Question: Did anybody notice how aaaassss's code was the exact same as anantasia's in every single way.
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(exit)
label(returnhere)
<span style='color:red'>4240EC:
jmp newmem
returnhere:
newmem:
cmp [10046004],ff
je exit
mov [10046000],00
pushad
pushfd
push 00000000
push 10000000
push 10003500
push 02
call SetWindowsHookExA
mov [10046004],ff
popfd
popad
exit:
mov ecx,[ebp-0c]
pop edi
pop esi
jmp returnhere
UnhookWindowsHookEx:
ret 0004
[DISABLE]
4240EC:
mov ecx,[ebp-0c]
pop edi
pop esi
10046000:
nop
UnhookWindowsHookEx:
ret 0004
</span>
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(exit)
label(returnhere)
<span style='color:red'>4230AA:
jmp newmem
returnhere:
newmem:
cmp [10046004],ff
je exit
mov [10046000],00
pushad
pushfd
push 00000000
push 10000000
push 10003500
push 02
call SetWindowsHookExA
mov [10046004],ff
popfd
popad
exit:
mov ecx,[ebp-0c]
pop edi
pop esi
jmp returnhere
UnhookWindowsHookEx:
ret 0004
[DISABLE]
4230AA:
mov ecx,[ebp-0c]
pop edi
pop esi
10046000:
nop
UnhookWindowsHookEx:
ret 0004
</span>
Red = Changes (notice how small it is?)
Blue = aaaassss's code
Green = anantasia's code
Everybody has been giving +k to aaaassss for something he/she truly didn't do.
Chances are, that's why we have so many problems, Dura, HP, MP, we all know about them, they're happening to so many people.
If and when anantasia releases his/her code for SV, that's when it will have no problems, not when somebody with 2 posts finds a new address to put the code into.
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(exit)
label(returnhere)
<span style='color:red'>4240EC:
jmp newmem
returnhere:
newmem:
cmp [10046004],ff
je exit
mov [10046000],00
pushad
pushfd
push 00000000
push 10000000
push 10003500
push 02
call SetWindowsHookExA
mov [10046004],ff
popfd
popad
exit:
mov ecx,[ebp-0c]
pop edi
pop esi
jmp returnhere
UnhookWindowsHookEx:
ret 0004
[DISABLE]
4240EC:
mov ecx,[ebp-0c]
pop edi
pop esi
10046000:
nop
UnhookWindowsHookEx:
ret 0004
</span>
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(exit)
label(returnhere)
<span style='color:red'>4230AA:
jmp newmem
returnhere:
newmem:
cmp [10046004],ff
je exit
mov [10046000],00
pushad
pushfd
push 00000000
push 10000000
push 10003500
push 02
call SetWindowsHookExA
mov [10046004],ff
popfd
popad
exit:
mov ecx,[ebp-0c]
pop edi
pop esi
jmp returnhere
UnhookWindowsHookEx:
ret 0004
[DISABLE]
4230AA:
mov ecx,[ebp-0c]
pop edi
pop esi
10046000:
nop
UnhookWindowsHookEx:
ret 0004
</span>
Red = Changes (notice how small it is?)
Blue = aaaassss's code
Green = anantasia's code
Everybody has been giving +k to aaaassss for something he/she truly didn't do.
Chances are, that's why we have so many problems, Dura, HP, MP, we all know about them, they're happening to so many people.
If and when anantasia releases his/her code for SV, that's when it will have no problems, not when somebody with 2 posts finds a new address to put the code into.