maybe some poeple can work with it.
;SRO loader
;written by Wuj
.386p
.model flat, stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include iphlpapi.inc
includelib user32.lib
includelib kernel32.lib
includelib iphlpapi.lib
.data
srofile db "\sro_client2.exe 0000000 /18 0 0", 0
dllfile db "wuj.dll", 0
szLoadLibraryA db "LoadLibraryA", 0
szkernel32 db "kernel32.dll", 0
pinfo PROCESS_INFORMATION <>
sinfo STARTUPINFO <>
.data?
hdir db 512 dup (?)
LoadLib dd ?
hhThread dd ?
hhHandle dd ?
pMem dd ?
.code
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR, CmdShow:DWORD
invoke GetCurrentDirectory,sizeof hdir ,addr hdir
invoke lstrcat,addr hdir,offset srofile
invoke CreateProcessA,NULL,ADDR hdir,NULL,NULL,TRUE,CREATE_SUSPENDED,NULL,NULL,ADD R sinfo, ADDR pinfo
invoke OpenProcess, PROCESS_ALL_ACCESS, 0, pinfo.dwProcessId
mov hhHandle, eax
invoke GetModuleHandleA, ADDR szkernel32
invoke GetProcAddress, eax, ADDR szLoadLibraryA
mov LoadLib, eax
invoke VirtualAllocEx, pinfo.hProcess, 0, sizeof dllfile, MEM_COMMIT, PAGE_EXECUTE_READWRITE
mov pMem, eax
invoke WriteProcessMemory, pinfo.hProcess, pMem, ADDR dllfile, sizeof dllfile, 0
invoke CreateRemoteThread, pinfo.hProcess, 0, 0, LoadLib, pMem, 0, 0
mov hhThread, eax
invoke WaitForSingleObject, hhThread, INFINITE
invoke VirtualFreeEx, pinfo.hProcess, pMem, MAX_PATH, MEM_DECOMMIT
invoke ResumeThread, pinfo.hThread
invoke CloseHandle, hhHandle
invoke CloseHandle, pinfo.hProcess
invoke CloseHandle, pinfo.hThread
invoke ExitProcess, NULL
ret
WinMain endp
end WinMain
and the second one thing.
;SRO dll
;written by Wuj
.386
.model flat, stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include iphlpapi.inc
includelib user32.lib
includelib kernel32.lib
includelib IPHlpApi.lib
.data
Capt db "Wuj's mod",0
Msg db "Have as much fun using it as I had making it",0
pinfo PROCESS_INFORMATION <>
te32 THREADENTRY32 <>
.data?
pID dd ?
hhHandle dd ?
AddressToPatch dd ?
RByte db ?
RDword dd ?
hdir db 512 dup (?)
.code
DLLEntry proc hInstDLL:DWORD, reason:DWORD, reservedd:DWORD
.if reason== DLL_PROCESS_ATTACH
invoke MessageBox,NULL,addr Msg,addr Capt,MB_OK
invoke GetCurrentProcess
mov pID, eax
invoke OpenProcess, PROCESS_ALL_ACCESS, 0, ADDR pID
mov hhHandle, eax
mov AddressToPatch, 006df40ch ;Please execute...
mov RByte, 0ebh
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006df3a0h ;MC
mov RByte, 0ebh
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006f021eh ;MC
mov RByte, 0ebh
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006f02d9h ;MC
mov RDword, 00008ae9h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RDword, 4, 0
mov AddressToPatch, 006f02dDh ;MC
mov RByte, 00h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006f02deh ;MC
mov RByte, 90h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 00983020h ;GG
mov RDword, 909090c3h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RDword, 4, 0
mov AddressToPatch, 00469a65h ;jmp MultiUnlock
mov RByte, 0e9h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 00469a66h ;jmp MultiUnlock
mov RDword, 1fb97a96h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RDword, 4, 0
invoke CloseHandle, hhHandle
invoke CloseHandle, pID ;
mov eax, TRUE
.endif
Ret
DLLEntry EndP
org 500h
MultiUnlock proc
mov edi, eax
call GetAdaptersInfo
add edi, 194h
invoke GetTickCount
mov dword ptr [edi+2], eax
xor eax, eax
mov edi, 00469a6ah
jmp edi
ret
MultiUnlock endp
end DLLEntry
----------------------------------------------------------------------------
;SRO loader
;written by Wuj
.386p
.model flat, stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include iphlpapi.inc
includelib user32.lib
includelib kernel32.lib
includelib iphlpapi.lib
.data
srofile db "\sro_client2.exe 0000000 /18 0 0", 0
dllfile db "wuj.dll", 0
szLoadLibraryA db "LoadLibraryA", 0
szkernel32 db "kernel32.dll", 0
pinfo PROCESS_INFORMATION <>
sinfo STARTUPINFO <>
.data?
hdir db 512 dup (?)
LoadLib dd ?
hhThread dd ?
hhHandle dd ?
pMem dd ?
.code
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR, CmdShow:DWORD
invoke GetCurrentDirectory,sizeof hdir ,addr hdir
invoke lstrcat,addr hdir,offset srofile
invoke CreateProcessA,NULL,ADDR hdir,NULL,NULL,TRUE,CREATE_SUSPENDED,NULL,NULL,ADD R sinfo, ADDR pinfo
invoke OpenProcess, PROCESS_ALL_ACCESS, 0, pinfo.dwProcessId
mov hhHandle, eax
invoke GetModuleHandleA, ADDR szkernel32
invoke GetProcAddress, eax, ADDR szLoadLibraryA
mov LoadLib, eax
invoke VirtualAllocEx, pinfo.hProcess, 0, sizeof dllfile, MEM_COMMIT, PAGE_EXECUTE_READWRITE
mov pMem, eax
invoke WriteProcessMemory, pinfo.hProcess, pMem, ADDR dllfile, sizeof dllfile, 0
invoke CreateRemoteThread, pinfo.hProcess, 0, 0, LoadLib, pMem, 0, 0
mov hhThread, eax
invoke WaitForSingleObject, hhThread, INFINITE
invoke VirtualFreeEx, pinfo.hProcess, pMem, MAX_PATH, MEM_DECOMMIT
invoke ResumeThread, pinfo.hThread
invoke CloseHandle, hhHandle
invoke CloseHandle, pinfo.hProcess
invoke CloseHandle, pinfo.hThread
invoke ExitProcess, NULL
ret
WinMain endp
end WinMain
and the second one thing.
;SRO dll
;written by Wuj
.386
.model flat, stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include iphlpapi.inc
includelib user32.lib
includelib kernel32.lib
includelib IPHlpApi.lib
.data
Capt db "Wuj's mod",0
Msg db "Have as much fun using it as I had making it",0
pinfo PROCESS_INFORMATION <>
te32 THREADENTRY32 <>
.data?
pID dd ?
hhHandle dd ?
AddressToPatch dd ?
RByte db ?
RDword dd ?
hdir db 512 dup (?)
.code
DLLEntry proc hInstDLL:DWORD, reason:DWORD, reservedd:DWORD
.if reason== DLL_PROCESS_ATTACH
invoke MessageBox,NULL,addr Msg,addr Capt,MB_OK
invoke GetCurrentProcess
mov pID, eax
invoke OpenProcess, PROCESS_ALL_ACCESS, 0, ADDR pID
mov hhHandle, eax
mov AddressToPatch, 006df40ch ;Please execute...
mov RByte, 0ebh
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006df3a0h ;MC
mov RByte, 0ebh
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006f021eh ;MC
mov RByte, 0ebh
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006f02d9h ;MC
mov RDword, 00008ae9h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RDword, 4, 0
mov AddressToPatch, 006f02dDh ;MC
mov RByte, 00h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 006f02deh ;MC
mov RByte, 90h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 00983020h ;GG
mov RDword, 909090c3h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RDword, 4, 0
mov AddressToPatch, 00469a65h ;jmp MultiUnlock
mov RByte, 0e9h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RByte, 1, 0
mov AddressToPatch, 00469a66h ;jmp MultiUnlock
mov RDword, 1fb97a96h
invoke WriteProcessMemory, pID, AddressToPatch, ADDR RDword, 4, 0
invoke CloseHandle, hhHandle
invoke CloseHandle, pID ;
mov eax, TRUE
.endif
Ret
DLLEntry EndP
org 500h
MultiUnlock proc
mov edi, eax
call GetAdaptersInfo
add edi, 194h
invoke GetTickCount
mov dword ptr [edi+2], eax
xor eax, eax
mov edi, 00469a6ah
jmp edi
ret
MultiUnlock endp
end DLLEntry
----------------------------------------------------------------------------
