Thread: Unlink Module

Results 1 to 5 of 5
  1. #1
    RuShi's Avatar
    Join Date
    Jan 2016
    Gender
    male
    Location
    File Not Found 404!
    Posts
    2,531
    Reputation
    210
    Thanks
    13,008
    My Mood
    Innocent

    Unlink Module

    Code:
    void UnlinkModule(HINSTANCE hModule)
    {
    DWORD dwPEB_LDR_DATA = 0;
    _asm
    {
    pushad;
    pushfd;
    mov eax, fs:[30h]   // PEB
    mov eax, [eax + 0Ch]  // PEB->ProcessModuleInfo
    mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo
    
    InLoadOrderModuleList :
    mov esi, [eax + 0Ch]  // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
    mov edx, [eax + 10h]  //  ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]
    
    LoopInLoadOrderModuleList :
    lodsd   //  Load First Module
    mov esi, eax     //  ESI points to Next Module
    mov ecx, [eax + 18h]     //  LDR_MODULE->BaseAddress
    cmp ecx, hModule     //  Is it Our Module ?
    jne SkipA         //  If Not, Next Please @ jumps to nearest Unamed Lable 
    mov ebx, [eax]  //  [FORWARD] Module 
    mov ecx, [eax + 4]         //  [BACKWARD] Module
    mov[ecx], ebx  //  Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
    mov[ebx + 4], ecx    //  Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
    jmp InMemoryOrderModuleList //  Hidden, so Move onto Next Set
    SkipA :
    cmp edx, esi    //  Reached End of Modules ?
    jne LoopInLoadOrderModuleList //  If Not, Re Loop
    
    InMemoryOrderModuleList :
    mov eax, dwPEB_LDR_DATA  //  PEB->ProcessModuleInfo
    mov esi, [eax + 14h]   //  ProcessModuleInfo->InMemoryOrderModuleList[START]
    mov edx, [eax + 18h]   //  ProcessModuleInfo->InMemoryOrderModuleList[FINISH]
    
    LoopInMemoryOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 10h]
    cmp ecx, hModule
    jne SkipB
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp InInitializationOrderModuleList
    SkipB :
    cmp edx, esi
    jne LoopInMemoryOrderModuleList
    
    InInitializationOrderModuleList :
    mov eax, dwPEB_LDR_DATA    //  PEB->ProcessModuleInfo
    mov esi, [eax + 1Ch] //  ProcessModuleInfo->InInitializationOrderModuleList[START]
    mov edx, [eax + 20h] //  ProcessModuleInfo->InInitializationOrderModuleList[FINISH]
    
    LoopInInitializationOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 08h]
    cmp ecx, hModule
    jne SkipC
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp Finished
    SkipC :
    cmp edx, esi
    jne LoopInInitializationOrderModuleList
    
    Finished :
    popfd;
    popad;
    }
    }
    Code:
    BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
    {
    	if (dwReason == DLL_PROCESS_ATTACH)
    	{
    		UnlinkModule(hDll);
    		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HACK, NULL, NULL, NULL);
    	}
    	return TRUE;
    }
    Last edited by Heroes; 08-11-2016 at 05:10 PM.


    MPGH History:
    Member: 02/1/2016
    Contributor: 29/6/2016
    Minion: 25/8/2016
    Former Staff: 07/02/2017
    Minion: 21/9/2017

  2. The Following User Says Thank You to RuShi For This Useful Post:

    [GM]Luffy (09-13-2016)

  3. #2
    COD3RIN's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Posts
    5,309
    Reputation
    468
    Thanks
    28,778
    My Mood
    Angelic
    not bad for asm hook base.
    ᚛C☢dℝin3᚜
    Love you.
    ~Kenshit13
    Quote Originally Posted by cheaterman26 View Post
    COD3RIN PUT A BACKDOOR ON HIS OWN CHEAT HE HACK MY COMPUTER AND MY STEAM, DON'T TRUST THIS GUYS !



  4. The Following User Says Thank You to COD3RIN For This Useful Post:

    RuShi (08-11-2016)

  5. #3
    ReseviC's Avatar
    Join Date
    May 2016
    Gender
    male
    Location
    BEClient.dll
    Posts
    354
    Reputation
    10
    Thanks
    3,430
    My Mood
    Busy
    Quote Originally Posted by RedHunter View Post
    Code:
    void UnlinkModule(HINSTANCE hModule)
    {
    DWORD dwPEB_LDR_DATA = 0;
    _asm
    {
    pushad;
    pushfd;
    mov eax, fs:[30h]   // PEB
    mov eax, [eax + 0Ch]  // PEB->ProcessModuleInfo
    mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo
    
    InLoadOrderModuleList :
    mov esi, [eax + 0Ch]  // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
    mov edx, [eax + 10h]  //  ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]
    
    LoopInLoadOrderModuleList :
    lodsd   //  Load First Module
    mov esi, eax     //  ESI points to Next Module
    mov ecx, [eax + 18h]     //  LDR_MODULE->BaseAddress
    cmp ecx, hModule     //  Is it Our Module ?
    jne SkipA         //  If Not, Next Please @ jumps to nearest Unamed Lable 
    mov ebx, [eax]  //  [FORWARD] Module 
    mov ecx, [eax + 4]         //  [BACKWARD] Module
    mov[ecx], ebx  //  Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
    mov[ebx + 4], ecx    //  Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
    jmp InMemoryOrderModuleList //  Hidden, so Move onto Next Set
    SkipA :
    cmp edx, esi    //  Reached End of Modules ?
    jne LoopInLoadOrderModuleList //  If Not, Re Loop
    
    InMemoryOrderModuleList :
    mov eax, dwPEB_LDR_DATA  //  PEB->ProcessModuleInfo
    mov esi, [eax + 14h]   //  ProcessModuleInfo->InMemoryOrderModuleList[START]
    mov edx, [eax + 18h]   //  ProcessModuleInfo->InMemoryOrderModuleList[FINISH]
    
    LoopInMemoryOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 10h]
    cmp ecx, hModule
    jne SkipB
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp InInitializationOrderModuleList
    SkipB :
    cmp edx, esi
    jne LoopInMemoryOrderModuleList
    
    InInitializationOrderModuleList :
    mov eax, dwPEB_LDR_DATA    //  PEB->ProcessModuleInfo
    mov esi, [eax + 1Ch] //  ProcessModuleInfo->InInitializationOrderModuleList[START]
    mov edx, [eax + 20h] //  ProcessModuleInfo->InInitializationOrderModuleList[FINISH]
    
    LoopInInitializationOrderModuleList :
    lodsd
    mov esi, eax
    mov ecx, [eax + 08h]
    cmp ecx, hModule
    jne SkipC
    mov ebx, [eax]
    mov ecx, [eax + 4]
    mov[ecx], ebx
    mov[ebx + 4], ecx
    jmp Finished
    SkipC :
    cmp edx, esi
    jne LoopInInitializationOrderModuleList
    
    Finished :
    popfd;
    popad;
    }
    }
    Code:
    BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
    {
    	if (dwReason == DLL_PROCESS_ATTACH)
    	{
    		UnlinkModule(hDll);
    		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HACK, NULL, NULL, NULL);
    	}
    	return TRUE;
    }
    Nicely done ! Great Job Coder

  6. #4
    [Xerox]'s Avatar
    Join Date
    Jan 2016
    Gender
    male
    Posts
    9
    Reputation
    10
    Thanks
    1
    htt p://ww w.mpg h.net/forum/showthread.php?t=519021
    Please credit the person who posted this source.

  7. #5
    Obliteration's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Posts
    707
    Reputation
    154
    Thanks
    646
    Quote Originally Posted by [Xerox] View Post
    htt p://ww w.mpg h.net/forum/showthread.php?t=519021
    Please credit the person who posted this source.
    No, he's not the original creator of the source too.
    This is a really really old source. The oldest post I found with this code was in 2007 lol.

  8. The Following User Says Thank You to Obliteration For This Useful Post:

    RuShi (08-12-2016)

Similar Threads

  1. [VB6 Module edit]
    By leiva1 in forum Visual Basic Programming
    Replies: 8
    Last Post: 09-24-2007, 11:19 AM
  2. [request]New Module
    By killer2334 in forum Hack Requests
    Replies: 0
    Last Post: 07-21-2007, 06:42 AM
  3. [request] Module
    By Elliwood in forum WarRock - International Hacks
    Replies: 6
    Last Post: 07-16-2007, 01:11 PM
  4. Module for Warrock
    By condor01 in forum WarRock - International Hacks
    Replies: 4
    Last Post: 07-07-2007, 03:15 AM
  5. module vb6
    By ZeaS in forum WarRock - International Hacks
    Replies: 12
    Last Post: 07-02-2007, 07:47 PM