- Joined
- Mar 26, 2012
- Messages
- 1,465
- Reaction score
- 131
Thanks for the help SheenBR. Let me be a bit more clear about my issue. The client sends a string >> ex. USERNAME. This is a non-encrypted string. The server gets that value represented as %d in the offset. I am unsure how to get that non-encrypted string and rewrite it or filter the possibility of it having the character "%" by using ReadProcessMemory or any other way. Perhaps this image might help you to understand what I mean.
%d is an integer placeholder in C/C++. If I am assuming correct this string is used to log each new connection and the output will be "New Connection on user: 1". If you want username to be logged then you will have to hot-patch this logger function using microsoft detour library and find the username of the given user ID to log it.
for looking up what parameter was parsed to that string as a dword you should actually look where this string is used within the programs functions and you will also find the correct address to overwrite or intercept this way.. to find these kind of things IDA Pro is a useful tool if you do not have the sources of the exe in question.Yeah that is what I thought. I was sure it had to be something to do with Detours. It is a string sent to the %d. I have had nothing but, issues with Detours in VS 2019. LOL Thanks cyberinferno.
Update - Figured out my issue with Detours. Now continuing to test and figure the rest out. "Turns out that reading instructions really does work. LOL"