- Joined
- Jan 8, 2012
- Messages
- 133
- Reaction score
- 44
Actually this is not a BUG, but a little confusion when you think that the directory of SQL.REG and hotuk will save some logs inside the server, and end up saving certain logs on the local disk C.
Some of you may have wondered, because some logs are generated on your local C: drive, for example.
20160301.Log
BillingDBError20160301.Log
Here it was generated ...
Just open your sql.dll in hex and go to the end of the table and add a new directory where the logs will be saved, for example C: \YourServer\Logs save and then close.
Now open sql.dll with your ollydbg, go to the memory map = ALT+M then hit a CTRL+B and we will look for this code in hex.
Converted gets C: .. SQLLogon =====% s's sR just select 433A = C: see the references that are 4 get the addres of the new name you added C: \ YourServer \ Logs convert the first byte and go changing the references.
Here the offsets are these, I am using the dlls of the site of the Gregoo.
Here I made it pull the Logs folder from local disk C, I will make sq.dll available by pulling the Logs folder from local disk C, if someone has not understood very well and wants to go comparing, although it is quite simple.
Some of you may have wondered, because some logs are generated on your local C: drive, for example.
20160301.Log
Code:
232513|SiegeMoneyTax lpszClanMarkNum [1000000001] lpszTt [0] lpszTax [10]
232513|SiegeMoneyTax lpszTt=0
232538|SQLLogon===== teste's sRet[1] lpszGPCode[PTP-RUD001] lpszDisuseDay [1607742000] lpszUsePeriod [0] lpszPCRNo [0] [32]
232544|SQLLogout===== teste lpszIP(127.0.0.1) lpszGPCode(PTP-RUD001) lpszDisuseDay(1607742000) lpszUsePeriod(0) PCRNo(0) s_guid(3735145B-A690-4549-A195-E26916A52897)
232544|DB Error Operação não permitida quando o objeto está fechado.
233241|SiegeMoneyTax lpszClanMarkNum [1000000001] lpszTt [0] lpszTax [10]
233241|SiegeMoneyTax lpszTt=0
BillingDBError20160301.Log
Code:
232544|teste|
Here it was generated ...
Just open your sql.dll in hex and go to the end of the table and add a new directory where the logs will be saved, for example C: \YourServer\Logs save and then close.
Now open sql.dll with your ollydbg, go to the memory map = ALT+M then hit a CTRL+B and we will look for this code in hex.
Code:
433A000053514C4C6F676F6E3D3D3D3D3D2025732773207352
Converted gets C: .. SQLLogon =====% s's sR just select 433A = C: see the references that are 4 get the addres of the new name you added C: \ YourServer \ Logs convert the first byte and go changing the references.
Here the offsets are these, I am using the dlls of the site of the Gregoo.
Code:
10035F19 |. B8 6EBF0610 MOV EAX,OFFSET 1006BF6E ; ASCII "C:\Logs"
10035F3A |. 68 6EBF0610 PUSH OFFSET 1006BF6E ; ASCII "C:\Logs"
10036002 |. B8 6EBF0610 MOV EAX,OFFSET 1006BF6E ; ASCII "C:\Logs"
1003601A |. 68 6EBF0610 PUSH OFFSET 1006BF6E ; ASCII "C:\Logs"
Here I made it pull the Logs folder from local disk C, I will make sq.dll available by pulling the Logs folder from local disk C, if someone has not understood very well and wants to go comparing, although it is quite simple.
You must be registered to see links