Posted: Fri Aug 05, 2016 1:28 pm Post subject: Effective way to sniff non tcp/ip program communication
Launcher.exe -> Intermediate.exe -> Game.exe
I have reversed Game.exe traffic
I have reversed Launcher.exe login (sends an auth, login infos, gets a temporary login key and a serverlist).
I do not know how to approach Intermediate.exe
It's Themida packed.
It gets serverlist and auth token from launcher and gives it to Game.exe, it also starts Game.exe, I have no idea how those bytes are transfered though.
Are there specific APIs i should be looking to hook (like recv and send for ip traffic) or some effective way to trace this ?
can't have procmon running while the login takes place.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum