0

I have executable (written probably in c++), which is connecting to the serverside software using tcp and windows sockets (win sock api).

Then it sends packet with header (for example header is two bytes 0x0064), login and password. And then starts it's interaction with server.

I want to change login packet header, for example, from 0x0064 to 0x0065.

Of course I can always change it on my PC using sniffer like WPE (winsock packet editor), or I can write dll using Microsoft Detours with socket send function wrapper, and inject it before program launch, but I will have to check every packet that is going to be sent, to know that it has 0x0064 header and it's exactly the packet that I want to change.

So, my question is - is there any easy way to find variable with this packet header (I believe they just hard coded it when building packet, like in sprintf), and just to change one byte in HEX editor without learning the assembler? Maybe there is good tutorial/crackme example with solution that will explain how to do it?

Any advice will be helpful. Thanks!

splattru
  • 608
  • 1
  • 9
  • 19
  • The problem is not in changing the byte. The problem is in finding the correct byte to change. If the executable is small, then with good luck you may find the right place to edit with a hexadecimal byte search `0x64 0x00` (x86/x86-64 architecture is little-endian). Then you would just replace that specific `0x64` with `0x65`. Sometimes modifying executables is that easy, but usually not, and then you really need to use a debugger and/or disassembler, and using either of them requires at least some basic understanding of the assembly language in question (in this case x86 or x86-64). – nrz Feb 23 '13 at 09:25
  • I fully understand that the promlem is to find right byte. Unfortunately, I am not too familiar with disassembling, so maybe there are easy guides/crack me examples/tutorials with task similar to mine, where I can start from? – splattru Feb 23 '13 at 16:53
  • [A Low Level Curriculum for C and C++](http://www.altdevblogaday.com/2011/11/09/a-low-level-curriculum-for-c-and-c/) may probably be useful. It is mentioned in a recent SO question http://stackoverflow.com/questions/15034247/osx-64-bit-c-disassembly-line-by-line . – nrz Feb 23 '13 at 17:14

0 Answers0