Newbie Spellweaver
- Joined
- Feb 6, 2012
- Messages
- 29
- Reaction score
- 20
I share the source code to hide the XOR CabalMain.
cabalmain.exe XOR on CabalMain.exe leave it by default.
change your own xor encypt with hook dll to exe.
you need : Dev C++ :
Compile and hook it to CabalMain.exe.
sorry my english bad :
cabalmain.exe XOR on CabalMain.exe leave it by default.
change your own xor encypt with hook dll to exe.
you need : Dev C++ :
PHP:
//===================================//
// XOR CHANGE
// Royal Cabal
// http://www.royalcabal.com
// MaviaCode
//===================================//
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
void Ganti(void *adr, void *ptr, int size)
{
DWORD OldProtection;
VirtualProtect(adr,size,PAGE_EXECUTE_READWRITE, &OldProtection);
memcpy(adr,ptr,size);
VirtualProtect(adr,size,OldProtection, &OldProtection);
}
void WritePointer(unsigned long ulBase, int iOffset, int iValue)
{
if (!IsBadReadPtr((VOID*)ulBase, sizeof(unsigned long))) {
if (!IsBadWritePtr((void*)(*(unsigned long*)ulBase + iOffset), sizeof(unsigned long)))
{ *(int*)(*(unsigned long*)ulBase + iOffset) = iValue; }
}
}
void GantiXOR() {
//while(1){
//Enkripsian XOR meh teu ka to'ong
DWORD XOR1, XOR2, XOR3, XOR4 = 0;
DWORD CABALMAIN = (DWORD)GetModuleHandleA("CabalMain.exe");
if (CABALMAIN > 0) {
XOR1 = (DWORD)0x4A832F;
XOR2 = (DWORD)0x4A831E;
XOR3 = (DWORD)0x4A830C;
XOR4 = (DWORD)0x4A82FA;
Ganti((void *)(XOR1),(void*)(PBYTE)"\x35\x92\x00\x00\x00", 5); // XOR 1 = 92
Ganti((void *)(XOR2),(void*)(PBYTE)"\x83\xF0\x66", 3); // XOR 2 = 66
Ganti((void *)(XOR3),(void*)(PBYTE)"\x83\xF0\x66", 3); // XOR 3 = 66
Ganti((void *)(XOR4),(void*)(PBYTE)"\x83\xF0\x66", 3); // XOR 4 = 66
}
Sleep(100);
// }
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
if (dwReason == DLL_PROCESS_ATTACH) {
if(dwReason == DLL_PROCESS_ATTACH){
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)GantiXOR, 0, 0, 0);
}else if(dwReason == DLL_PROCESS_DETACH){
}
}
return TRUE;
}
Compile and hook it to CabalMain.exe.
sorry my english bad :