define(address,"DNF.exe"+92FCB3)
define(bytes,8B 75 08 81 FE FA 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [ebp+08],#60025//怪物代码
mov esi,[ebp+08]
cmp esi,000000FA
jmp return
address:
jmp newmem
nop 4
return:
[DISABLE]
address:
db bytes
// mov esi,[ebp+08]
// cmp esi,000000FA
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: DNF.exe+92FCB3
DNF.exe+92FC93: 6A FF - push -01
DNF.exe+92FC95: 68 D1 2F 48 01 - push DNF.exe+1082FD1
DNF.exe+92FC9A: 64 A1 00 00 00 00 - mov eax,fs:[00000000]
DNF.exe+92FCA0: 50 - push eax
DNF.exe+92FCA1: 56 - push esi
DNF.exe+92FCA2: A1 F0 67 A3 01 - mov eax,[DNF.exe+16367F0]
DNF.exe+92FCA7: 33 C5 - xor eax,ebp
DNF.exe+92FCA9: 50 - push eax
DNF.exe+92FCAA: 8D 45 F4 - lea eax,[ebp-0C]
DNF.exe+92FCAD: 64 A3 00 00 00 00 - mov fs:[00000000],eax
// ---------- INJECTING HERE ----------
DNF.exe+92FCB3: 8B 75 08 - mov esi,[ebp+08]
// ---------- DONE INJECTING ----------
DNF.exe+92FCB6: 81 FE FA 00 00 00 - cmp esi,000000FA
DNF.exe+92FCBC: 0F 8F EA 0E 00 00 - jg DNF.exe+930BAC
DNF.exe+92FCC2: 0F 84 A5 0E 00 00 - je DNF.exe+930B6D
DNF.exe+92FCC8: 8D 46 FF - lea eax,[esi-01]
DNF.exe+92FCCB: 3D DD 00 00 00 - cmp eax,000000DD
DNF.exe+92FCD0: 0F 87 38 A6 00 00 - ja DNF.exe+93A30E
DNF.exe+92FCD6: 0F B6 80 90 A4 D3 00 - movzx eax,byte ptr [eax+DNF.exe+93A490]
DNF.exe+92FCDD: FF 24 85 90 A3 D3 00 - jmp dword ptr [eax*4+DNF.exe+93A390]
DNF.exe+92FCE4: 68 58 51 00 00 - push 00005158
DNF.exe+92FCE9: E8 A2 5C 47 00 - call DNF.exe+DA5990
}
define(bytes,8B 75 08 81 FE FA 00 00 00)
[ENABLE]
assert(address,bytes)
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [ebp+08],#60025//怪物代码
mov esi,[ebp+08]
cmp esi,000000FA
jmp return
address:
jmp newmem
nop 4
return:
[DISABLE]
address:
db bytes
// mov esi,[ebp+08]
// cmp esi,000000FA
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: DNF.exe+92FCB3
DNF.exe+92FC93: 6A FF - push -01
DNF.exe+92FC95: 68 D1 2F 48 01 - push DNF.exe+1082FD1
DNF.exe+92FC9A: 64 A1 00 00 00 00 - mov eax,fs:[00000000]
DNF.exe+92FCA0: 50 - push eax
DNF.exe+92FCA1: 56 - push esi
DNF.exe+92FCA2: A1 F0 67 A3 01 - mov eax,[DNF.exe+16367F0]
DNF.exe+92FCA7: 33 C5 - xor eax,ebp
DNF.exe+92FCA9: 50 - push eax
DNF.exe+92FCAA: 8D 45 F4 - lea eax,[ebp-0C]
DNF.exe+92FCAD: 64 A3 00 00 00 00 - mov fs:[00000000],eax
// ---------- INJECTING HERE ----------
DNF.exe+92FCB3: 8B 75 08 - mov esi,[ebp+08]
// ---------- DONE INJECTING ----------
DNF.exe+92FCB6: 81 FE FA 00 00 00 - cmp esi,000000FA
DNF.exe+92FCBC: 0F 8F EA 0E 00 00 - jg DNF.exe+930BAC
DNF.exe+92FCC2: 0F 84 A5 0E 00 00 - je DNF.exe+930B6D
DNF.exe+92FCC8: 8D 46 FF - lea eax,[esi-01]
DNF.exe+92FCCB: 3D DD 00 00 00 - cmp eax,000000DD
DNF.exe+92FCD0: 0F 87 38 A6 00 00 - ja DNF.exe+93A30E
DNF.exe+92FCD6: 0F B6 80 90 A4 D3 00 - movzx eax,byte ptr [eax+DNF.exe+93A490]
DNF.exe+92FCDD: FF 24 85 90 A3 D3 00 - jmp dword ptr [eax*4+DNF.exe+93A390]
DNF.exe+92FCE4: 68 58 51 00 00 - push 00005158
DNF.exe+92FCE9: E8 A2 5C 47 00 - call DNF.exe+DA5990
}
