#1
|
|||
|
|||
10 lines code dumped themida
Here the XprotStripper core code by kernelkiller
Code:
#define BASE 0x00400000 #define SIZE 0x259000 ProcessName "Themida.exe" LRESULT CALLBACK KeyboardProc(int nCode,WPARAM wParam,LPARAM lParam) { FILE *fp; if((nCode==HC_ACTION)&&((lParam & 0xC0000000)!=0)){ if(g_dwThreadID=::GetCurrentProcessId() != (g_dwProcessId=GetProcessNamePid(ProcessName))){ return CallNextHookEx(g_hKeyHook, nCode, wParam, lParam ); }else{ switch(wParam){ case VK_F10: MessageBox(NULL,"SUCCESS","OK",MB_OK); fp=fopen("c:\\Dump.exe","a+b"); fwrite((const void *)BASE,SIZE,1,fp); fclose(fp); break; default: break; } } } return CallNextHookEx(g_hKeyHook, nCode, wParam, lParam ); } Last edited by pll823; 04-21-2005 at 14:36. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to reduce the size of dumped exe | atest | General Discussion | 5 | 09-28-2003 18:41 |
Dumped File / DLL Missing | rf1911 | General Discussion | 7 | 08-24-2003 06:19 |