Posted by teamotu on 1/17/2000, 10:22 pm
209.198.242.61
The target has already entirely been revealed, the heart of it is this routine at 00446A74 that is referenced by 4 conditionnal jmps and especially the subroutine containing the LstrcmpA at 00446BA7. My two bytes patch is just pushin the two same values in edx and ecx before the LstrcmpA call.At 00446B99 8D9510FFFFFF lea edx,[ebp+FFFFFF10] (fake key [ebp-F0]) change it to 00446B99 8D95A0FEFFFF lea edx, [ebp+FFFFFEA0] (real key [ebp-160]) that's 2 bytes ...
too bad :+P
teamotu