Quote:
Originally Posted by Spirit_12
Can you provide a change log?
|
Sure, according to
this, the old one NOP's out a JNZ in the code which is 6 bytes long. I took a look in the old server binaries and found that matched.
In the latest update though, that JNZ was replaced with a 2 byte short JNZ:
Now granted the code after that JNZ in the new one doesn't at all look like the old, but in all honesty it was just a fluke which worked out, that is, if it even did anything. It's entirely possible that nulling this JNZ doesn't do anything major and I didn't realise but who knows.
What I ended up doing was then opening up the .so file in a hex editor and searching for the hex string "90909090909000" which is what the extension replaces the previously 6 byte jump with, and replaced it with "9090F30F109D00", the latter 4 90s replaced with the original 4 bytes used in the binary.
For the signature, I just copied the byte code from the JNZ.