Posts: 31
Threads: 5
Joined: Dec 2014
Reputation:
0
Posts: 31
Threads: 5
Joined: Dec 2014
Reputation:
0
(12-16-2014, 02:59 PM)travis Wrote: 23.83.96.42 on port 12346
exeinfo says its packed VMProtect v.2.07 - X.X 2003-2012 VMProtect Software - www.vmpsoft.com
mine is not
Code: Filename : C:\Program Files (x86)\LFROBOT\xiaohua.exe
File Size : 5,498,880 Bytes
Created Date : 12-12-2014 05:25:02
Modified Date : 12-12-2014 05:24:56
Executable Format : Portable Executable (32-bit)
MS-DOS Header Information
=========================
Bytes in the last page : 144
Number of pages : 3
Relocation entries : 0
Header size in paragraphs : 4
Initial SS (Relative) : 0x0000
Initial SP : 0x00b8
Initial CS (Relative) : 0x0000
Initial IP : 0x0000
Checksum : 0x0000
Portable Executable Header Information
===================================
Machine : Intel 386
Number Of Sections : 8
Number Of Symbols : 0
Optional Header Size : 224 Bytes
Time Stamp : 0x548a7bb0
Characteristics :
Optional Header Information
===================================
Linker Version : 11.0
Size Of Code : 229,376 Bytes
Size of initialized data : 2,433,024 Bytes
Size of uninitialized data : 0 Bytes
Section Alignment : 4,096 Bytes
File Alignment : 512 Bytes
OS Version : 5.1
Image Version : 0.0
Subsystem Version : 5.1
Size Of Image : 12,300,288 Bytes
Size Of Headers : 1,024 Bytes
Checksum : 0x00000000
Subsystem : Windows GUI
Reserve Stack Size : 0x00100000
Commit Stack Size : 0x00001000
Reserve Heap Size : 0x00100000
Commit Heap Size : 0x00001000
Base Address : 0x00400000
Entry Point : 0x00bb31e4
Base Of Code : 0x00001000
Base Of Data : 0x00039000
Section Headers Information
===================================
This file has 8 sections:
----------------------------------------
Section Name : .text
Virtual Address : 0x00001000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Code, Executable, Readable
----------------------------------------
Section Name : .rdata
Virtual Address : 0x00039000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Initialized Data, Readable
----------------------------------------
Section Name : .data
Virtual Address : 0x00045000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Initialized Data, Readable, Writable
----------------------------------------
Section Name : .vmp0
Virtual Address : 0x0004d000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Code, Initialized Data, Executable, Readable, Writable
----------------------------------------
Section Name : .tls
Virtual Address : 0x0067a000
Raw Data Size : 0x00000200
Raw Data Pointer : 0x00000400
Characteristics : Initialized Data, Readable, Writable
----------------------------------------
Section Name : .vmp1
Virtual Address : 0x0067b000
Raw Data Size : 0x0053c600
Raw Data Pointer : 0x00000600
Characteristics : Code, Initialized Data, Executable, Readable, Writable
----------------------------------------
Section Name : .reloc
Virtual Address : 0x00bb8000
Raw Data Size : 0x00000200
Raw Data Pointer : 0x0053cc00
Characteristics : Initialized Data, Readable
----------------------------------------
Section Name : .rsrc
Virtual Address : 0x00bb9000
Raw Data Size : 0x00001a00
Raw Data Pointer : 0x0053ce00
Characteristics : Initialized Data, Readable
----------------------------------------
Version Information
====================
Operating System : Windows NT, 32-bit Windows
File Type : Application
File Sub-Type : Unknown
File Version : 1,0,0,4
Product Version : 1,0,0,4
============================================================
Product Name : TODO: <???>
File Description : ??
File Version : 1.0.0.4
Product Version : 1.0.0.4
Company Name : TODO: <???>
Internal Name : LittleRedCap.exe
Legal Copyright : TODO: (C) <???>????????
Original FileName : ??.exe
Posts: 5
Threads: 0
Joined: Dec 2014
Reputation:
0
Followed this thread for a long time.
I wire sharked lfrobot and this is the server ; 23.83.96.42
Not sure if it is requesting with POST as far as i see it's not.
Posts: 31
Threads: 5
Joined: Dec 2014
Reputation:
0
(12-16-2014, 07:55 PM)MDMA Wrote: Followed this thread for a long time.
I wire sharked lfrobot and this is the server ; 23.83.96.42
Not sure if it is requesting with POST as far as i see it's not.
Just a tip , RDP is enabled  and ftp aswell its running on win server 2003
Posts: 5
Threads: 0
Joined: Dec 2014
Reputation:
1
12-17-2014, 12:13 AM
(This post was last modified: 12-17-2014, 12:30 AM by travis.)
it is. exeinfo says it is and and if you ollydbg to follow through some of the tutorial on tuts4you (same one you linked to above) there is evidence it is vmp. i tried to start the tut yesterday but strongOD wont run on x64. vmp is also referenced in your header info in section name breakdown indicating it is packed with vmp. LittleRedCap is the dev name I believe, he's working out of the F drive in the folder littleredcap not that it's important or relevant.
(12-16-2014, 06:10 PM)Malosa Wrote: (12-16-2014, 02:59 PM)travis Wrote: 23.83.96.42 on port 12346
exeinfo says its packed VMProtect v.2.07 - X.X 2003-2012 VMProtect Software - www.vmpsoft.com mine is not
Code: Filename : C:\Program Files (x86)\LFROBOT\xiaohua.exe
File Size : 5,498,880 Bytes
Created Date : 12-12-2014 05:25:02
Modified Date : 12-12-2014 05:24:56
Executable Format : Portable Executable (32-bit)
MS-DOS Header Information
=========================
Bytes in the last page : 144
Number of pages : 3
Relocation entries : 0
Header size in paragraphs : 4
Initial SS (Relative) : 0x0000
Initial SP : 0x00b8
Initial CS (Relative) : 0x0000
Initial IP : 0x0000
Checksum : 0x0000
Portable Executable Header Information
===================================
Machine : Intel 386
Number Of Sections : 8
Number Of Symbols : 0
Optional Header Size : 224 Bytes
Time Stamp : 0x548a7bb0
Characteristics :
Optional Header Information
===================================
Linker Version : 11.0
Size Of Code : 229,376 Bytes
Size of initialized data : 2,433,024 Bytes
Size of uninitialized data : 0 Bytes
Section Alignment : 4,096 Bytes
File Alignment : 512 Bytes
OS Version : 5.1
Image Version : 0.0
Subsystem Version : 5.1
Size Of Image : 12,300,288 Bytes
Size Of Headers : 1,024 Bytes
Checksum : 0x00000000
Subsystem : Windows GUI
Reserve Stack Size : 0x00100000
Commit Stack Size : 0x00001000
Reserve Heap Size : 0x00100000
Commit Heap Size : 0x00001000
Base Address : 0x00400000
Entry Point : 0x00bb31e4
Base Of Code : 0x00001000
Base Of Data : 0x00039000
Section Headers Information
===================================
This file has 8 sections:
----------------------------------------
Section Name : .text
Virtual Address : 0x00001000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Code, Executable, Readable
----------------------------------------
Section Name : .rdata
Virtual Address : 0x00039000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Initialized Data, Readable
----------------------------------------
Section Name : .data
Virtual Address : 0x00045000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Initialized Data, Readable, Writable
----------------------------------------
Section Name : .vmp0
Virtual Address : 0x0004d000
Raw Data Size : 0x00000000
Raw Data Pointer : 0x00000000
Characteristics : Code, Initialized Data, Executable, Readable, Writable
----------------------------------------
Section Name : .tls
Virtual Address : 0x0067a000
Raw Data Size : 0x00000200
Raw Data Pointer : 0x00000400
Characteristics : Initialized Data, Readable, Writable
----------------------------------------
Section Name : .vmp1
Virtual Address : 0x0067b000
Raw Data Size : 0x0053c600
Raw Data Pointer : 0x00000600
Characteristics : Code, Initialized Data, Executable, Readable, Writable
----------------------------------------
Section Name : .reloc
Virtual Address : 0x00bb8000
Raw Data Size : 0x00000200
Raw Data Pointer : 0x0053cc00
Characteristics : Initialized Data, Readable
----------------------------------------
Section Name : .rsrc
Virtual Address : 0x00bb9000
Raw Data Size : 0x00001a00
Raw Data Pointer : 0x0053ce00
Characteristics : Initialized Data, Readable
----------------------------------------
Version Information
====================
Operating System : Windows NT, 32-bit Windows
File Type : Application
File Sub-Type : Unknown
File Version : 1,0,0,4
Product Version : 1,0,0,4
============================================================
Product Name : TODO: <???>
File Description : ??
File Version : 1.0.0.4
Product Version : 1.0.0.4
Company Name : TODO: <???>
Internal Name : LittleRedCap.exe
Legal Copyright : TODO: (C) <???>????????
Original FileName : ??.exe
Posts: 26
Threads: 1
Joined: Dec 2014
Reputation:
0
12-17-2014, 12:45 AM
(This post was last modified: 12-17-2014, 01:05 AM by EsEnZeT.)
Change to xp, you cant debug easilly on 7.
Except this serv they have also another all in exe
Posts: 5
Threads: 0
Joined: Dec 2014
Reputation:
1
12-17-2014, 07:47 AM
(This post was last modified: 12-17-2014, 12:00 PM by travis.)
I am hesitant to discuss my findings in this thread now due to the fact it is being watched. CaptainPlanet is probably relaying this info back to LF Robot guys. If anyone here that knows what theyre doing wants to help, i've got the bot to the point where it opens, runs, zooms in and out WITHOUT a countdown timer (it stops working while training so no its not usable). I've got another problem I just hit that I am trying to work through. (I don't actually play the game and don't have an account to troubleshoot a lot of this stuff and dont really want to play to the point of getting to where I need to be in the game to use the bot properly)...Send me a PM.
Posts: 5
Threads: 0
Joined: Dec 2014
Reputation:
0
(12-17-2014, 07:47 AM)travis Wrote: I am hesitant to discuss my findings in this thread now due to the fact it is being watched. CaptainPlanet is probably relaying this info back to LF Robot guys. If anyone here that knows what theyre doing wants to help, i've got the bot to the point where it opens, runs, zooms in and out WITHOUT a countdown timer. I've got another problem I just hit that I am trying to work through. (I don't actually play the game and don't have an account to troubleshoot a lot of this stuff and dont really want to play to the point of getting to where I need to be in the game to use the bot properly)...Send me a PM.
U got ur pm disabled mate..
Posts: 5
Threads: 0
Joined: Dec 2014
Reputation:
1
Weird, didnt know it was disabled by default. It's on now. I'll send you a message in ~30 mins when I am off work.
Posts: 5
Threads: 0
Joined: Dec 2014
Reputation:
0
(12-17-2014, 09:26 AM)travis Wrote: Weird, didnt know it was disabled by default. It's on now. I'll send you a message in ~30 mins when I am off work.
sure, ill go get some sleep now.
Will answer tommorow.
-MDMA
|
