Uhmm... I used the tutorial with client 5.0.2b.
I tried to follow tre tutorial (both the difficult and the easy part), but I found these problems:
1. With "hard" part I can follow him until he says encrypted data size should be 0x3E... my size is 4... moreover I don't know where I should read the TOS value... (my bad!)
2. With the easy part, I found that the address containing the "], 33h" is at 0041A826, and is into the subroutine at address 0041A810... 0041A6FD is the address in the above routine for "push ebp", so why is it?. About the SendBuffer, the tutorial says we need to find the "mov bp, ax"... I found it 0041A6FD, and the corresponding routine is 0041A6D0...
so... can anyone explain me what's wrong?