better bypass

mrpond · Apr 23, 2020 · c6c722b · c6c722b
1 parent c7f02e2
commit c6c722b
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/src/Modify.cpp b/src/Modify.cpp
@@ -34,15 +34,18 @@ DWORD WINAPI KillBanner (LPVOID)
 	MODULEINFO mInfo = { 0 };
 	if (GetModuleInformation (GetCurrentProcess (), hModule, &mInfo, sizeof (MODULEINFO))) {
 
-		LPVOID skipPod = FindPattern ((uint8_t*)hModule, mInfo.SizeOfImage,
-									  (BYTE*)"\x84\xC0\x0F\x85\xA4\x00\x00\x00\x6A\x0D", "xxxxxxxxxx");
-
+		LPVOID skipPod = FindPattern ((uint8_t*)hModule, mInfo.SizeOfImage, (BYTE*)"\x83\xC4\x08\x84\xC0\x0F\x84\x00\x04\x00\x00", "xxxxxxxxxxx");
+
 		if (skipPod)
 		{
 			DWORD oldProtect;
-			VirtualProtect ((char*)skipPod + 2, 6, PAGE_EXECUTE_READWRITE, &oldProtect);
-			memset ((char*)skipPod + 2, 0x90, 6);
-			VirtualProtect ((char*)skipPod + 2, 6, oldProtect, &oldProtect);
+			VirtualProtect ((char*)skipPod + 5, 1, PAGE_EXECUTE_READWRITE, &oldProtect);
+			memset ((char*)skipPod + 5, 0x90, 1);
+			VirtualProtect ((char*)skipPod + 5, 1, oldProtect, &oldProtect);
+
+			VirtualProtect ((char*)skipPod + 6, 1, PAGE_EXECUTE_READWRITE, &oldProtect);
+			memset ((char*)skipPod + 6, 0xE9, 1);
+			VirtualProtect ((char*)skipPod + 6, 1, oldProtect, &oldProtect);
 		}
 
 	}