Exetools  

Go Back   Exetools > General > General Discussion

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-21-2005, 14:27
pll823
 
Posts: n/a
10 lines code dumped themida

Here the XprotStripper core code by kernelkiller
Code:
#define BASE 0x00400000
#define SIZE 0x259000

ProcessName "Themida.exe"

LRESULT CALLBACK KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam)
{
  FILE *fp;
  if((nCode==HC_ACTION)&&((lParam & 0xC0000000)!=0)){
    if(g_dwThreadID=::GetCurrentProcessId() != (g_dwProcessId=GetProcessNamePid(ProcessName))){
      return CallNextHookEx(g_hKeyHook, nCode, wParam, lParam );
    }else{
      switch(wParam){
      case VK_F10:
        MessageBox(NULL,"SUCCESS","OK",MB_OK);
        fp=fopen("c:\\Dump.exe","a+b");
        fwrite((const void *)BASE,SIZE,1,fp);
        fclose(fp);
        break;
      default:
        break;
      }
    }
  }
  return CallNextHookEx(g_hKeyHook, nCode, wParam, lParam );  
}
and other good tool for dump xpr/thmida,source code included
Attached Images
File Type: jpg inject.jpg (81.6 KB, 69 views)
Attached Files
File Type: rar Adump.rar (338.7 KB, 51 views)
File Type: rar dllinject.rar (33.7 KB, 45 views)

Last edited by pll823; 04-21-2005 at 14:36.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to reduce the size of dumped exe atest General Discussion 5 09-28-2003 18:41
Dumped File / DLL Missing rf1911 General Discussion 7 08-24-2003 06:19


All times are GMT +8. The time now is 09:56.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )