Updated GlobalProtectDisable.exe
This commit is contained in:
Mariusz B. / mgeeky
parent
5f536a5220
commit
00b489b0ec
|
|
@ -1 +1 @@
|
|||
Subproject commit 7d3c3b5991cb430d6ff9c66c794688d67d5baa75
|
||||
Subproject commit 9fa37bcfe59b9431f2444b049d9103d8e755a493
|
||||
|
|
@ -8,6 +8,8 @@
|
|||
* Tested on Palo Alto Networks:
|
||||
* GlobalProtect client 3.1.6.19 (x64)
|
||||
* GlobalProtect client 5.0.3.29 (x64)
|
||||
* GlobalProtect client 5.1.3.12 (x64)
|
||||
* GlobalProtect client 5.2.8.23 (x64)
|
||||
*
|
||||
* Compilation:
|
||||
* C:> g++ GlobalProtectDisable.cpp -o GlobalProtectDisable.exe -static -static-libgcc -static-libstdc++
|
||||
|
|
@ -22,14 +24,13 @@
|
|||
|
||||
using namespace std;
|
||||
|
||||
const wchar_t *processName = L"PanGPA.exe";
|
||||
const size_t PatternsNum = 3;
|
||||
const size_t SizeOfReplacingBytes = 2;
|
||||
const size_t PatternsNum = 4;
|
||||
|
||||
const wchar_t *versionsArray[PatternsNum] = {
|
||||
L"3.1.6.19",
|
||||
L"5.0.3.29",
|
||||
L"5.1.3.12"
|
||||
L"5.1.3.12",
|
||||
L"5.2.8.23",
|
||||
};
|
||||
|
||||
//
|
||||
|
|
@ -84,6 +85,8 @@ const BYTE patternToFind51312[] = {
|
|||
0x00, 0x00, 0x00, 0x85, 0xD2
|
||||
};
|
||||
|
||||
const wchar_t *processName = L"PanGPA.exe";
|
||||
const size_t SizeOfReplacingBytes = 2;
|
||||
|
||||
// jne pangpa.7FF621B7D08F
|
||||
const BYTE bytesToBeReplaced31619[SizeOfReplacingBytes] = {
|
||||
|
|
@ -119,24 +122,28 @@ const BYTE replacingBytes51312[SizeOfReplacingBytes] = {
|
|||
const BYTE *patternsArray[PatternsNum] = {
|
||||
patternToFind31619,
|
||||
patternToFind50329,
|
||||
patternToFind51312,
|
||||
patternToFind51312
|
||||
};
|
||||
|
||||
const size_t patternsSizes[PatternsNum] = {
|
||||
sizeof(patternToFind31619),
|
||||
sizeof(patternToFind50329),
|
||||
sizeof(patternToFind51312),
|
||||
sizeof(patternToFind51312)
|
||||
};
|
||||
|
||||
const BYTE *patternsToBeReplaced[PatternsNum] = {
|
||||
bytesToBeReplaced31619,
|
||||
bytesToBeReplaced50329,
|
||||
bytesToBeReplaced51312,
|
||||
bytesToBeReplaced51312
|
||||
};
|
||||
|
||||
const BYTE *replacingBytes[PatternsNum] = {
|
||||
replacingBytes31619,
|
||||
replacingBytes50329,
|
||||
replacingBytes51312,
|
||||
replacingBytes51312
|
||||
};
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -83,6 +83,7 @@ cmd> py findSymbols.py "c:\Program Files\Microsoft Office" -e -r -u -s exec -s l
|
|||
- 3.1.6.19
|
||||
- 5.0.3.29
|
||||
- 5.1.3.12
|
||||
- 5.2.8.23
|
||||
|
||||
Steps are following:
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue