Ok now let's make this a serial sniffer. Convert to 64bit.
https://dosya.co/l3361g3yraiu/test.exe.html
https://dosya.co/l3361g3yraiu/test.exe.html
;for 64bit this area erase
;;;;;;;;;;;;;;;;;;;;;;;;;;
.386
.model flat,stdcall
option casemap:none
;;;;;;;;;;;;;;;;;;;;;;;;;;
ifndef _Win64
include masm32rt.inc
else
include masm64rt.inc
endif
.const
filename db "test.exe", 0
targetaddress equ 004012A5h ;targetaddress dd 4012A5h;This is snif address not patch
;values db 1 dup(74h)
LOOOP db 0EBh,0FEh,0
ORIG db 00h,00h,0
baslik db "your serial :",0
.data
sinfo STARTUPINFO<>
pinfo PROCESS_INFORMATION<>
CTX CONTEXT<>
.data?
beax db 50 dup (?)
oku db 50 dup(?)
.code
start:;64bit not use
snif proc public
invoke CreateProcessA, addr filename, NULL, 0, 0, 0, CREATE_SUSPENDED, 0, 0, addr sinfo, addr pinfo
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
invoke ReadProcessMemory,pinfo.hProcess,targetaddress ,addr ORIG,2,0
invoke WriteProcessMemory,pinfo.hProcess,targetaddress ,addr LOOOP,2,0
invoke ResumeThread,pinfo.hThread
mov CTX.ContextFlags,CONTEXT_FULL
invoke GetThreadContext,pinfo.hThread,addr CTX
@dongu:
invoke GetThreadContext,pinfo.hThread,addr CTX
.if CTX.regEip!= targetaddress
JMP @dongu
.endif
invoke SuspendThread,pinfo.hThread
invoke GetThreadContext,pinfo.hThread,addr CTX
invoke ReadProcessMemory,pinfo.hProcess,CTX.regEax,addr beax,50,oku
invoke MessageBox,0,addr beax,addr baslik,MB_OK
invoke WriteProcessMemory,pinfo.hProcess,targetaddress,addr ORIG,2,0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
invoke ResumeThread, pinfo.hThread
invoke ExitProcess, 0
snif endp
end start;64bit not use
end