View previous topic :: View next topic |
Author |
Message |
Cryoma Member of the Year Reputation: 198
Joined: 14 Jan 2009 Posts: 1819
|
Posted: Thu Sep 18, 2008 6:04 pm Post subject: |
|
|
It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000.
|
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Thu Sep 18, 2008 6:23 pm Post subject: |
|
|
Cryoma wrote: | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what?
|
|
Back to top |
|
|
jackyyll Expert Cheater Reputation: 0
Joined: 28 Jan 2008 Posts: 143 Location: here
|
Posted: Thu Sep 18, 2008 7:37 pm Post subject: |
|
|
Bruce Lee wrote: | noz3001 wrote: | Cryoma wrote: | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what? |
I understand what he said. |
Okay. Thanks for your input!
|
|
Back to top |
|
|
Overload Master Cheater Reputation: 0
Joined: 08 Feb 2008 Posts: 293
|
Posted: Thu Sep 18, 2008 10:17 pm Post subject: |
|
|
Bruce Lee wrote: | noz3001 wrote: | Cryoma wrote: | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what? |
I understand what he said. |
Cool
_________________
Blog
Quote: | Rhys says:
you can be my maid
Rhys says:
ill buy you a french maid outfit
Tyler says:
Sounds good
Rhys says:
ill hold you to that |
|
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Fri Sep 19, 2008 3:08 am Post subject: |
|
|
Bruce Lee wrote: | noz3001 wrote: | Cryoma wrote: | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what? |
I understand what he said. |
Go back to Random Spam.
|
|
Back to top |
|
|
DoomsDay Grandmaster Cheater Reputation: 0
Joined: 06 Jan 2007 Posts: 768 Location: %HomePath%
|
Posted: Fri Sep 19, 2008 1:07 pm Post subject: |
|
|
The storage of the values is still static, so it was easy to monitor.
All in all, it took me a lot of time to go through it manually, but I finally got it =]
This thing at the end... nasty trick you got there =P
|
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Fri Sep 19, 2008 2:29 pm Post subject: |
|
|
DoomsDay wrote: | The storage of the values is still static, so it was easy to monitor.
All in all, it took me a lot of time to go through it manually, but I finally got it =]
This thing at the end... nasty trick you got there =P |
I've been getting ready to go to Uni so i've not had much time to have a play with it yet. I've got an idea which should throw you off a bit, i hope anyway.
|
|
Back to top |
|
|
Cryoma Member of the Year Reputation: 198
Joined: 14 Jan 2009 Posts: 1819
|
Posted: Fri Sep 19, 2008 3:26 pm Post subject: |
|
|
Lancing shell.explore is a script that gives you a real time decrypted console of everything going on in an app.
It lets you change certain aspects and re-compile part of that app without decompiling and recompiling the whole thing.
In real time.
|
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Fri Sep 19, 2008 5:38 pm Post subject: |
|
|
Cryoma wrote: | Lancing shell.explore is a script that gives you a real time decrypted console of everything going on in an app.
It lets you change certain aspects and re-compile part of that app without decompiling and recompiling the whole thing.
In real time. |
Yeah.. Ok.
|
|
Back to top |
|
|
krazedkat I post too much Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Sep 19, 2008 10:29 pm Post subject: |
|
|
haha cracked in 5 minutes.
|
|
Back to top |
|
|
haha01haha01 Grandmaster Cheater Supreme Reputation: 0
Joined: 15 Jun 2007 Posts: 1233 Location: http://www.SaviourFagFails.com/
|
Posted: Fri Sep 19, 2008 11:45 pm Post subject: |
|
|
so, basically, we are supposed to unrandomize the value and always set it 5000?
|
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Sat Sep 20, 2008 3:09 am Post subject: |
|
|
haha01haha01 wrote: | so, basically, we are supposed to unrandomize the value and always set it 5000? |
Just set it to 5000 and you will win.
|
|
Back to top |
|
|
nog_lorp Grandmaster Cheater Reputation: 0
Joined: 26 Feb 2006 Posts: 743
|
Posted: Wed Oct 01, 2008 12:51 am Post subject: |
|
|
Noz where you going? I just started a week and a half ago.
Slightly more on topic: lol, RtlDecodePointer:
Code: | 7C91393D > 8BFF MOV EDI,EDI
7C91393F 55 PUSH EBP
7C913940 8BEC MOV EBP,ESP
7C913942 5D POP EBP
7C913943 ^EB D2 JMP SHORT ntdll.RtlEncodePointer
|
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
Back to top |
|
|
Noz3001 I'm a spammer Reputation: 26
Joined: 29 May 2006 Posts: 6220 Location: /dev/null
|
Posted: Wed Oct 01, 2008 3:41 am Post subject: |
|
|
nog_lorp wrote: | Noz where you going? I just started a week and a half ago.
Slightly more on topic: lol, RtlDecodePointer:
Code: | 7C91393D > 8BFF MOV EDI,EDI
7C91393F 55 PUSH EBP
7C913940 8BEC MOV EBP,ESP
7C913942 5D POP EBP
7C913943 ^EB D2 JMP SHORT ntdll.RtlEncodePointer
|
|
Going, as in Uni? Manchester Metropolitan University.
About RtlEncodePointer, it must must have been put in there by the compiler. I only use 1 API, SetConsoleTitle =|. Saying that, it's in a DLL so I don't even think it uses it.
Btw, I just uploaded a slightly newer version with only a minor change. I was pretty stupid not to change it earlier ^_^.
|
|
Back to top |
|
|
nog_lorp Grandmaster Cheater Reputation: 0
Joined: 26 Feb 2006 Posts: 743
|
Posted: Wed Oct 01, 2008 8:25 pm Post subject: |
|
|
Interesting, what compiler are you using? It encodes a million pointers and stores them in TLS.
RtlDecodePointer is just funny because it looks like they did
void * RtlDecodePointer(void * ptr) {
__asm {
pop ebp
jmp RtlEncodePointer
}
}
Since they do exactly the same thing (xor'ing the pointer with a random per-process 32 bit mask).
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
Back to top |
|
|
|