| View previous topic :: View next topic |
| Author |
Message |
Cryoma
Member of the Year
![]() Reputation: 198
Joined: 14 Jan 2009
Posts: 1819
|
 Posted: Thu Sep 18, 2008 6:04 pm Post subject: |
 |
|
| It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000.
|
|
| Back to top |
|
 |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Thu Sep 18, 2008 6:23 pm Post subject: |
|
|
| Cryoma wrote: | | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what?
|
|
| Back to top |
|
|
jackyyll
Expert Cheater
![]() Reputation: 0
Joined: 28 Jan 2008
Posts: 143
Location: here
|
| Posted: Thu Sep 18, 2008 7:37 pm Post subject: |
|
|
| Bruce Lee wrote: | | noz3001 wrote: | | Cryoma wrote: | | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what? |
I understand what he said. |
Okay. Thanks for your input!
|
|
| Back to top |
|
|
Overload
Master Cheater
 Reputation: 0
Joined: 08 Feb 2008
Posts: 293
|
| Posted: Thu Sep 18, 2008 10:17 pm Post subject: |
|
|
| Bruce Lee wrote: | | noz3001 wrote: | | Cryoma wrote: | | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what? |
I understand what he said. |
Cool 
_________________
Blog
| Quote: | Rhys says:
you can be my maid
Rhys says:
ill buy you a french maid outfit
Tyler says:
Sounds good
Rhys says:
ill hold you to that |
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Fri Sep 19, 2008 3:08 am Post subject: |
|
|
| Bruce Lee wrote: | | noz3001 wrote: | | Cryoma wrote: | | It's open to lancing shell.exp so pretty much I just have to partial compile the randomator as 5000. |
Erm, what? |
I understand what he said. |
Go back to Random Spam.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Fri Sep 19, 2008 1:07 pm Post subject: |
|
|
The storage of the values is still static, so it was easy to monitor.
All in all, it took me a lot of time to go through it manually, but I finally got it =]
This thing at the end... nasty trick you got there =P
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Fri Sep 19, 2008 2:29 pm Post subject: |
|
|
| DoomsDay wrote: | The storage of the values is still static, so it was easy to monitor.
All in all, it took me a lot of time to go through it manually, but I finally got it =]
This thing at the end... nasty trick you got there =P |
I've been getting ready to go to Uni so i've not had much time to have a play with it yet. I've got an idea which should throw you off a bit, i hope anyway. 
|
|
| Back to top |
|
|
Cryoma
Member of the Year
![]() Reputation: 198
Joined: 14 Jan 2009
Posts: 1819
|
| Posted: Fri Sep 19, 2008 3:26 pm Post subject: |
|
|
Lancing shell.explore is a script that gives you a real time decrypted console of everything going on in an app.
It lets you change certain aspects and re-compile part of that app without decompiling and recompiling the whole thing.
In real time.
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Fri Sep 19, 2008 5:38 pm Post subject: |
|
|
| Cryoma wrote: | Lancing shell.explore is a script that gives you a real time decrypted console of everything going on in an app.
It lets you change certain aspects and re-compile part of that app without decompiling and recompiling the whole thing.
In real time. |
Yeah.. Ok.
|
|
| Back to top |
|
|
krazedkat
I post too much
![]() Reputation: 0
Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway
|
| Posted: Fri Sep 19, 2008 10:29 pm Post subject: |
|
|
| haha cracked in 5 minutes.
|
|
| Back to top |
|
|
haha01haha01
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 15 Jun 2007
Posts: 1233
Location: http://www.SaviourFagFails.com/
|
| Posted: Fri Sep 19, 2008 11:45 pm Post subject: |
|
|
| so, basically, we are supposed to unrandomize the value and always set it 5000?
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Sat Sep 20, 2008 3:09 am Post subject: |
|
|
| haha01haha01 wrote: | | so, basically, we are supposed to unrandomize the value and always set it 5000? |
Just set it to 5000 and you will win.
|
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
 Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Wed Oct 01, 2008 12:51 am Post subject: |
|
|
Noz where you going? I just started a week and a half ago.
Slightly more on topic: lol, RtlDecodePointer:
| Code: | 7C91393D > 8BFF MOV EDI,EDI
7C91393F 55 PUSH EBP
7C913940 8BEC MOV EBP,ESP
7C913942 5D POP EBP
7C913943 ^EB D2 JMP SHORT ntdll.RtlEncodePointer
|
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Wed Oct 01, 2008 3:41 am Post subject: |
|
|
| nog_lorp wrote: | Noz where you going? I just started a week and a half ago.
Slightly more on topic: lol, RtlDecodePointer:
| Code: | 7C91393D > 8BFF MOV EDI,EDI
7C91393F 55 PUSH EBP
7C913940 8BEC MOV EBP,ESP
7C913942 5D POP EBP
7C913943 ^EB D2 JMP SHORT ntdll.RtlEncodePointer
|
|
Going, as in Uni? Manchester Metropolitan University.
About RtlEncodePointer, it must must have been put in there by the compiler. I only use 1 API, SetConsoleTitle =|. Saying that, it's in a DLL so I don't even think it uses it.
Btw, I just uploaded a slightly newer version with only a minor change. I was pretty stupid not to change it earlier ^_^.
|
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Wed Oct 01, 2008 8:25 pm Post subject: |
|
|
Interesting, what compiler are you using? It encodes a million pointers and stores them in TLS.
RtlDecodePointer is just funny because it looks like they did
void * RtlDecodePointer(void * ptr) {
__asm {
pop ebp
jmp RtlEncodePointer
}
}
Since they do exactly the same thing (xor'ing the pointer with a random per-process 32 bit mask).
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
