冰楓論壇

標題: TWMS V1.81.3 SendHook (Logger) [CRC] [已測試] [打印本頁]
作者: Doem    時間: 2015-7-10 20:18
標題: TWMS V1.81.3 SendHook (Logger) [CRC] [已測試]
本帖最後由 Doem 於 2015-7-10 20:19 編輯
  1. //TWMS V1.81.3 SendHook (Logger) [CRC]
  2. //Credit to AIRRIDE for Hook method
  3. [ENABLE]
  4. Label(Return)
  5. Alloc(SendHook,128)
  6. GlobalAlloc(Packets,4096)
  7. GlobalAlloc(PacketSize,04)
  8. GlobalAlloc(RetAddress,04)

  10. SendHook:
  11. DB 55 8B EC 6A FF

  13. PUSHAD
  14. MOV  EAX,[EBP+08]
  15. PUSH [EBP+04]
  16. POP  [RetAddress]
  17. PUSH [EAX+08]
  18. POP  [PacketSize]
  19. MOV  EAX,[EAX+04]
  20. MOV  [Packets],EAX  //[Packets] = Pointer of Packets
  21. POPAD
  22. JMP  Return

  24. Return:
  25. JMP  00594049+5

  27. 00594049:
  28. JMP SendHook
  29. [DISABLE]
  30. 00594049:
  31. DB 55 8B EC 6A FF

  33. DeAlloc(SendHook)
  34. DeAlloc(RetAddress)
  35. DeAlloc(Packets)
  36. DeAlloc(PacketSize)
複製代碼
I just updated and rewrote it with foreign informations, not a author!


忘了說! 已確認過某些攔截到的是明碼, 但不保證全部都是明碼喔~
作者: abc880608    時間: 2015-7-10 20:25
這是什麼...? 看不太懂 小的新手
作者: wu1ove    時間: 2015-10-3 13:17
這是明文收包  
作者: wu1ove    時間: 2015-10-3 13:18
噢 看錯了 是發包才對



歡迎光臨 冰楓論壇 (https://bingfong.com/) Powered by 冰楓