I came to the server files from June 2007 to july 2008 but not yet, would someone help me on these codes?
to appear:
eg
/ Admin_wall Hi Guys
Appear:
[Your Name]: Hy Guys
plz help me
I came to the server files from June 2007 to july 2008 but not yet, would someone help me on these codes?
to appear:
eg
/ Admin_wall Hi Guys
Appear:
[Your Name]: Hy Guys
plz help me
07 files
Code:Go to line "0042CC87" Double click > Change to "JMP 005E50E2" (or you can use another part of the codecave, just make sure to change the JMPS laters on to fit the new section or it crash's) Follow that to line "005E50E2" Double click > Change to "PUSH EAX" Go to line "005E50E3" Double click > Change to "PUSH EBX" Go to line "005E50E4" Double click > Change to "PUSH ECX" Go to line "005E50E5" Double click > Change to "PUSH EDX" Go to line "005E50E6" Double click > Change to "PUSH EDI" Go to line "005E50E7" Right click > Binary edit > Change to "BF 3CC76600" Go to line "005E50EC" Right click > Binary edit > Change to "BA 00006F00" Go to line "005E50F1" Double click > Chane to "SUB ECX,ECX" Go to line "005E50F3" Right click > Binary edit > Change to "8A040F" Go to line "005E50F6" Double click > Change to "CMP AL,0" Go to line "005E50F8" Double click > Change to "JE SHORT 005E5100" Go to line "005E50FA" Double click > Change to "MOV BYTE PTR DS:[ECX+EDX],AL" Go to line "005E50FD" Double click > Change to "INC ECX" Go to line "005E50FE" Double click > Change to "JMP SHORT 005E50F3" Go to line "005E5100" Double click > Change to "MOV AL,20" Go to line "005E5102" Double click > Change to "MOV BYTE PTR DS:[ECX+EDX],AL" Go to line "005E5105" Double click > Change to "INC ECX" Go to line "005E5106" Double click > Change to "MOV AL,3A" Go to line "005E5108" Double click > Change to "MOV BYTE PTR DS:[ECX+EDX],AL" Go to line "005E510B" Double click > Change to "INC ECX" Go to line "005E510C" Double click > Change to "MOV AL,20" Go to line "005E510E" Double click > Change to "MOV BYTE PTR DS:[ECX+EDX],AL" Go to line "005E5111" Double click > Change to "INC ECX" Go to line "005E5112" Double click > Change to "ADD EDX,ECX" Go to line "005E5114" Double click > Change to "SUB ECX,ECX" Go to line "005E5116" Double click > Change to "MOV EDI,ESP" Go to line "005E5118" Double click > Change to "ADD EDI,20" Go to line "005E511B" Double click > Change to "MOV AL,BYTE PTR DS:[ECX+EDI]" Go to line "005E511E" Double click > Change to "CMP AL,0" Go to line "005E5120" Double click > Change to "JE SHORT 005E5128" Go to line "005E5122" Double click > Change to "MOV BYTE PTR DS:[ECX+EDX],AL" Go to line "005E5125" Double click > Change to "INC ECX" Go to line "005E5126" Double click > Change to "JMP SHORT 005E511B" Go to line "005E5128" Double click > Change to "MOV BYTE PTR DS:[ECX+EDX],AL" Go to line "005E512B" Double click > Change to "MOV WORD PTR DS:[6EFFFE],325E" Go to line "005E5134" Double click > Change to "POP EDI" Go to line "005E5135" Double click > Change to "POP EDX" Go to line "005E5136" Double click > Change to "POP ECX" Go to line "005E5137" Double click > Change to "POP EBX" Go to line "005E5138" Double click > Change to "POP EAX" Go to line "005E5139" Right click > Binary edit > Change to "68 FEFF6E00" Go to line "005E513E" Double click > Change to "JMP 0042CC8C" (Note: To get rid of administrator: Name here: Msg open system.mrs, go to messages.xml go to "Administrator : $1" change it to "$2: $1"
im not sure about 08
It is, in 2007 I already knew how, but thanks anyway:)
But I need it for file 08: /
umm...ok i don't have one. But there is a few released unmasked runnables.Originally Posted by azatain
search around and see if you cna find one that has admin wall unmasked.
Then go towards the bottom (the code cave as its refereed to) and there will be coding for it. You can just copy that over to your runnable
You have this codecave to runnable 2008?
Okay, I've been working on this for a day, and I feel the only thing I'm missing from this equation are the updated offsets for the '08 client. Mind you, I have no experience with coding, I'm just very observant and somewhat open-ended with practical direct editing. This is based off Nobody666/Wizkid's post about making a new code cave. I have no idea how to find offsets but I do know that it's obviously different because it's a different compiled version. Anyway, here is my edit
My codecave, I'll bold the offsets that need to be changed.Code:CPU Disasm Address Hex dump Command Comments 0042E1BF |. 8B88 A0010000 MOV ECX,DWORD PTR DS:[EAX+1A0] 0042E1C5 |. 898D F4FEFFFF MOV DWORD PTR SS:[LOCAL.67],ECX 0042E1CB |. 8B90 A4010000 MOV EDX,DWORD PTR DS:[EAX+1A4] 0042E1D1 |. 6A 00 PUSH 0 0042E1D3 |. E9 68311F00 JMP 00621340 0042E1D8 |> 8D8D F4FEFFFF LEA ECX,[LOCAL.67] ; | 0042E1DE |. 51 PUSH ECX ; |Arg1 => OFFSET LOCAL.67 0042E1DF |. 8995 F8FEFFFF MOV DWORD PTR SS:[LOCAL.66],EDX ; | 0042E1E5 |. E8 76F6FFFF CALL 0042D860 ; \theduelv125e.0042D860 0042E1EA |. 8B4D FC MOV ECX,DWORD PTR SS:[LOCAL.1] 0042E1ED |. 83C4 0C ADD ESP,0C 0042E1F0 |. E8 F9911400 CALL 005773EE 0042E1F5 |. 89EC MOV ESP,EBP 0042E1F7 |. 5D POP EBP 0042E1F8 \. C3 RETN
I believe that's the last piece of the puzzle and we can get the admin wall unmasked for the 08 client. If I'm wrong, please correct me, for I am just a beginner in stuff like this, regardless of how easy this is for you veterans.Code:CPU Disasm Address Hex dump Command Comments 00621340 /> \50 PUSH EAX 00621341 |. 53 PUSH EBX 00621342 |. 51 PUSH ECX 00621343 |. 52 PUSH EDX 00621344 |. 57 PUSH EDI 00621345 |. BF 3CC76600 MOV EDI,OFFSET 0066C73C 0062134A |. BA 00006F00 MOV EDX,OFFSET 006F0000 0062134F |. 29C9 SUB ECX,ECX 00621351 |> 8A040F /MOV AL,BYTE PTR DS:[ECX+EDI] 00621354 |. 3C 00 |CMP AL,0 00621356 |. 74 06 |JE SHORT 0062135E 00621358 |. 88040A |MOV BYTE PTR DS:[ECX+EDX],AL 0062135B |. 41 |INC ECX 0062135C |.^ EB F3 \JMP SHORT 00621351 0062135E |> B0 20 MOV AL,20 00621360 |. 88040A MOV BYTE PTR DS:[ECX+EDX],AL 00621363 |. 41 INC ECX 00621364 |. B0 3A MOV AL,3A 00621366 |. 88040A MOV BYTE PTR DS:[ECX+EDX],AL 00621369 |. 41 INC ECX 0062136A |. B0 20 MOV AL,20 0062136C |. 88040A MOV BYTE PTR DS:[ECX+EDX],AL 0062136F |. 41 INC ECX 00621370 |. 01CA ADD EDX,ECX 00621372 |. 29C9 SUB ECX,ECX 00621374 |. 89E7 MOV EDI,ESP 00621376 |. 83C7 20 ADD EDI,20 00621379 |> 8A040F /MOV AL,BYTE PTR DS:[ECX+EDI] 0062137C |. 3C 00 |CMP AL,0 0062137E |. 74 06 |JE SHORT 00621386 00621380 |. 88040A |MOV BYTE PTR DS:[ECX+EDX],AL 00621383 |. 41 |INC ECX 00621384 |.^ EB F3 \JMP SHORT 00621379 00621386 |> 88040A MOV BYTE PTR DS:[ECX+EDX],AL 00621389 |. 66:C705 FEFF6 MOV WORD PTR DS:[6EFFFE],325E 00621392 |. 5F POP EDI 00621393 |. 5A POP EDX 00621394 |. 59 POP ECX 00621395 |. 5B POP EBX 00621396 |. 58 POP EAX 00621397 |. 68 FEFF6E00 PUSH OFFSET 006EFFFE 0062139C \.^ E9 37CEE0FF JMP 0042E1D8
Last edited by Cekuro; 27-08-10 at 02:09 PM.
Wooow, thanks man,
I see see what I can do more with these codes
Reply With Quote