Ask Question

Name:
Title:
Your Question:

Answer Question

Name:
Your Answer:
User Submitted Source Code!


Description:
  123
Language: C/C++
Code:
#include <windows.h>
 
void DumpFile()
{
typedef void (__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int);
typedef void (__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int);
 
f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "[email protected]@[email protected]@@[email protected]@@Z");
f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "[email protected]@[email protected]@@[email protected]@@Z");
 
char TArray[0x14];
memset(TArray,0,0x14);
 
appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "[email protected]@[email protected]@A")));
appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "[email protected]@[email protected]@A")));
}
bool dumped = false;
void StartCheck()
{
// wait until WinDrv is loaded just so we know everything we need is initialized correctly
if (GetModuleHandleA("WinDrv.dll") != NULL) {
if (!dumped) {
DumpFile();
dumped = true;
}
}
}
__declspec(dllexport) BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
StartCheck();
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
Comments: