/* by Luigi Auriemma */ static unsigned char un49g_dump[] = "\x55\x8b\xec\x83\xe4\xf8\x81\xec\xac\x0c\x00\x00\x8b\x45\x08\x33" "\xc9\x89\x44\x24\x18\x8b\x45\x0c\x8a\x28\x0f\xb6\x50\x02\x53\x83" "\xc0\x04\x56\x8a\x48\xfd\x57\x89\x45\x0c\x8d\x7c\x24\x28\xc1\xe1" "\x08\x0b\xca\x0f\xb6\x50\xff\xc1\xe1\x08\x0b\xca\x8b\xf1\xb9\x23" "\x03\x00\x00\xb8\x00\x04\x00\x00\x83\xca\xff\xf3\xab\x33\xff\x89" "\x7c\x24\x20\x33\xc0\x85\xc0\x75\x7c\xbb\x01\x00\x00\x00\x8b\xff" "\x81\xfa\x00\x00\x00\x01\x73\x12\x8b\x45\x0c\x0f\xb6\x08\xc1\xe6" "\x08\x0b\xf1\x40\x89\x45\x0c\xc1\xe2\x08\x8b\x84\x9c\xb4\x00\x00" "\x00\x8b\xca\xc1\xe9\x0b\x0f\xaf\xc8\x3b\xf1\x73\x1a\x8b\xd1\x8b" "\xc8\x81\xf1\xf0\x07\x00\x00\xc1\xe9\x04\x03\xc8\x89\x8c\x9c\xb4" "\x00\x00\x00\x03\xdb\xeb\x16\x2b\xf1\x2b\xd1\x8b\xc8\xc1\xe9\x04" "\x2b\xc1\x89\x84\x9c\xb4\x00\x00\x00\x8d\x5c\x1b\x01\x81\xfb\x00" "\x01\x00\x00\x7c\x9b\x8b\x45\x08\x88\x18\x40\x89\x45\x08\x33\xff" "\xe9\x0b\x03\x00\x00\x85\xff\xc7\x44\x24\x14\x00\x00\x00\x00\x75" "\x3c\x81\xfa\x00\x00\x00\x01\x73\x12\x8b\x45\x0c\x0f\xb6\x08\xc1" "\xe6\x08\x0b\xf1\x40\x89\x45\x0c\xc1\xe2\x08\x8b\x4c\x24\x30\x8b" "\xc2\xc1\xe8\x0b\x0f\xaf\xc1\x3b\xf0\x73\x68\x8b\xd0\x8b\xc1\x35" "\xe0\x07\x00\x00\xc1\xe8\x05\x03\xc8\x89\x4c\x24\x30\xb0\x01\xc7" "\x44\x24\x10\x01\x00\x00\x00\x81\xfa\x00\x00\x00\x01\x73\x12\x8b" "\x4d\x0c\x0f\xb6\x39\xc1\xe6\x08\x0b\xf7\x41\x89\x4d\x0c\xc1\xe2" "\x08\x0f\xb6\xf8\x8b\xca\xc1\xe9\x0b\x0f\xaf\x8c\xbc\xb4\x04\x00" "\x00\x3b\xf1\x8d\xbc\xbc\xb4\x04\x00\x00\x73\x33\x8b\xd1\x8b\x0f" "\x8b\xd9\x81\xf3\xe0\x07\x00\x00\xc1\xeb\x05\x03\xd9\x89\x1f\xd0" "\xe0\xeb\x2f\x8b\x7c\x24\x20\x2b\xf0\x2b\xd0\x8b\xc1\xc1\xe8\x05" "\x2b\xc8\x89\x4c\x24\x30\x89\x7c\x24\x10\xe9\x39\x01\x00\x00\x2b" "\xf1\x2b\xd1\x8b\x0f\x8b\xd9\xc1\xeb\x05\x2b\xcb\xd0\xe0\x89\x0f" "\xfe\xc0\x81\xfa\x00\x00\x00\x01\x73\x12\x8b\x4d\x0c\x0f\xb6\x39" "\xc1\xe6\x08\x0b\xf7\x41\x89\x4d\x0c\xc1\xe2\x08\x0f\xb6\xf8\x8b" "\xca\xc1\xe9\x0b\x0f\xaf\x8c\xbc\xb4\x04\x00\x00\x3b\xf1\x8d\xbc" "\xbc\xb4\x04\x00\x00\x73\x17\x8b\xd1\x8b\x0f\x8b\xd9\x81\xf3\xe0" "\x07\x00\x00\xc1\xeb\x05\x03\xd9\x89\x1f\xd0\xe0\xeb\x13\x2b\xf1" "\x2b\xd1\x8b\x0f\x8b\xd9\xc1\xeb\x05\x2b\xcb\xd0\xe0\x89\x0f\xfe" "\xc0\x8b\x7c\x24\x10\x33\xc9\x8a\xc8\x83\xe1\x01\xa8\x02\x8d\x0c" "\x79\x89\x4c\x24\x10\x0f\x85\x0c\xff\xff\xff\x85\xc9\x0f\x84\x18" "\x02\x00\x00\x83\xe9\x02\x8b\xc1\xf7\xd8\x1b\xc0\x83\xe0\x10\x83" "\xc0\x03\x89\x4c\x24\x10\x89\x44\x24\x18\xbf\x01\x00\x00\x00\xeb" "\x04\x8b\x44\x24\x18\x81\xfa\x00\x00\x00\x01\x73\x12\x8b\x4d\x0c" "\x0f\xb6\x19\xc1\xe6\x08\x0b\xf3\x41\x89\x4d\x0c\xc1\xe2\x08\x8d" "\x1c\x38\x8b\x4c\x9c\x28\x8d\x5c\x9c\x28\x8b\xc2\xc1\xe8\x0b\x0f" "\xaf\xc1\x3b\xf0\x73\x14\x8b\xd0\x8b\xc1\x35\xe0\x07\x00\x00\xc1" "\xe8\x05\x03\xc1\x89\x03\x03\xff\xeb\x11\x2b\xf0\x2b\xd0\x8b\xc1" "\xc1\xe8\x05\x2b\xc8\x89\x0b\x8d\x7c\x3f\x01\x83\xff\x10\x7c\xa1" "\x8b\x44\x24\x10\xc1\xe0\x04\x8d\x7c\x38\xf1\x81\xff\x00\x08\x00" "\x00\x89\x7c\x24\x10\x7c\x08\xc7\x44\x24\x14\x01\x00\x00\x00\x83" "\xff\x60\x7c\x04\xff\x44\x24\x14\xb9\x01\x00\x00\x00\x89\x7c\x24" "\x20\x89\x4c\x24\x18\x8a\xc1\x89\x4c\x24\x1c\xeb\x03\x8d\x49\x00" "\x81\xfa\x00\x00\x00\x01\x73\x12\x8b\x4d\x0c\x0f\xb6\x39\xc1\xe6" "\x08\x0b\xf7\x41\x89\x4d\x0c\xc1\xe2\x08\x0f\xb6\xf8\x8b\xca\xc1" "\xe9\x0b\x0f\xaf\x8c\xbc\xb4\x08\x00\x00\x3b\xf1\x8d\xbc\xbc\xb4" "\x08\x00\x00\x73\x17\x8b\xd1\x8b\x0f\x8b\xd9\x81\xf3\xe0\x07\x00" "\x00\xc1\xeb\x05\x03\xd9\x89\x1f\xd0\xe0\xeb\x13\x2b\xf1\x2b\xd1" "\x8b\x0f\x8b\xd9\xc1\xeb\x05\x2b\xcb\xd0\xe0\x89\x0f\xfe\xc0\x81" "\xfa\x00\x00\x00\x01\x73\x12\x8b\x4d\x0c\x0f\xb6\x39\xc1\xe6\x08" "\x0b\xf7\x41\x89\x4d\x0c\xc1\xe2\x08\x0f\xb6\xf8\x8b\xca\xc1\xe9" "\x0b\x0f\xaf\x8c\xbc\xb4\x08\x00\x00\x3b\xf1\x8d\xbc\xbc\xb4\x08" "\x00\x00\x73\x17\x8b\xd1\x8b\x0f\x8b\xd9\x81\xf3\xe0\x07\x00\x00" "\xc1\xeb\x05\x03\xd9\x89\x1f\xd0\xe0\xeb\x13\x2b\xf1\x2b\xd1\x8b" "\x0f\x8b\xd9\xc1\xeb\x05\x2b\xcb\xd0\xe0\x89\x0f\xfe\xc0\x8b\x7c" "\x24\x1c\x33\xc9\x8a\xc8\x83\xe1\x01\xa8\x02\x8d\x3c\x79\x89\x7c" "\x24\x1c\x0f\x85\x28\xff\xff\xff\x8b\x4c\x24\x14\x03\xcf\x74\x1c" "\x8b\x7d\x08\x8b\x5c\x24\x10\x8b\xc7\x2b\xc3\xeb\x03\x8d\x49\x00" "\x8a\x18\x88\x1f\x47\x40\x49\x75\xf7\x89\x7d\x08\x8b\x7c\x24\x18" "\x81\xfa\x00\x00\x00\x01\x73\x12\x8b\x45\x0c\x0f\xb6\x08\xc1\xe6" "\x08\x0b\xf1\x40\x89\x45\x0c\xc1\xe2\x08\x8b\x44\xbc\x28\x8b\xca" "\xc1\xe9\x0b\x0f\xaf\xc8\x3b\xf1\x73\x18\x8b\xd1\x8b\xc8\x81\xf1" "\xe0\x07\x00\x00\xc1\xe9\x05\x03\xc8\x89\x4c\xbc\x28\xe9\x31\xfc" "\xff\xff\x2b\xf1\x2b\xd1\x8b\xc8\xc1\xe9\x05\x2b\xc1\x89\x44\xbc" "\x28\xb8\x01\x00\x00\x00\xe9\x1a\xfc\xff\xff\x8b\x45\x08\x8b\x4c" "\x24\x24\x5f\x5e\x2b\xc1\x5b\x8b\xe5\x5d\xc3"; __cdecl int (* un49g)(unsigned char *dst, unsigned char *src) = NULL; // anti DEP limitation! if you apply VirtualAlloc on a static char // it will cover also the rest of the page included other variables! void *un49g_alloc(u8 *dump, int dumpsz) { int pagesz; void *ret; pagesz = (dumpsz + 4095) & (~4095); // useful for pages? mah #ifdef WIN32 ret = VirtualAlloc( NULL, pagesz, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // write for memcpy #else ret = malloc(pagesz); mprotect( ret, pagesz, PROT_EXEC | PROT_WRITE); // write for memcpy #endif memcpy(ret, dump, dumpsz); return(ret); } void un49g_init(void) { if(un49g) return; un49g = un49g_alloc(un49g_dump, sizeof(un49g_dump)); }