AntiBan Updater Script [IDA]

Post: AntiBan Updater Script [IDA]

08-16-2014, 05:54 PM #1

xROccOx

Grunt

Posts

106

Reputation

Credits

Member

Oct 2013

NextGenUpdate

(adsbygoogle = window.adsbygoogle || []).push({});

     #include <idc.idc>

static searchBinary(name, binary, offset, length)

{

auto currentAddress, lastAddress;

for(currentAddress=0; currentAddress != BADADDR; currentAddress=currentAddress+4)

{ 

currentAddress = FindBinary(currentAddress, SEARCH_DOWN, binary);

if(currentAddress == BADADDR)

{

Message("%s not found!\n", name);

break;

}

currentAddress = currentAddress - offset;

MakeUnknown(currentAddress, length, 0);

MakeCode(currentAddress);

MakeFunction(currentAddress, currentAddress + length);

if(MakeNameEx(currentAddress, name, SN_NOCHECK|SN_NOWARN) != 1)

MakeNameEx(currentAddress, name, 0);

Message("\t%s offset: 0x%08X\n", name, currentAddress);

break;

}

}



static findDemonware()

{

searchBinary("DemonWare1", "7C 66 A9 2D 40 82 FF F0 30 61 00 70 38 80 00 32", 0x329, 0x1B; 

searchBinary("Demonware2", "7C 9C A9 2D 40 82 FF F0 2C 03 00 00 40 82 00 24", 0x3F9, 0x1B;

searchBinary("DemonWare3", "4E 9E 04 21 80 A1 00 B0 2C 05 00 00 90 BB 1F AC", 0x591, 0x1B;

searchBinary("DemonWare4", "A3 81 00 94 93 DD 00 00 93 9D 00 04 2C 1C 00 00", 0x3F9, 0x1B;

searchBinary("Demonware5", "57 DB E9 7E 30 D8 00 02 78 A5 D1 46 7B 67 2E A4", 0xFFFFFFFFFFD828E9, 0x1B; 

}

static main()

{

findDemonware();

return 0;

BY NOTORIUS

The following 2 users groaned at xROccOx for this awful post:

1austin112, Notorious

08-16-2014, 08:08 PM #2

Notorious

Caprisuns Is Back

736

Posts

20,411

Reputation

Credits

Member

Nov 2013

NextGenUpdate

what is the point of releasing something that is released? rep whore much?

The following user thanked Notorious for this useful post:

Swaqq