Custom Popup box message

Quote:

---

Originally Posted by Nobody666

Just something to help (though Penguin already said the answer)

This is for a new command basis, but forget that and just do what he says on the /admin_wall part.

To find where admin wall is, just go into the runnable, go into Search for > All referenced text strings, and search for admin_wall

---

You should probably explain a bit more than that to him...

Code:

---

0050DE73  |. 68 B09C5C00    PUSH GunzOld.005C9CB0                    ;  ASCII "Admin.Announce"
 0050DE78  |. 68 F5010000  PUSH 1F5
0050DE7D  |. 8BC8          MOV ECX,EAX
0050DE7F  |. E8 FC17FEFF    CALL GunzOld.004EF680
0050DE84  |. 8BF8          MOV EDI,EAX
0050DE86  |. EB 02          JMP SHORT GunzOld.0050DE8A
0050DE88  |> 33FF          XOR EDI,EDI
0050DE8A  |> 57            PUSH EDI                                ; /Arg1
0050DE8B  |. 8BCB          MOV ECX,EBX                              ; |
0050DE8D  |. 897424 24      MOV DWORD PTR SS:[ESP+24],ESI            ; |
0050DE91  |. E8 2AE0FEFF    CALL GunzOld.004FBEC0                    ; \GunzOld.004FBEC0
0050DE96  |. 6A 48          PUSH 48
0050DE98  |. E8 38290900    CALL GunzOld.005A07D5
0050DE9D  |. 83C4 04        ADD ESP,4
0050DEA0  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0050DEA4  |. 85C0          TEST EAX,EAX
0050DEA6  |. C74424 20 C802>MOV DWORD PTR SS:[ESP+20],2C8
0050DEAE  |. 74 10          JE SHORT GunzOld.0050DEC0
0050DEB0  |. 68 A49C5C00    PUSH GunzOld.005C9CA4                  ;  ASCII "uidAdmin"
0050DEB5  |. 6A 09          PUSH 9
0050DEB7  |. 8BC8          MOV ECX,EAX
0050DEB9  |. E8 0201FEFF    CALL GunzOld.004EDFC0
0050DEBE  |. EB 02          JMP SHORT GunzOld.0050DEC2
0050DEC0  |> 33C0          XOR EAX,EAX
0050DEC2  |> 50            PUSH EAX
0050DEC3  |. 8BCF          MOV ECX,EDI
0050DEC5  |. 897424 24      MOV DWORD PTR SS:[ESP+24],ESI
0050DEC9  |. E8 3220FEFF    CALL GunzOld.004EFF00
0050DECE  |. 6A 48          PUSH 48
0050DED0  |. E8 00290900    CALL GunzOld.005A07D5
0050DED5  |. 83C4 04        ADD ESP,4
0050DED8  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0050DEDC  |. 85C0          TEST EAX,EAX
0050DEDE  |. C74424 20 C902>MOV DWORD PTR SS:[ESP+20],2C9
0050DEE6  |. 74 10          JE SHORT GunzOld.0050DEF8
0050DEE8  |. 68 14CE5C00    PUSH GunzOld.005CCE14                    ;  ASCII "Msg"
0050DEED  |. 6A 04          PUSH 4
0050DEEF  |. 8BC8          MOV ECX,EAX
0050DEF1  |. E8 CA00FEFF    CALL GunzOld.004EDFC0
0050DEF6  |. EB 02          JMP SHORT GunzOld.0050DEFA
0050DEF8  |> 33C0          XOR EAX,EAX
0050DEFA  |> 50            PUSH EAX
0050DEFB  |. 8BCF          MOV ECX,EDI
0050DEFD  |. 897424 24      MOV DWORD PTR SS:[ESP+24],ESI
0050DF01  |. E8 FA1FFEFF    CALL GunzOld.004EFF00
0050DF06  |. 6A 48          PUSH 48
0050DF08  |. E8 C8280900    CALL GunzOld.005A07D5
0050DF0D  |. 83C4 04        ADD ESP,4
0050DF10  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0050DF14  |. 85C0          TEST EAX,EAX
0050DF16  |. C74424 20 CA02>MOV DWORD PTR SS:[ESP+20],2CA
0050DF1E  |. 74 10          JE SHORT GunzOld.0050DF30
0050DF20  |. 68 9C9C5C00    PUSH GunzOld.005C9C9C                    ;  ASCII "MsgType"

---

Hehe, forgot about getting the MUID (colored in red)
The PacketID (also colored in red) is 0x1F5, so just find command "PUSH 1F5", scroll to the top of the function and you got your address.

Quote:

---

Originally Posted by Your Master

You should probably explain a bit more than that to him...

Code:

---

0050DE73  |. 68 B09C5C00    PUSH GunzOld.005C9CB0                    ;  ASCII "Admin.Announce"
 0050DE78  |. 68 F5010000  PUSH 1F5
0050DE7D  |. 8BC8          MOV ECX,EAX
0050DE7F  |. E8 FC17FEFF    CALL GunzOld.004EF680
0050DE84  |. 8BF8          MOV EDI,EAX
0050DE86  |. EB 02          JMP SHORT GunzOld.0050DE8A
0050DE88  |> 33FF          XOR EDI,EDI
0050DE8A  |> 57            PUSH EDI                                ; /Arg1
0050DE8B  |. 8BCB          MOV ECX,EBX                              ; |
0050DE8D  |. 897424 24      MOV DWORD PTR SS:[ESP+24],ESI            ; |
0050DE91  |. E8 2AE0FEFF    CALL GunzOld.004FBEC0                    ; \GunzOld.004FBEC0
0050DE96  |. 6A 48          PUSH 48
0050DE98  |. E8 38290900    CALL GunzOld.005A07D5
0050DE9D  |. 83C4 04        ADD ESP,4
0050DEA0  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0050DEA4  |. 85C0          TEST EAX,EAX
0050DEA6  |. C74424 20 C802>MOV DWORD PTR SS:[ESP+20],2C8
0050DEAE  |. 74 10          JE SHORT GunzOld.0050DEC0
0050DEB0  |. 68 A49C5C00    PUSH GunzOld.005C9CA4                  ;  ASCII "uidAdmin"
0050DEB5  |. 6A 09          PUSH 9
0050DEB7  |. 8BC8          MOV ECX,EAX
0050DEB9  |. E8 0201FEFF    CALL GunzOld.004EDFC0
0050DEBE  |. EB 02          JMP SHORT GunzOld.0050DEC2
0050DEC0  |> 33C0          XOR EAX,EAX
0050DEC2  |> 50            PUSH EAX
0050DEC3  |. 8BCF          MOV ECX,EDI
0050DEC5  |. 897424 24      MOV DWORD PTR SS:[ESP+24],ESI
0050DEC9  |. E8 3220FEFF    CALL GunzOld.004EFF00
0050DECE  |. 6A 48          PUSH 48
0050DED0  |. E8 00290900    CALL GunzOld.005A07D5
0050DED5  |. 83C4 04        ADD ESP,4
0050DED8  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0050DEDC  |. 85C0          TEST EAX,EAX
0050DEDE  |. C74424 20 C902>MOV DWORD PTR SS:[ESP+20],2C9
0050DEE6  |. 74 10          JE SHORT GunzOld.0050DEF8
0050DEE8  |. 68 14CE5C00    PUSH GunzOld.005CCE14                    ;  ASCII "Msg"
0050DEED  |. 6A 04          PUSH 4
0050DEEF  |. 8BC8          MOV ECX,EAX
0050DEF1  |. E8 CA00FEFF    CALL GunzOld.004EDFC0
0050DEF6  |. EB 02          JMP SHORT GunzOld.0050DEFA
0050DEF8  |> 33C0          XOR EAX,EAX
0050DEFA  |> 50            PUSH EAX
0050DEFB  |. 8BCF          MOV ECX,EDI
0050DEFD  |. 897424 24      MOV DWORD PTR SS:[ESP+24],ESI
0050DF01  |. E8 FA1FFEFF    CALL GunzOld.004EFF00
0050DF06  |. 6A 48          PUSH 48
0050DF08  |. E8 C8280900    CALL GunzOld.005A07D5
0050DF0D  |. 83C4 04        ADD ESP,4
0050DF10  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0050DF14  |. 85C0          TEST EAX,EAX
0050DF16  |. C74424 20 CA02>MOV DWORD PTR SS:[ESP+20],2CA
0050DF1E  |. 74 10          JE SHORT GunzOld.0050DF30
0050DF20  |. 68 9C9C5C00    PUSH GunzOld.005C9C9C                    ;  ASCII "MsgType"

---

Hehe, forgot about getting the MUID (colored in red)
The PacketID (also colored in red) is 0x1F5, so just find command "PUSH 1F5", scroll to the top of the function and you got your address.

---

so the red ones I edit in my runnable? o-O

edit: so I did that and I still didn't get it lol
edit2: ohh so 0050DE73 |. 68 B09C5C00 PUSH GunzOld.005C9CB0 ; ASCII "Admin.Announce" is the one im looking for right?
so if its that, what do I do with it? o.o

Quote:

---

Originally Posted by killerzx

so the red ones I edit in my runnable? o-O

edit: I can't put the "0050DEB0 |. 68 A49C5C00 PUSH GunzOld.005C9CA4 ; ASCII "uidAdmin"
" in my runnable D: Maybe I don't got gunzold.exe ):

---

You don't need to worry about that. Once OllyDbg has finished analyzing, scroll all the way up to the top, press "CTRL + F" and type "PUSH 1F5". That'll be ZPostAdminAnnounce's function.

Quote:

---

Originally Posted by Your Master

You don't need to worry about that. Once OllyDbg has finished analyzing, scroll all the way up to the top, press "CTRL + F" and type "PUSH 1F5". That'll be ZPostAdminAnnounce's function.

---

oh ok :D Done that =)
edit: what do I do after that one? :O