From fcd98f2ec7eee13619a0b5540e89b270659367e1 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Fri, 18 Oct 2019 22:26:23 +0200 Subject: updated hunt offsets for update 1.1 --- Hunted/Hunted.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'Hunted/Hunted.cpp') diff --git a/Hunted/Hunted.cpp b/Hunted/Hunted.cpp index d5ddf80..9c06637 100644 --- a/Hunted/Hunted.cpp +++ b/Hunted/Hunted.cpp @@ -181,7 +181,7 @@ int wmain(int argc, wchar_t **argv) std::wcout << "ADDRESS -> " << WHEXOUT << targetAddr << std::endl; UINT64 g_pEnvSys = 0; - g_pEnvSys = (UINT64)md.DllBase + 0x28C3F8; + g_pEnvSys = (UINT64)md.DllBase + 0x28E3F8; for (MODULE_DATA& md : modules) { if (!strncmp(md.BaseDllName, "CryAction.dll", @@ -251,8 +251,8 @@ int wmain(int argc, wchar_t **argv) 0xFF, 0xE0 }; *(UINT64 *)((BYTE *)cc + 31) = g_pEnvSys; *(UINT64 *)((BYTE *)cc + 41) = dll.GetEntryPoint(); - /* PATTERN: 48 89 4C 24 08 48 83 EC 48 +275 */ - UINT64 jumpBackAddr = (UINT64)md.DllBase + 0x70885; + /* PATTERN: 48 89 4C 24 08 48 83 EC 48 +0x275 */ + UINT64 jumpBackAddr = (UINT64)md.DllBase + 0x708F5; *(UINT64 *)((BYTE *)cc + 81) = jumpBackAddr; printBuf(cc, sizeof cc, 32); KMemoryBuf::Wpm(targetPID, (PVOID)targetAddr, &cc[0]); @@ -260,8 +260,8 @@ int wmain(int argc, wchar_t **argv) BYTE dd[] = { 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xE0 }; *(UINT64 *)((BYTE *)dd + 2) = (UINT64)targetAddr; printBuf(dd, sizeof dd, 32); - /* PATTERN: 48 89 4C 24 08 48 83 EC 48 +9 */ - KMemoryBuf::Wpm(targetPID, (PVOID)((UINT64)md.DllBase + 0x70619), &dd[0]); + /* PATTERN: 48 89 4C 24 08 48 83 EC 48 +0x9 */ + KMemoryBuf::Wpm(targetPID, (PVOID)((UINT64)md.DllBase + 0x70689), &dd[0]); #if 0 Sleep(1000); if (!ki.VUnlink(targetPID, targetAddr)) { -- cgit v1.2.3