MSO.DLL v12.0.6772.5000
Pattern: F0 85 F6 75 4C 39
Replace: 75 with 74 (JNZ with JZ)
Prepatched MSO.DLL v12.0.6772.5000 :
https://www.sendspace.com/file/q3abou
Code:
3282D835 |. 68 3C215432 PUSH MSO_ORIG.3254213C ; /Arg1 = 3254213C
3282D83A |. 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54] ; |
3282D83D |. AA STOS BYTE PTR ES:[EDI] ; |
3282D83E |. E8 9183ECFF CALL MSO_ORIG.326F5BD4 ; \MSO_ORIG.31B85BD4
3282D843 |. 33C0 XOR EAX,EAX
3282D845 |. 3BF0 CMP ESI,EAX
3282D847 |. 0F84 D2000000 JE MSO_ORIG.3282D91F
3282D84D |. 3945 E0 CMP DWORD PTR SS:[EBP-20],EAX
3282D850 |. 0F84 C9000000 JE MSO_ORIG.3282D91F
3282D856 |. 8B0B MOV ECX,DWORD PTR DS:[EBX]
3282D858 |. 0B4B 04 OR ECX,DWORD PTR DS:[EBX+4]
3282D85B |. 0F84 BE000000 JE MSO_ORIG.3282D91F
3282D861 |. 3945 DC CMP DWORD PTR SS:[EBP-24],EAX
3282D864 |. 0F84 B5000000 JE MSO_ORIG.3282D91F
3282D86A |. 3945 D8 CMP DWORD PTR SS:[EBP-28],EAX
3282D86D |. 0F84 AC000000 JE MSO_ORIG.3282D91F
3282D873 |. 3945 E4 CMP DWORD PTR SS:[EBP-1C],EAX
3282D876 |. 0F84 A3000000 JE MSO_ORIG.3282D91F
3282D87C |. 8D7D EC LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F |. AB STOS DWORD PTR ES:[EDI]
3282D880 |. AB STOS DWORD PTR ES:[EDI]
3282D881 |. AB STOS DWORD PTR ES:[EDI]
3282D882 |. 6A 23 PUSH 23
3282D884 |. 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
3282D887 |. AB STOS DWORD PTR ES:[EDI]
3282D888 |. E8 BB82ECFF CALL MSO_ORIG.326F5B48
3282D88D |. 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18]
3282D890 |. 50 PUSH EAX
3282D891 |. 56 PUSH ESI
3282D892 |. 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
3282D895 |. E8 1FC57600 CALL MSO_ORIG.32F99DB9
3282D89A |. 8BF0 MOV ESI,EAX ; 8B F0 (pattern start)
3282D89C |. 85F6 TEST ESI,ESI ; 85 F6
3282D89E |. 75 4C JNZ SHORT MSO_ORIG.3282D8EC ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0 |. 3945 08 CMP DWORD PTR SS:[EBP+8],EAX ; 39 45 08 (pattern end)