Thread: Unlink Module

Results 1 to 5 of 5
  1. #1
    Heroes's Avatar
    Join Date
    Jan 2016
    Gender
    male
    Location
    GameMon.des
    Posts
    2,446
    Reputation
    210
    Thanks
    11,951
    My Mood
    Innocent

    Unlink Module

    Code:
    void UnlinkModule(HINSTANCE hModule)
    {
    DWORD dwPEB_LDR_DATA = 0;
    _asm
    {
    pushad;
    pushfd;
    mov eax, fs:[30h]   // PEB
    mov eax, [eax + 0Ch]  // PEB->ProcessModuleInfo
    mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo
    
    InLoadOrderModuleList :
    mov esi, [eax + 0Ch]  // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
    mov edx, [eax + 10h]  //  ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]
    
    LoopInLoadOrderModuleList :
    lodsd   //  Load First Module
    mov esi, eax     //  ESI points to Next Module
    mov ecx, [eax + 18h]     //  LDR_MODULE->BaseAddress
    cmp ecx, hModule     //  Is it Our Module ?
    jne SkipA         //  If Not, Next Please @ jumps to nearest Unamed Lable 
    mov ebx, [eax]  //  [FORWARD] Module 
    mov ecx, [eax + 4]         //  [BACKWARD] Module
    mov[ecx], ebx  //  Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
    mov[ebx + 4], ecx    //  Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
    jmp InMemoryOrderModuleList //  Hidden, so Move onto Next Set
    SkipA :
    cmp edx, esi    //  Reached End of Modules ?
    jne LoopInLoadOrderModuleList //  If Not, Re Loop
    
    InMemoryOrderModuleList :
    mov eax, dwPEB_LDR_DATA  //  PEB->ProcessModuleInfo
    mov esi, [eax + 14h]   //  ProcessModuleInfo->InMemoryOrderModuleList[START]
    mov edx, [eax + 18h]   //  ProcessModuleInfo->InMemoryOrderModuleList[FINISH]
    
    LoopInMemoryOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 10h]
    cmp ecx, hModule
    jne SkipB
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp InInitializationOrderModuleList
    SkipB :
    cmp edx, esi
    jne LoopInMemoryOrderModuleList
    
    InInitializationOrderModuleList :
    mov eax, dwPEB_LDR_DATA    //  PEB->ProcessModuleInfo
    mov esi, [eax + 1Ch] //  ProcessModuleInfo->InInitializationOrderModuleList[START]
    mov edx, [eax + 20h] //  ProcessModuleInfo->InInitializationOrderModuleList[FINISH]
    
    LoopInInitializationOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 08h]
    cmp ecx, hModule
    jne SkipC
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp Finished
    SkipC :
    cmp edx, esi
    jne LoopInInitializationOrderModuleList
    
    Finished :
    popfd;
    popad;
    }
    }
    Code:
    BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
    {
    	if (dwReason == DLL_PROCESS_ATTACH)
    	{
    		UnlinkModule(hDll);
    		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HACK, NULL, NULL, NULL);
    	}
    	return TRUE;
    }
    Last edited by Heroes; 08-11-2016 at 05:10 PM.


    MPGH History:
    Member: 02/1/2016
    Contributor: 29/6/2016
    Minion: 25/8/2016
    Former Staff: 07/02/2017
    Minion: 21/9/2017

  2. The Following User Says Thank You to Heroes For This Useful Post:

    [GM]Luffy (09-13-2016)

  3. #2
    COD3RIN's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Posts
    5,113
    Reputation
    345
    Thanks
    24,403
    My Mood
    Busy
    not bad for asm hook base.

  4. The Following User Says Thank You to COD3RIN For This Useful Post:

    [MPGH]Heroes (08-11-2016)

  5. #3
    ReseviC's Avatar
    Join Date
    May 2016
    Gender
    male
    Location
    GameGuard.des
    Posts
    354
    Reputation
    10
    Thanks
    3,300
    My Mood
    Amazed
    Quote Originally Posted by RedHunter View Post
    Code:
    void UnlinkModule(HINSTANCE hModule)
    {
    DWORD dwPEB_LDR_DATA = 0;
    _asm
    {
    pushad;
    pushfd;
    mov eax, fs:[30h]   // PEB
    mov eax, [eax + 0Ch]  // PEB->ProcessModuleInfo
    mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo
    
    InLoadOrderModuleList :
    mov esi, [eax + 0Ch]  // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
    mov edx, [eax + 10h]  //  ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]
    
    LoopInLoadOrderModuleList :
    lodsd   //  Load First Module
    mov esi, eax     //  ESI points to Next Module
    mov ecx, [eax + 18h]     //  LDR_MODULE->BaseAddress
    cmp ecx, hModule     //  Is it Our Module ?
    jne SkipA         //  If Not, Next Please @ jumps to nearest Unamed Lable 
    mov ebx, [eax]  //  [FORWARD] Module 
    mov ecx, [eax + 4]         //  [BACKWARD] Module
    mov[ecx], ebx  //  Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
    mov[ebx + 4], ecx    //  Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
    jmp InMemoryOrderModuleList //  Hidden, so Move onto Next Set
    SkipA :
    cmp edx, esi    //  Reached End of Modules ?
    jne LoopInLoadOrderModuleList //  If Not, Re Loop
    
    InMemoryOrderModuleList :
    mov eax, dwPEB_LDR_DATA  //  PEB->ProcessModuleInfo
    mov esi, [eax + 14h]   //  ProcessModuleInfo->InMemoryOrderModuleList[START]
    mov edx, [eax + 18h]   //  ProcessModuleInfo->InMemoryOrderModuleList[FINISH]
    
    LoopInMemoryOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 10h]
    cmp ecx, hModule
    jne SkipB
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp InInitializationOrderModuleList
    SkipB :
    cmp edx, esi
    jne LoopInMemoryOrderModuleList
    
    InInitializationOrderModuleList :
    mov eax, dwPEB_LDR_DATA    //  PEB->ProcessModuleInfo
    mov esi, [eax + 1Ch] //  ProcessModuleInfo->InInitializationOrderModuleList[START]
    mov edx, [eax + 20h] //  ProcessModuleInfo->InInitializationOrderModuleList[FINISH]
    
    LoopInInitializationOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 08h]
    cmp ecx, hModule
    jne SkipC
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp Finished
    SkipC :
    cmp edx, esi
    jne LoopInInitializationOrderModuleList
    
    Finished :
    popfd;
    popad;
    }
    }
    Code:
    BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
    {
    	if (dwReason == DLL_PROCESS_ATTACH)
    	{
    		UnlinkModule(hDll);
    		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HACK, NULL, NULL, NULL);
    	}
    	return TRUE;
    }
    Nicely done ! Great Job Coder

    A standard Silk will not away from darkness.Let's destroy communication,Shall we?


  6. #4
    [Xerox]'s Avatar
    Join Date
    Jan 2016
    Gender
    male
    Posts
    9
    Reputation
    10
    Thanks
    1
    htt p://ww w.mpg h.net/forum/showthread.php?t=519021
    Please credit the person who posted this source.

  7. #5
    Obliteration's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Posts
    705
    Reputation
    142
    Thanks
    643
    Quote Originally Posted by [Xerox] View Post
    htt p://ww w.mpg h.net/forum/showthread.php?t=519021
    Please credit the person who posted this source.
    No, he's not the original creator of the source too.
    This is a really really old source. The oldest post I found with this code was in 2007 lol.

  8. The Following User Says Thank You to Obliteration For This Useful Post:

    [MPGH]Heroes (08-12-2016)

Similar Threads

  1. [VB6 Module edit]
    By leiva1 in forum Visual Basic Programming
    Replies: 8
    Last Post: 09-24-2007, 11:19 AM
  2. [request]New Module
    By killer2334 in forum Hack Requests
    Replies: 0
    Last Post: 07-21-2007, 06:42 AM
  3. [request] Module
    By Elliwood in forum WarRock - International Hacks
    Replies: 6
    Last Post: 07-16-2007, 01:11 PM
  4. Module for Warrock
    By condor01 in forum WarRock - International Hacks
    Replies: 4
    Last Post: 07-07-2007, 03:15 AM
  5. module vb6
    By ZeaS in forum WarRock - International Hacks
    Replies: 12
    Last Post: 07-02-2007, 07:47 PM