It is sad that VIP users on the once popular EXETOOLS forum post Jihadi videos on Youtube in a blatant manner.
Today we have that same user who uses the nicknames chants, progman and now as biorpg try to spoil my business in these difficult COVID times by claiming that my blog is fake 🙁
The real name of that criminal terrorist is of course Gregory Morse (aka Abdul Muid) and much has been written about him on various online blogs.
Just do these 3 steps please:
STEP 1: I ask you all to check out only ONE VIDEO of his on youtube:
STEP 2: SAME PERSON as the one in youtube video. You can check his face from his picture on his GITHUB PAGE:
[X-Ray] turns into Gay-Ray. The pedophilic criminal who went by the monikers [X-Ray] and Roentgen, instead of sitting silently in his Cathode-Ray Tube, decided to re-start his pedophilic career with the new nicks Gay-Ray and Gay-Gen.
This is the height of crime! The lowest depths of depravity. It is sad to see TSRh forum degenerate so bad 🙁 You can see the details in the chatbox:
TOMORROW: A STAFF PICTURE of the team of my BELOVED BORED4ALL! STAY TUNED!!!!
de! : This is for clicking on LIKES for hate posts. MORE to come. ALL your work will be posted and sold here. JonArbuckle, Especialista and other mods will also pay DEARLY for allowing hate posts in the forum.
Also, remember that TSRh IS COMPROMISED! ALL YOUR DMs are READABLE BY ANYONE!
Yeah, yeah, I know… I could just delete the posts with a swipe of my mighty arm but… It is the bloody job of the admins and mods to avoid the hate posts.
Now let’s see THEIR content being leaked out and sold too.. ONE by ONE… Day by day…
Yeah, yeah, I know… I could just delete the posts with a swipe of my mighty arm but… It is the bloody job of the admins and mods to avoid the hate posts.
Now let’s see THEIR content being leaked out and sold too.. ONE by ONE… Day by day…
Let me summarize this for all the F*CKTARDS (yes, using that same term that my geriatric lover de! used) like de! out there:
TSRh Forum was compromised LONG AGO! ANYTHING you post in the forum, whether it be in the private sections (LIKE HOW I STILL FOOLISHLY DID YESTERDAY) or through DMs (like how de! foolishly kept giving out the password to her BoilSoft Keygen: ALL of them get leaked in S-S-SECONDS as the hackers can access the COMPLETE DATABASE of the forum!
@de! If you want the password to your file just make a comment below in this post and I will post the password! It was out of PITY for your hard work that I did not post the password as a free for all yesterday!
Cachito smugly sits in his lawless country Argentina and posts sniggers but who ACTUALLY suffers? It is WE, who suffer, those who live in the EU or in the US! What does Cachito have to lose? NOTHING
Cachito merely pockets the “donations” in bitcoin and encourages everyone to visit the forum so that more and more people would be encouraged to donate, right into his greedy pockets! It is fools like us who take the risk and fill his pockets!
I crack software and film young girls taking ALL the risk and I cannot even sell it in peace on my own blog. Sorry X-Ray that on the TSRh forum today I needed to claim that this blog did not belong to me. But what to do? Everyone would have TORN me apart had I confessed that I needed money and that I resorted to selling the porn and the cracked software
I had already posted this before and it has adequate proof in it, proof of the whole DATABASE COMPROMISE with screenshots:
Rooster1: You landed into this mess since you decided to take part in the sh*tfest on the TSRh chatbox 2 months ago when I needed to make some comments to save this blog, my sole and only source of income in these COVID times!
A close associate of the Jihadi Terrorist Gregory Morse aka Abdul Muid, p4r4d0x (one among the many nicknames that he uses on online boards) started speaking up against me and the cops yet again:
P4r4d0x (formerly pirat) on TSRh and EXETOOLS forum, zd0x on tuts4you etc rants about me and the cops
Gregory Morse has already been discussed many times in the past:
Deuteronomy 6:16 “Thou shalt not tempt the Lord thy God.
But Cachito decided to do just that. Again and again. And again. Until the LORD was provoked to anger. And then his fury knew no bounds. See how Cachito the brain-dead moronic excuse of an Admin at TSRh decided to bring down the destruction of TSRh right at the time Christmas, endangering several other users of the forum in the process with his imbecilic provocations towards none other than the Mighty Lord himself (may the Lord’s name be blessed from everlasting to everlasting):
The fool Cachito provokes the Lord…
The Lord decided to remain silent… Then after a few more days, the imbecilic Admin Cachito once again decided to provoke the Lord with his FOOLISH gestures:
“The Lord thy God is a formidable God“
This time the Lord no longer could remain patient and decided to show his MIGHT. Sulphur and brimstone rained down from the heavens and reduced the once bubbly and bright TSRh forum to a worthless heap of rubble and dust that was not fit for even WEEDS to grow!
This is my stance towards the LORD:
I HUMBLE MYSELF BEFORE THE LORD: THIS IS MY STANCE
Oh… The user who went by the moniker rooster1 (seems he named himself as rooster as a pseudonym for COCK or the male organ, which he liked to suck and suck and suck daily(and swallow of course, for it to count towards his daily “protein intake”) was also ruthlessly ripped apart and his IP addresses from Verizon exposed, for MOCKING the Lord. The user de! escaped this time for old times’ sake under the NANNY PROVISIONS ACT which allowed those with shrivelled up pussies (cats 😉 ) to temporarily escape the WRATH of the Lord. May not be so lucky the next time round though…
The Database of the TSRh forum was ripped right out and hung out on the internet for every passer-by to shake their heads in pity and cluck their tongues at, to highlight the folly of the Brainless excuse of an asshole, Cachito who was made the Admin of TSRh a couple years ago only due to the strong NEPOTISM prevalent in that forum, when Cachito repeatedly sucked the teeny manhood of his bastard brother who managed to convince Cachito that he was a huge Linux expert and that he even “came on 2 local Argentinian TV shows” lol. Of course, Cachito brother “came” on the TV shows only in his pants. 😀
Screenshots of SOME of the TSRH Forum User Database Pages follow (since there are far to many for me to post all on a single day). More to follow in the coming days:
These are just REPRESENTATIVE PAGES from the H-U-U-U-G-E database list that was released a few days back in the underground forums… I will try to post the remaining pages from the database in the coming days. There are around 95 pages in total (too many to upload in one day).
Check my Next Blog Post for More USER DETAILS that were also leaked out, at the link below…
Check out the person named Gregory Morse (aka ProgMan on Tuts4you andCHANTS on Exetools) . Yeah that author has a nice picture on his Github page (https://github.com/GregoryMorse):
Gregory Morse aka Abdul Muid
What is more interesting is that the same user has even more controversial content on his YouTube page (ranging all the way from 2011). The most interesting one being this:
This video linked to above is dated Feb 3, 2012 and the same person that we see on the GitHub page photo (Gregory Morse) is also seen speaking in this video! See the date in the screenshot below.
Gregory Morse Person speaking is the same as in the photo on the Github page
Other videos on Gregory’s Home page:
You can view the full playlist here:
Details about this terrorist were posted on tuts4you today by a journalist, but not surprisingly, Teddy Rogers, the admin of the tuts4you site, hurriedly got it deleted.
It is well known that Teddy Rogers receives funds from terrorists like Abdul Muid aka Gregory Morse for the upkeep of the tuts4you site. So it is not a huge wonder that he gets the posts detrimental to terrorism removed in a hurry from his website!
Yay, they wrote about myself too! Let me re-post here… 😀
Meanwhile, as covered already, TonyWeb, previously a well respected
reverser, continues to sell child porn on various online sites:
Enterprise (v13) : Workstation/Server/Advanced Server/Technician :
•It offers full backup of your entire systems, disk and files to make your business data protected. You can restore data and quickly return to the normal business to minimize losses after a data catastrophe.
•Easily migrate drive from Physical machine to virtual machine. Also, you can directly restore an EaseUS disk/backup image to a virtual machine with P2V Recovery.
•Scheduling backup plans is the best way to ensure that backups are done in a consistent and timely manner. As a powerful and auto backup software, it enables you to schedule various types of backup plans, including Full backup, Differential backup, Incremental backup.
•It allows an IT administrator to remotely boot a machine from the network to the recovery environment for backup. It is especially useful for system recovery and system deployment. And it helps an IT administrator reducing the daily workload.
•It can create backups for entire SQL database on business requirement and support Microsoft SQL Server 2019/2016/2014/2012/2008 R2/2008/2005
•EaseUS Todo Backup Enterprise can backup Exchange email and mailbox regularly and assures to restore anything right now for non-stop workflow.It supports Exchange Server 2016/2013/2010/2007/2003
Home (v12/v13) : •Easily run an automated backup on your directories & files, compress file images to save space, and encrypt files to protect privacy. •Back up Windows system along with user settings, create a bootable backup, restore your system quickly once it crashes. •Back up disk/partition at a block level, while data stored on it is ever-increasing and updated. No impact on the existing disk running. •Store backups to anywhere, hard drive, an external device, tape, FTP server, network share, NAS, CD/DVD, or OneDrive, Google Drive, and Dropbox.
NO PATCH KEYGEN DOWNLOAD: https://www.mirrored.to/files/TUSJWBIR/etbkgn.exe_links
Info for the keygen (=without patch) :
Run as Admin
Click on “3. Verify” to check if your hostfile has been updated
If not in green, please click on “4. Update” and reverify again.
Choose the type of license and click on “1. Generate”. This is the code you need to use when registering
Next click on “2. Generate”. This is the activation code you need afterwards.
My manhood is minuscule but the amount of jizz that it produces is phenomenal! 😀 You wanna ask what I was wanking off to? Well…
Crybaby de! – The Sexual Exploits of a Granny!
I was on a video call with de! and I must say that she looks rather ravishing for her age (she is well over 60 although going by the appearance of her shriveled and wrinkled boobies I would put her age at around 80)…
I wanked on and on and on during the video call to the video images of her saggy boobs and the cucumber that she was thrusting feverishly into the crusted granny cockbox of hers (de!’s). Surprisingly she also did the same at her end, after stripping down to her socks.
de! came on and on again and again as well and managed to squirt all over her keyboard and monitor. I was surprised at the amount of cum that a granny puss-pot could produce!
Unfortunately, after one last final squirt, the monitor went blank. I can only assume that all her cum caused her laptop to short-circuit 🙁
Man! Who would have thought that women would be able to get off by looking at my one inch manhood! But de! was the exception. It was a refreshing change for me from the many women who screamed in disgust and left the moment they saw my tiny member. 🙁
That was one of the reasons that I needed to settle for kiddies… The phrase “Pick on something your own size” takes on a whole new meaning in this context! 😀
You can see in the screenshot above how she wrote on another forum’s chat-box about the wonderful time that she had with me during the video call. She was worried about the contents of the video call being leaked and you can see how she wrote that she wanted witness protection lol!
Of course, I lost no time in recording the video of her rubbing her shriveled you-know-what when she was in birthday suit screaming off like a banshee. In that instance she reminded me of my granny and I came again and again… And again…
As you might expect, I also managed to sell off a few copies of the recorded video to those who were into sex with “older women”. Calling someone the age of one’s granny and “older woman” is carrying things a little too far but… While I must agree that the market for older women is far less that that for school girls, still.. Money is money and I did not want to forgo it…
Sadly, things didn’t end too well at my end as well, and one particularly large cumshot from my tiny organ managed to find its way onto my laptop’s keyboard and screen, and within a few seconds, my laptop burst into flames. 🙁
That my friends, is the reason why I was so silent all these days until I could sell enough crack, 😉 cracks and porn in order to get hold of enough money to buy myself a new laptop.
I hope to have many more jizzy days with de! in future 😉
Gone are the days where I needed to jack off to the smelly hairy and dried prune of DrNil’s from BetaBBS after I made him to bend down to “pick up the soap” while still being connected on video chat… 😀
Of course, I also enjoyed Aaron’s baby-smooth ass many a time and lost bucketfuls of jizz over it… But the joy from de! with her innocent granny face and body was something totally out of the this world!
I enjoyed Aaron from Exetools a lot! 😉
Check out this post to see more about Aaron: http://tonyweb.xyz/index.php/2020/11/08/congratulations-to-aaron-founder-of-the-exetools-forum/
One of my other aliases is mr.eax.09 – You can contact me through that alias also!
My contact details as usual are the same, if you want to buy that video:
Oh woe is me. No other man should suffer, ever, as I do now. I went against the Lord and now I am reduced to a state where I have to beg on my knees for scraps on the corners of the streets. Woe is me. Woe is mine.
Day after day, hour after hour, I roam in the dark alleys of online warez forums like B4A, trying to post tidbits and snippets of HelpDesk Answers, in a doggone (pun intended) and long forgone attempt to gain back likes from fellow reversers.
No one cares. I realize that I have lost my respect. Totally. No one gives a shit about someone like me who sold cracks online for large sums of money as well as entice young schoolgirls to pose nude and also commit sex acts for my porn movies.
At the time I did not realize that creating and selling underage porn would have such a life-changing impact as far as my online life in reversing forums went. Now I realize that I cannot sell underage porn AND have respect from other reversers at the same time.
I still decide to be stubborn. Keep provoking the Lord and see how far he can go. After all, what can the Lord do? I am the mightier and the more stubborn one!
Anyone who wishes to can contact me at this email address:
Or at this email address:
Please contact me at the above email addresses if you need to purchase the cracks or porn or anything that I sell, as advertised on this blog. All payments in Bitcoin only – I do not want to have to worry about TAXES. 😉
What has my life finally been reduced to? A dog’s life? A street dog’s worthless life? What did I do to deserve it? I hav eturned from a shining example of a charming online persona to that of a miserable sleepless drug-addicted, sex-maniac wretch!
My life as a street dog
All I did was to provoke the Lord and challenge the Lord and now my life has been reduced to such a state worse than that of a homeless beggar.
Every single day, I wake up and rush to each and every online RCE forum, with fear and dread of what I would see. With fear and dread of what all paid cracks of mine that I used to sell for hundreds of dollars online in the past, are leaked now as a “free for all” for everyone to devour and enjoy without spending a a penny.
Assuming I do not find anything of mine (except the piss in my pants) leaked (yet), I heave a sigh of relief and start to make my morning coffee. But my relief is short-lived. Again the fear starts to gnaw back at me: Is something leaking some of my content now? Is someone writing something obscene against me now?
And again, the ordeal continues. Constant clicking of the REFRESH button on every one of the 50+ tabs in my browser while fearfully gulping on my coffee has worn down more than one keyboard. Of course the other reason for the keyboards to get worn down is the “sticky, slimy. erm… discharge” that I fail to wipe off properly from my even otherwise grubby little fingers before touching the keyboard. Yeah, momma did not teach me well to wipe my hands clean, although she taught me a lot “other” things not traditionally taught by mothers to their sons. 😉
Excessive stress leads to excessive “jacking off” (manually draining off my fluids 😉 ) and this has led to me now becoming weak and ridden with sores all over my body – just like another Biblical Job.
I have not even gotten to talking about the constant ass-licking that I need to do to the various staff of the online RCE boards in the hope that if someone ever leaks anything on their, my pleas to get the posts removed would not fall on deaf ears. The rules here are as simple as that in some prisons: If you do not suck the “sausages” of the people in power and be on call as a cock-sucker then you can forget about relative comfort while in the prison.
I am sick and tired constant running around wagging my tail with a cute-puppy look around people like B30wulf and Chessgod101 clicking on their meaningless posts just so that I remain their good books.
I mean, I know just as well as you do that B30wulf only raked up that topic about releasing his paid copy of the IDA Pro to the public to generate some interest among the users of Exetools forum and to increase traffic to the forum. We all know very well that finally, they would release a stolen version of the IDA Pro from some thief like Ethereal (Andrew Snowfall?) all the while claiming that they brute-forced the password for the IDA Pro installer (or some other such bullshit)!
Not surprising that Gregory Morse should again start his sharting of how he would “brute-force” the IDA Pro and release it, now that he has a stolen version of the IDA Pro.
Gregory Morse aka Chants – My Partner in Crime
The World has come to such a sorry state that hot-air balloons like Gregory Moose who are well known terrorists are promoted to higher ranks on forums just to spite other reversers against whom the admins have a grudge.
Aaron and Zenix from Exetools: Blissfully Fucking as I Rot in Hell
I forgot.. I need to get back to clicking on the REFRESH button for the forums yet again. With my “organ” in one hand and other on the REFRESH button as I feverishly continue my OCD of checking out for any libelous posts. All this is draining out my sperm reserves and my wife is complaining that she is planning to elope with the milkman soon…
Why? Just why has my life been reduced to that of a worried madman? A pitiful homeless dog. Why?
One reason: I went against the Lord. I challenged the Lord. Now I am paying for it.Till the very last breath I will pay for it.
Do not make the same mistake that I made. Not worth challenging the Lord.
This post comes with a very big congratulations to Aaron, the founder of the most popular online crack forum Exetools (https://forum.exetools.com) on his wedding!
Coming Soon: Cracked Financial Software and Carding Tutorials (Sorry these will not be free 😉 )
Everyone who is in the “scene” knows the name (or rather the nick alias) of his bride. Clue: She is also a very popular reverse in the same forum and holds an administrative post in that forum.
Let us all wish them a very happy and prosperous married life and may they have lots and lots of kids! 😛
Please post comments wishing them a happy married life. A free NCP Secure Products Keygen for everyone making a comment using their real nick!
What about MY photo? Well… I will post a huge photo of myself in the next few days… Keep watching 😉
include \masm32\include\masm32rt.inc
include \masm32\include\masm32.inc
SIZEOF_NT_SIGNATURE equ sizeof DWORD
SIZEOF_IMAGE_FILE_HEADER equ 14h
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
GetModuleBaseAddress PROTO :DWORD
.data?
hWnd dd ?
hInstance dd ?
windowhandle dd ?
ProcessID dd ?
hProcess dd ?
PEHeader db 1000 dup (?)
Chunks db 65535 dup (?)
BaseAddress dd ?
SectionSize dd ?
SectionEnd dd ?
SectionAdress dd ?
sections_count dd ?
sectionHeaderOffset dd ?
.data
process_4 db "Setup - Zetta",0
patch_title db "Patching...",0
patch_success db "Patched Succesfully",0
error_1 db "Didn't find the target! You sure you started it??",0
error_2 db "Couldn't open process...",0
error_3 db "Couldn't write ...",0
error_4 db "Error reading PE header",0
error_5 db "This EXE has no sections",0
errornobase db "cannot read base address",0
about_title db "About...",0
about_text db "TonyWank and his MicroPenis",13,10
db "Special Thanks to: Sexual Intercourse",0
TextSection db ".text",0
ChunkSize dd 65535
SearchPattern db 083h,0F8h,00Ch,00Fh,084h,0FFh,0FFh,000h,000h,083h,0F8h,00Ah,00Fh,087h,0FFh,0FFh,000h,000h ;Search pattern in hex add "0" to the front of each digit and "h" to the end
SearchMask db 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0 ;(1=Ignore Byte)
ReplacePattern db 083h,0F8h,00Ch,00Fh,084h,0FFh,0FFh,000h,000h,083h,0F8h,00Ah,090h,0E9h,0FFh,0FFh,000h,000h ;Replace Pattern in hex add "0" to the front of each digit and "h" to the end
ReplaceMask db 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0 ;(1=Ignore Byte)
.code
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
start:
mov hInstance, FUNC(GetModuleHandle,NULL)
call main
invoke ExitProcess,eax
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
main proc
Dialog "RCS Zetta Installers Mem Patcher", \
"Courier New",8, \
WS_OVERLAPPED or WS_SYSMENU or DS_CENTER, \ ; dialog window style
4, \ ; number of controls
50,50,192,95, \
1024
DlgButton "Patch",WS_TABSTOP,10,60,50,13,IDOK
DlgButton "About...",WS_TABSTOP,70,60,50,13,IDCONTINUE
DlgButton "Exit",WS_TABSTOP,130,60,50,13,IDCANCEL
DlgStatic "This patcher works with ZettaDB2008_x86_Setup_2.0.1.exe, ZettaDB2008_x64_Setup_2.0.1.exe, RCSDatabase_64bit_Setup_2012.1.exe, Zetta_5.20.1.768.exe and probably newer versions too.",SS_CENTER,0,5,180,50,100
CallModalDialog hInstance,0,DlgProc,NULL
ret
main endp
; €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
DlgProc proc hWin:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
Switch uMsg
Case WM_INITDIALOG
m2m hWnd, hWin
ret
Case WM_COMMAND
Switch wParam
Case IDOK
mov hInstance,eax
invoke FindWindow,NULL,addr process_4
invoke GetWindowThreadProcessId,eax,addr ProcessID
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,ProcessID
test al,al
jz error2
mov hProcess,eax
Invoke GetModuleBaseAddress, ProcessID
mov BaseAddress, eax
invoke ReadProcessMemory,dword ptr[hProcess], eax, addr PEHeader, 1000, NULL
test al,al
jz error2
;DOS HEADER EXTRACTION
lea edi, PEHeader
assume edi: ptr IMAGE_DOS_HEADER
;Check if the file is a DOS file
cmp [edi].e_magic, IMAGE_DOS_SIGNATURE
jne error4
; DOS Header
mov edx, [edi].e_lfanew
;Check if the file is a PE file
add edi, edx ;address of the PE Header
assume edi: ptr IMAGE_NT_HEADERS
cmp [edi].Signature, IMAGE_NT_SIGNATURE
jne error4
; PE Header
mov edx, [edi].Signature
add edi, SIZEOF_NT_SIGNATURE
assume edi: ptr IMAGE_FILE_HEADER
movzx edx, [edi].NumberOfSections
push edx
pop sections_count
; Optional Header
add edi, SIZEOF_IMAGE_FILE_HEADER
assume edi: ptr IMAGE_OPTIONAL_HEADER
; ImageBase
lea edi, PEHeader
;SECTIONS
add edi, sizeof IMAGE_OPTIONAL_HEADER
assume edi: ptr IMAGE_SECTION_HEADER
mov sectionHeaderOffset, edi
mov ebx, sections_count
cmp ebx, 0
je error5
sections:
sub ebx, 1
push edi
mov esi, edi
lea edi, TextSection
mov ecx, 5 ; selects the of the first string as maximum for comparison
repe cmpsb ; comparison of ECX number of bytes
jne continue_scan
pop edi
mov edx, dword ptr [edi + 8h]
mov SectionSize, edx
mov edx, [edi].VirtualAddress
add edx, BaseAddress ;adds baseaddress + section address
mov ebx, edx
add edx, SectionSize
mov SectionEnd, edx
xor edi, edi
jmp scan
continue_scan:
pop edi
add edi, 28h
jmp sections
scan:
; Use ebx for pointer count, ReadProcessMemory replace eax, ecx and edx
invoke ReadProcessMemory,dword ptr[hProcess], ebx, addr Chunks, ChunkSize, NULL
push 1
sub ChunkSize, sizeof SearchPattern
push ChunkSize
push sizeof SearchPattern
push offset SearchMask
push offset SearchPattern
push offset Chunks
call SearchAndReturn
cmp eax, 1
je patch
cmp ebx, SectionEnd
jnle fin
add ebx, ChunkSize
sub ebx, sizeof SearchPattern
jmp scan
patch:
COMMENT *
Didn't do anything here, just copied code
invoke WriteProcessMemory,dword ptr[hProcess],ecx,addr writebuf_1,1,NULL
mov esi,_replacepattern
mov edx,_replacemask
xor ecx,ecx
.while ecx!=ebx ;ebx=patternsize
@cmp_mask_2:
cmp byte ptr[edx],1
je @ignore
lodsb ;load replacebyte to al from esi & inc esi
stosb ;mov byte ptr[edi],al & inc edi
jmp @nextbyte
@ignore:
inc edi ;targetadress
inc esi ;replacepattern
@nextbyte:
inc edx ;replacemask
inc ecx ;counter
.endw
mov local_returnvalue,1 ;yes, something was patched
*
error1:
invoke MessageBoxA,NULL,addr error_1,NULL,MB_ICONSTOP
jmp fin
error2:
invoke MessageBoxA,NULL,addr error_2,NULL,MB_ICONSTOP
jmp fin
error3:
invoke MessageBoxA,NULL,addr error_3,NULL,MB_ICONSTOP
jmp fin
error4:
invoke MessageBoxA,NULL,addr error_4,NULL,MB_ICONSTOP
jmp fin
error5:
invoke MessageBoxA,NULL,addr error_5,NULL,MB_ICONSTOP
fin:
sub ecx, offset Chunks
add ebx, ecx
invoke MessageBoxA,NULL,hex$(ebx),addr patch_title,MB_ICONINFORMATION
invoke CloseHandle,hProcess
Case IDCONTINUE
invoke MessageBoxA,NULL,addr about_text,addr about_title,NULL
Case IDCANCEL
invoke ExitProcess,1
EndSw
Case WM_CLOSE
invoke ExitProcess,1
EndSw
return 0
DlgProc endp
GetModuleBaseAddress proc iProcID:DWORD
LOCAL hSnap:DWORD
LOCAL xModule:MODULEENTRY32
invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, iProcID
mov hSnap,eax
mov xModule.dwSize, sizeof xModule
invoke Module32First, hSnap, addr xModule
invoke CloseHandle,hSnap
test eax, eax
jnz getaddr
mov eax, 0
ret
getaddr:
mov eax, xModule.modBaseAddr
ret
GetModuleBaseAddress endp
SearchAndReturn proc _targetadress:dword,_searchpattern:dword,_searchmask:dword,_patternsize:dword,_searchsize:dword
LOCAL local_returnvalue :dword ;returns if something was patched
LOCAL local_match :dword ;counts how many matches
pushad
mov local_returnvalue,0
mov local_match,0
mov edi,_targetadress
mov esi,_searchpattern
mov edx,_searchmask
mov ebx,_patternsize
xor ecx,ecx
.while ecx!=_searchsize
@search_again:
;---check if pattern exceed memory---
mov eax,ecx ;ecx=raw offset
add eax,ebx ;raw offset + patternsize
cmp eax,_searchsize
ja @return ;if (raw offset + patternsize) > searchsize then bad!
push ecx ;counter
push esi ;searchpattern
push edi ;targetaddress
push edx ;searchmask
mov ecx,ebx ;ebx=patternsize
@cmp_mask:
test ecx,ecx
je @pattern_found
cmp byte ptr[edx],1 ;searchmask
je @ignore
lodsb ;load searchbyte to al & inc esi
scasb ;cmp al,targetadressbyte & inc edi
jne @skip
inc edx ;searchmask
dec ecx ;patternsize
jmp @cmp_mask
@ignore:
inc edi ;targetadress
inc esi ;searchpattern
inc edx ;searchmask
dec ecx ;patternsize
jmp @cmp_mask
@skip:
pop edx
pop edi ;targetadress
pop esi ;searchpattern
pop ecx
inc edi ;targetadress
inc ecx ;counter
.endw
;---scanned whole memory size---
jmp @return
@pattern_found:
inc local_match
pop edx
pop edi ;targetadress
pop esi
mov local_returnvalue,edi
cmp local_match,eax
je @return
pop ecx ;counter
inc edi ;targetadress
jmp @search_again
;---return---
@return:
popad
mov eax,local_match
mov ecx,local_returnvalue
ret
SearchAndReturn endp
end start
Like F*ck I care! 😀 Let them make as many news letters as they wish.
I need money right now. I will keep claiming that this blog does not belong to me and the peanut brained fellows actually BELIEVE it lol! 😀
As long as they keep believeing that some other enemy of mine created this blog I will keep selling with my reputation intact. You all just need to pay in Bitcoin and I will deliver the goods!
My German friends are helping me:
I will soon post some new stuff including the Binary Ninja Crack. So hold on…
