Thread: Unlink Module

Results 1 to 5 of 5

Threaded View

  1. #1
    RuShi's Avatar
    Join Date
    Jan 2016
    Gender
    male
    Location
    File Not Found 404!
    Posts
    2,531
    Reputation
    210
    Thanks
    13,008
    My Mood
    Innocent

    Unlink Module

    Code:
    void UnlinkModule(HINSTANCE hModule)
    {
    DWORD dwPEB_LDR_DATA = 0;
    _asm
    {
    pushad;
    pushfd;
    mov eax, fs:[30h]   // PEB
    mov eax, [eax + 0Ch]  // PEB->ProcessModuleInfo
    mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo
    
    InLoadOrderModuleList :
    mov esi, [eax + 0Ch]  // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
    mov edx, [eax + 10h]  //  ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]
    
    LoopInLoadOrderModuleList :
    lodsd   //  Load First Module
    mov esi, eax     //  ESI points to Next Module
    mov ecx, [eax + 18h]     //  LDR_MODULE->BaseAddress
    cmp ecx, hModule     //  Is it Our Module ?
    jne SkipA         //  If Not, Next Please @ jumps to nearest Unamed Lable 
    mov ebx, [eax]  //  [FORWARD] Module 
    mov ecx, [eax + 4]         //  [BACKWARD] Module
    mov[ecx], ebx  //  Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
    mov[ebx + 4], ecx    //  Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
    jmp InMemoryOrderModuleList //  Hidden, so Move onto Next Set
    SkipA :
    cmp edx, esi    //  Reached End of Modules ?
    jne LoopInLoadOrderModuleList //  If Not, Re Loop
    
    InMemoryOrderModuleList :
    mov eax, dwPEB_LDR_DATA  //  PEB->ProcessModuleInfo
    mov esi, [eax + 14h]   //  ProcessModuleInfo->InMemoryOrderModuleList[START]
    mov edx, [eax + 18h]   //  ProcessModuleInfo->InMemoryOrderModuleList[FINISH]
    
    LoopInMemoryOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 10h]
    cmp ecx, hModule
    jne SkipB
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp InInitializationOrderModuleList
    SkipB :
    cmp edx, esi
    jne LoopInMemoryOrderModuleList
    
    InInitializationOrderModuleList :
    mov eax, dwPEB_LDR_DATA    //  PEB->ProcessModuleInfo
    mov esi, [eax + 1Ch] //  ProcessModuleInfo->InInitializationOrderModuleList[START]
    mov edx, [eax + 20h] //  ProcessModuleInfo->InInitializationOrderModuleList[FINISH]
    
    LoopInInitializationOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 08h]
    cmp ecx, hModule
    jne SkipC
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp Finished
    SkipC :
    cmp edx, esi
    jne LoopInInitializationOrderModuleList
    
    Finished :
    popfd;
    popad;
    }
    }
    Code:
    BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
    {
    	if (dwReason == DLL_PROCESS_ATTACH)
    	{
    		UnlinkModule(hDll);
    		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HACK, NULL, NULL, NULL);
    	}
    	return TRUE;
    }
    Last edited by Heroes; 08-11-2016 at 05:10 PM.


    MPGH History:
    Member: 02/1/2016
    Contributor: 29/6/2016
    Minion: 25/8/2016
    Former Staff: 07/02/2017
    Minion: 21/9/2017

  2. The Following User Says Thank You to RuShi For This Useful Post:

    [GM]Luffy (09-13-2016)

Similar Threads

  1. [VB6 Module edit]
    By leiva1 in forum Visual Basic Programming
    Replies: 8
    Last Post: 09-24-2007, 11:19 AM
  2. [request]New Module
    By killer2334 in forum Hack Requests
    Replies: 0
    Last Post: 07-21-2007, 06:42 AM
  3. [request] Module
    By Elliwood in forum WarRock - International Hacks
    Replies: 6
    Last Post: 07-16-2007, 01:11 PM
  4. Module for Warrock
    By condor01 in forum WarRock - International Hacks
    Replies: 4
    Last Post: 07-07-2007, 03:15 AM
  5. module vb6
    By ZeaS in forum WarRock - International Hacks
    Replies: 12
    Last Post: 07-02-2007, 07:47 PM