WarRock Hack Syndycate

WarRock Hack Syndycate

WarRock Hack Syndycate
HomeCalendarFAQSearchMemberlistUsergroupsRegisterLog in
Supreme WarRock Hackers

Share | 

 Writing an addylogger

Go down 

PostSubject: Writing an addylogger   Thu Mar 15, 2012 7:01 pm

Hi guys, now I write here as find and write one signature for WarRock.

Components you need:

OllyDGB 1.10

WarRock.exe [UnPacked Update]

We search:

PlayerPointer -> 0xA28DC8 (PUBLIC)

Escalator -> 0x53E027 (VIP)

begin with escalator (very easy )

Open WarRock.exe [unpacked] with OllyDgb.

now, -> right click -> Go To -> Expression -> Paste ur Vip Address-> Press OK.

Let's go to the string.


0053E027 -> Our addy

895D 08 -> Is Our Signature / Byte Off

MOV DWORD PTR SS:[EBP+8],EBX ->instruction that move the data
writing addylogger:

DWORD dwEscalator FindPattern (PBYTE)"\x89\x5D\x08\xD9\x46\x08\xD9\x46\x04","xxxxxxxxx",0,0); // 0,0 = Don't EXTRACT THE ADDRESS

Right Click -> Search For -> Costant-> Paste ur Public Address-> Press OK.

Let's go to the string.


004180D3 -> The extern address

8325 C88DA200 00 -> Signature / NO byte off

AND DWORD PTR DS:[A28DC8],0 -> The instruction "AND" is: XY = X AND Y. (Example)
writing addylogger.

DWORD dwPlayerPtr FindPattern (PBYTE)"\x83\x28\x00\x00\x00\x00\x00\xA1\x14\x8E\xA2\x00","xx?????xxxx?",true,2);


true = extract address

2 = The bytes before the dynamic bytes (The address on the contrary) 00 00 00 00 00 (83, 28) (are called StaticByte)

C88DA2 -> 000000, Why? Lolx, C88DA2 is A28DC8, and every update the address changes, so we MUST put "\x00" =)
Finish =) and remember:

"xx?????xxxx?" , "xxxxxxxxx", is the mask, it helps the addylogger to find the address. How it works? easy, u use "x" for byte different from "\x00", and if u find "\x00" put"?".

Credits: Me
Back to top Go down
Writing an addylogger
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
WarRock Hack Syndycate :: WarRock Philippines Source Code-
Jump to: