Post by £åߥ®Ñth on Jan 29, 2008 8:05:49 GMT -5
Here we are again for another lesson in reversing a real time application.
Tools:
Ollydbg
Team Speak
We start off by doing a couple of things.
You can step through team Speak in olly and finally get to the correct location for the patch. It will take a little while to do, and going into about 5 calls to find it.
but the whole reason you study the target before doing anything, is to see if you can find an easier way then stepping the code.
Well on TeamSpeak, this is possible.
"Remember the crackme's ?" right click > Search String references.
Well if you do that in Team Speak and look through them you will see something interesting.
This seems like it is what controls multiple instances of Team Speak.
Well no duh, check out the text
.
Lets double click that and go to it in assembly.
And here we are. By looking above it in code i can tell you there is no immediate jumps before it. So, what can we do about this?
SunBeams Method: Alter the Push -1 to Push 0
This also works like a charm.
Lets try the first/oldest thing you know. Good old "nop"
Well, it seemed to work just fine.
Now you can patch your executable to open as many Team Speaks as you like and talk in every single one of them, if your that coordinated lol.
Tools:
Ollydbg
Team Speak
We start off by doing a couple of things.
You can step through team Speak in olly and finally get to the correct location for the patch. It will take a little while to do, and going into about 5 calls to find it.
but the whole reason you study the target before doing anything, is to see if you can find an easier way then stepping the code.
Well on TeamSpeak, this is possible.
"Remember the crackme's ?" right click > Search String references.
Well if you do that in Team Speak and look through them you will see something interesting.
This seems like it is what controls multiple instances of Team Speak.
Well no duh, check out the text
.Lets double click that and go to it in assembly.
And here we are. By looking above it in code i can tell you there is no immediate jumps before it. So, what can we do about this?
SunBeams Method: Alter the Push -1 to Push 0
This also works like a charm.
Lets try the first/oldest thing you know. Good old "nop"
Well, it seemed to work just fine.
Now you can patch your executable to open as many Team Speaks as you like and talk in every single one of them, if your that coordinated lol.