 44 24 58 - movss xmm0,[rsp+58] "Chaosbane.exe"+3F3290: F3 0F 5C 44 24 50 - subss xmm0,[rsp+50] "Chaosbane.exe"+3F3296: F3 0F 11 44 24 58 - movss [rsp+58],xmm0 "Chaosbane.exe"+3F329C: 8B 44 24 58 - mov eax,[rsp+58] "Chaosbane.exe"+3F32A0: 35 AB EB BE BA - xor eax,BABEEBAB // ---------- INJECTING HERE ---------- "Chaosbane.exe"+3F32A5: 89 83 30 02 00 00 - mov [rbx+00000230],eax // ---------- DONE INJECTING ---------- "Chaosbane.exe"+3F32AB: 35 AB EB BE BA - xor eax,BABEEBAB "Chaosbane.exe"+3F32B0: 89 44 24 58 - mov [rsp+58],eax "Chaosbane.exe"+3F32B4: F3 0F 10 44 24 58 - movss xmm0,[rsp+58] "Chaosbane.exe"+3F32BA: 0F 2E C6 - ucomiss xmm0,xmm6 "Chaosbane.exe"+3F32BD: 7A 10 - jp Chaosbane.exe+3F32CF "Chaosbane.exe"+3F32BF: 75 0E - jne Chaosbane.exe+3F32CF "Chaosbane.exe"+3F32C1: 48 8D 55 B0 - lea rdx,[rbp-50] "Chaosbane.exe"+3F32C5: 48 8B CB - mov rcx,rbx "Chaosbane.exe"+3F32C8: E8 83 F1 FF FF - call Chaosbane.exe+3F2450 "Chaosbane.exe"+3F32CD: EB 17 - jmp Chaosbane.exe+3F32E6
__________________
¬°¤F¨ê¦s¦b·P¡An·Q³o»ò¦h¼o¤å¥X¨Óµo¡A§Ú¯u¬OªA¤F§A¡C |
|||||||
2019-09-05, 01:30 PM
#1
|
|
|
Amateur Member
 ¥[¤J¤é´Á: Oct 2017
¤å³¹: 38
|
¥ý pop ¦A push ¨ä¹ê´N¬O°½§ïì©lµ{¦¡ªº¸ê®Æ¡A
¦]¬° ret «á¡Aì¨Óªºµ{¦¡·|§â§ï¹LªºÈ pop ¥X¨Ó¡A ³o¼Ë´N¹F¨ì¥~±¾ªº¥Øªº¡C
__________________
China = Nazi, which is Chinazi |
||
|
2019-09-05, 07:55 PM
#2
|
|
|
Senior Member
![¦Bªº°ÕÅ]¤ý¤j¤Hªº¤jÀY·Ó](customavatars/avatar337411_1.gif){kind=avatar}
¥[¤J¤é´Á: Apr 2017 ±zªº¦í§}: (¢£-_-)¢£ ~ ùäùä
¤å³¹: 1,428
|
¥hCE°Q½×ªO°Ýì§@ªÌ¤ñ¸û§Ö¡I
·d¤£¦nÁÙ¥i¥H¥]¨ì¤@¨Ç¤p¤uµ{. ¦¹¤å³¹©ó 2019-09-06 01:21 AM ³Q ¦Bªº°ÕÅ]¤ý¤j¤H ½s¿è. |
|
2019-09-06, 12:54 AM
#3
|
|
|
Senior Member
¥[¤J¤é´Á: May 2002
¤å³¹: 1,133
|
¤S¸I¨ì°ÝÃD¤£ª¾¦ó³B¥i°Ý....
°ê¥~ªº^¤å«Ü¦Y¤O ¹ï©¤¤]¤£ª¾¹D¦³þ¥i°Ý «D¼Ò¶ô¦a§},n¨Ï¥Îaobscan´M§ä n§ï²Ä¤@¦æÂà¸õ,¥i¬O¥u¦³3Óbytes·|¥´¶Ã¤U¦æ¥N½X 쥻¤£¬O°ÝÃD,¦ý0000015CA8C8C8E0 ¬O·|Åܰʪº ³on¦p¦ó¼g¸}¥»? 15CDBD10CB5 - 89 48 18 - mov [rax+18],ecx 15CDBD10CB8 - 48 B8 E0C8C8A85C010000 - mov rax,0000015CA8C8C8E0 { (15CB5E27B00) } ¬Ý§O¤H¼gªº¸}¥»¦³: je @f @@: ³oÃ䪺@f ¬O¤°»ò·N«ä? ¬O°²«ü¥O¶Ü? §Ú¨Ã¨S¦³¬Ý¨ì¸õÂà@f:ªº³¡¤À
__________________
¬°¤F¨ê¦s¦b·P¡An·Q³o»ò¦h¼o¤å¥X¨Óµo¡A§Ú¯u¬OªA¤F§A¡C ¦¹¤å³¹©ó 2019-11-15 09:14 PM ³Q wkm ½s¿è. |
|
2019-11-15, 09:06 PM
#4
|
|
|
Advance Member
  ¥[¤J¤é´Á: Feb 2017
¤å³¹: 301
|
²Õ¦X»y¨¥«Ó§r
¤@°ï00 ff ¬Ý¨ì²´·ú³£ªá¤F ì¨Óce n¸I²Õ»y |
|
2019-11-15, 09:18 PM
#5
|
|
