AeroMan (12-17-2014),[MPGH]Mayion (12-08-2014),pusongbato (12-15-2014),trialsg (12-08-2014),WhiteHat PH (12-08-2014),_PuRe.LucK* (12-09-2014)
I hate this banner...
#Define ADR_NoEndBanner 0x8D62F8 //12-8
Pattern to always find this addy
Code to modify text buffer (tnx @AeroMan More info)Code:DWORD NoEndBanner = FindPattern((PBYTE)"\x68\xF8\x00\x8D\x00\x50\xFF\x15\xF0\x00\x00\x00\x83\xC4\x0C", "xx?xxxxxx??xxxx", 1, true);
Change the Banner to something randomCode:void WriteMemory(void *adr, void *ptr, int size) { DWORD dwback; VirtualProtect(adr, size, PAGE_EXECUTE_READWRITE, &dwback); memcpy(adr, ptr, size); VirtualProtect(adr, size, dwback, &dwback); }
Now you never have to see it again :3Code:WriteMemory((void *)ADR_NoEndBanner, (PBYTE)"https://www.mpgh.net", 20);
AeroMan (12-17-2014),[MPGH]Mayion (12-08-2014),pusongbato (12-15-2014),trialsg (12-08-2014),WhiteHat PH (12-08-2014),_PuRe.LucK* (12-09-2014)
Good Job Bro! how about if i change it to WriteMemory((void *)ADR_NoEndBanner, (PBYTE)"https://www.mpgh.net", 20);
When Im gone dont forget me cause I will come back someday.
Youtube Channel
Great share.
I do not use any type of messenger outside of MPGH.
Inactive but you can reach me through VM/PM.
naice : - ).
▲
good job, thanks for sharing
Remember not to override the original buffer
Goodjob!
@AeroMan So what is the orriginal buffer ? if we use 20 what happen ?
When Im gone dont forget me cause I will come back someday.
Youtube Channel
each byte has a particular function, if your original buffer is for example: https://www.mpgh.net <- that's 19 bytes.
If you then overwrite this function with a text for example: https://ImaginaryTextExample.com <- which is obviously alot longer you are going to overwrite more bytes, meaning you will overwrite another function which may result in a crash.
[MPGH]Mayion (12-22-2014),WhiteHat PH (12-22-2014)
Thank for the great info Sir
When Im gone dont forget me cause I will come back someday.
Youtube Channel