lukin69;807063 said:Anyone have another link to download the app? the zip file says its corrupted.
xenoglyph;794497 said:Here's a couple signatures I'm using to find recv function in 2D ML clients:
53 56 57 8B F9 8B 0D = start of function for older clients
8B 38 8B E9 BE (-18 bytes) = start for newer clients
and here are sigs for send function:
8D 8B 94 00 00 00 (+11 bytes) = target for older clients
0F B7 D8 0F B6 06 83 C4 04 (+9) = target for newer clients
each client should only have one instance of either of those signatures. I'll revise it if necessary.
Stuby;812368 said:Are the most recent sources available anywhere? I've read the pages through and found a dozen or so various links and of course can base "recent" off of the last posted, but I was curious if we'd always have to do this or if there was a dedicated site or source repository for the project.
private void SpyPacket( uint threadId, bool send )
{
IntPtr hThread = NativeMethods.OpenThread( NativeMethods.DesiredAccessThread.THREAD_GET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_SET_CONTEXT, false, threadId );
...
}
private void SpyPacket( uint threadId, bool send )
{
IntPtr hThread = NativeMethods.OpenThread( NativeMethods.DesiredAccessThread.THREAD_GET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_SET_CONTEXT | NativeMethods.DesiredAccessThread.THREAD_QUERY_INFORMATION, false, threadId );
...
}
MalGanis;806202 said:First number is time date stamp of the client, you can get it using UOCH.
Basically i open client.exe with OllyDbg and i go to address of send (third number of previous version). Then i search for the sequence of commands (see image Send.jpg). If i find it thats teh new send address. Same with recieve address.