| View previous topic :: View next topic |
| Author |
Message |
Euphorical
Cheater
 Reputation: 9
Joined: 17 Feb 2008
Posts: 35
|
|
| Back to top |
|
 |
paupav
Master Cheater
![]() Reputation: 13
Joined: 15 Apr 2011
Posts: 314
Location: P. Sherman 42, Wallaby Way, Sydney
|
 Posted: Sun Jun 10, 2012 5:14 pm Post subject: |
 |
|
| Is that hack free?
|
|
| Back to top |
|
|
Euphorical
Cheater
Reputation: 9
Joined: 17 Feb 2008
Posts: 35
|
| Posted: Sun Jun 10, 2012 5:18 pm Post subject: |
|
|
| paupav wrote: | | Is that hack free? |
its an .exe, advertising perma patched hacks... 100% chance of keylog
|
|
| Back to top |
|
|
M.
Master Cheater
![]() Reputation: 23
Joined: 09 Dec 2007
Posts: 267
Location: wat
|
| Posted: Sun Jun 10, 2012 5:22 pm Post subject: |
|
|
| Dolan wrote: | | paupav wrote: | | Is that hack free? |
its an .exe, advertising perma patched hacks... 100% chance of keylog |
And you didn't tell him it's a free working hack... why?
|
|
| Back to top |
|
|
paupav
Master Cheater
![]() Reputation: 13
Joined: 15 Apr 2011
Posts: 314
Location: P. Sherman 42, Wallaby Way, Sydney
|
| Posted: Sun Jun 10, 2012 5:25 pm Post subject: |
|
|
| Lol they patched it fast. they say that it worked on 6.6.2012... is combat arms still crappy game full of hackers as it used To be?
|
|
| Back to top |
|
|
Fafaffy
Cheater
 Reputation: 65
Joined: 12 Dec 2007
Posts: 28
|
| Posted: Sun Jun 10, 2012 5:33 pm Post subject: |
 |
|
Too lazy to reverse more, but this is a unique virus. It's doing injection of some sort, and I can't figure it out. I ran this in sandboxie and it didn't drop any files, but it does start with like 4 processes which are sister threaded for persistence.
Here's practically 80% of the code in the program that I found. Too lazy to continue
Also, the message box is the decrypted code of that encrypted message at the top
_________________
| Brillia wrote: | | I FUCKING FUCK SEX |
|
|
| Back to top |
|
|
PUSHEAX_PUSHEAX
Grandmaster Cheater
![]() Reputation: 72
Joined: 13 Apr 2009
Posts: 969
|
| Posted: Sun Jun 10, 2012 11:44 pm Post subject: |
|
|
Can we get some Olly in da building. I wish I could use Olly 
|
|
| Back to top |
|
|
Cryoma
Member of the Year
![]() Reputation: 198
Joined: 14 Jan 2009
Posts: 1819
|
| Posted: Mon Jun 11, 2012 12:00 am Post subject: |
|
|
wat
olly is like ce, you just target an exe and there you go
|
|
| Back to top |
|
|
PUSHEAX_PUSHEAX
Grandmaster Cheater
![]() Reputation: 72
Joined: 13 Apr 2009
Posts: 969
|
| Posted: Mon Jun 11, 2012 12:55 am Post subject: |
|
|
| Cryoma wrote: | wat
olly is like ce, you just target an exe and there you go |
I really hope you aren't serious...
Do you think I mean I can't open a program for disassembly..?
I'm talking about actually disassembling it... Furthermore, some programs can actually detect a debugger and will not run. I'm not sure if you know ASM (You don't) but it can take hours on well protected applications.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Jun 11, 2012 1:05 am Post subject: |
|
|
ollydbg is useless on .net applications because you'll spend more time reversing the .net framework than on the cil which is what you should be interested in. it's the equivalent of disassembling a java program, instead of decompiling it.
cryoma is just useless
also what the fuck is sister threaded supposed to mean lmfao
|
|
| Back to top |
|
|
Fafaffy
Cheater
Reputation: 65
Joined: 12 Dec 2007
Posts: 28
|
| Posted: Mon Jun 11, 2012 1:12 am Post subject: |
|
|
| Slugsnack wrote: | ollydbg is useless on .net applications because you'll spend more time reversing the .net framework than on the cil which is what you should be interested in. it's the equivalent of disassembling a java program, instead of decompiling it.
cryoma is just useless
also what the fuck is sister threaded supposed to mean lmfao |
Sister thread is basically an exe running for the sole purpose of watching over another exe
Let me put it this way: you got 2 exe's:
1. Some virus, like a RAT
2. the sister thread
The sister thread basically watches over the RAT, and if for any reason the RAT process ends, the sister thread starts it back up again.
_________________
| Brillia wrote: | | I FUCKING FUCK SEX |
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Jun 11, 2012 1:19 am Post subject: |
|
|
| i have never encountered that term before and google doesn't turn up anything relevant either. where did you pick up such an obscure term? why would it be called a sister thread? this sort of thing can be referred to as a supervisor process instead though even that is not common
|
|
| Back to top |
|
|
Fafaffy
Cheater
Reputation: 65
Joined: 12 Dec 2007
Posts: 28
|
| Posted: Mon Jun 11, 2012 1:21 am Post subject: |
|
|
| Slugsnack wrote: | | i have never encountered that term before and google doesn't turn up anything relevant either. where did you pick up such an obscure term? why would it be called a sister thread? this sort of thing can be referred to as a supervisor process instead though even that is not common |
I've seen it discussed as a sister thread various times on HF. It's probably not the appropriate term, but it's what I learned years ago, and what I'm used to say.
_________________
| Brillia wrote: | | I FUCKING FUCK SEX |
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Jun 11, 2012 1:23 am Post subject: |
|
|
| it's a dumb terminology because thread suggests it is part of the same process
|
|
| Back to top |
|
|
Cryoma
Member of the Year
![]() Reputation: 198
Joined: 14 Jan 2009
Posts: 1819
|
| Posted: Mon Jun 11, 2012 1:39 am Post subject: |
|
|
| BLVCK wrote: | | Cryoma wrote: | wat
olly is like ce, you just target an exe and there you go |
I really hope you aren't serious...
Do you think I mean I can't open a program for disassembly..?
I'm talking about actually disassembling it... Furthermore, some programs can actually detect a debugger and will not run. I'm not sure if you know ASM (You don't) but it can take hours on well protected applications. |
I don't know asm very well but it's still impolite to assume, and I've used olly to crack some stuff and it was easy as hell.
Maybe I was just lucky.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
