[ Pobierz całość w formacie PDF ]
.0 BETA 7"|->:00424308 6894104800 push 00481094 ; here!:0042430D 8D86F03C0200 lea eax, dword ptr [esi+00023CF0]:00424313 52 push edx:00424314 8D8E783C0200 lea ecx, dword ptr [esi+00023C78]:0042431A 50 push eax:0042431B 51 push ecx* Possible StringData Ref from Data Obj ->"%s %s %d "%s" %d %lu %d"|:0042431C 68C4424800 push 004842C4:00424321 6A02 push 00000002:00424323 E818AAFFFF call 0041ED40:00424328 8D54242C lea edx, dword ptr [esp+2C]:0042432C 6A64 push 00000064:0042432E 52 push edx:0042432F E80CA9FFFF call 0041EC40:00424334 83C42C add esp, 0000002C:00424337 83F8FF cmp eax, FFFFFFFF:0042433A 750D jne 00424349:0042433C 5F pop edi:0042433D 33C0 xor eax, eax:0042433F 5E pop esi:00424340 81C4E4000000 add esp, 000000E4:00424346 C20400 ret 0004look at line 00424308.that's our magic string that gets pushed ontothe stack before getting passed as a parameter to the call at 00424323.how do you get a longer string? use hiew again to look for "BETA 7".you'llsee this in hex view (Ctrl+F7 to search):66 20 74 68-65 20 71 75-65 75 65 21-00 00 00 00 f the queue!->45 46 6E 65-74 3A 20 23-77 69 6E 33-32 2C 20 23 EFnet: #win32, # "v2.0 BETA 7"|:00424308 6894104800 push 00481094 ; here!notice that we 'push 00481094' here.what's the difference between thefile offset and the value we push onto the stack? the first three digitsare 004 instead of 000.this is because the program's image base startsat 00400000h (check dasm at the very top of the dead listing).so, using a bit of logic, we can assume that if we wanted to push thestring located at 00080FB0 onto the stack, the new command would looksomething like this in assembly:* Possible StringData Ref from Data Obj ->"Hacked Up Napster v0 "|:00424308 6894104800 push 00480FB0 ; here!so, to make this change with hiew, load up NAPSTER.EXE if you've closedit and press F5.type in ".00024308" and press enter.press F4 and select"decode".now make sure it looks like this:.00424308: 6840444800 push 00481094 ;" HD@".0042430D: 8D86F03C0200 lea eax,[esi][000023CF0].00424313: 52 push edx.00424314: 8D8E783C0200 lea ecx,[esi][000023C78].0042431A: 50 push eax.0042431B: 51 push ecxmove your cursor up to offset (or line).00424308 and press F3 then F2.now change the command from "push 00481094" to "push 00480FB0".press F9to save your changes.press ESC and start using your hacked up copy ofnapster!== ( final notes ) =======================================================/\==this document isn't intended to be a guide to software reverse engineering;you'll notice that i didn't go into the sort of in-depth explanations thatyou'd usually see in a cracking tutorial.this was written for beginnerswho want to show off a little.to those who wanted a more technical doc, i apologize.but it had to besimple so everyone could understand.personal greets go out to Octavian, !_go0zeGg_! for the jaw-droppinggraphics in wrapster v2.0 and as always, 1995.tantrum (a2ure), 07/30/00== ( end ) ===============================================================/\==
[ Pobierz całość w formacie PDF ]