For anyone wishing to see where the code goes awry, it has to do with how MIRC parses the different params for the DCC. Specifically, for MIRC 6.11 at offset
:00456690 83FE28 cmp esi, 00000028
After parsing 40 (28 hex) spaces, it will stop inserting nulls and then end up dying in function 4ede70 (and will ultimately die on 4edf60). Enlarging the 0x28 comparison will fix the problems. I have not really researched the 4ede70 function, as I had traced it back to the NULL insertion routine and decided that was the main culprit.
-- Edit --
Process patcher code that I tested on 6.11, should work for other vers cause I doubt the code has been changed. Also I had the original offset in here incorrect since I hastily wrote out my findings. Unless if you're interested in programming, I'd just stick with the scripts posted above.
HWND mircwnd=FindWindow("mIRC",NULL);
char magickbytes[9]="\x8b\xff\x83\xfe\x28\x7f\x17\x68";
char tempmem[0x10000];
HANDLE prochandle;
DWORD procid;
DWORD x,y;
if(mircwnd!=NULL) {
GetWindowThreadProcessId(mircwnd,&procid);
prochandle=OpenProcess(PROCESS_ALL_ACCESS,FALSE,procid);
if(prochandle!=NULL) {
for(x=0x400000;x<0x540000;x+=0xfff6) {
if(ReadProcessMemory(prochandle,(void *)x,tempmem,0x10000,NULL)!=NULL) {
for(y=0;y<0xfff6;y++) {
if(!memcmp(tempmem+y,magickbytes,8)) {
printf("Magick bytes found at: %X",x+y);
WriteProcessMemory(prochandle,(void *)(x+y+4),"\x7e",1,NULL);
}
}
}
}
}
else printf("Unable to open MIRC process\n");
}
else printf("Unable to find MIRC window\n");
return 0;
Last edited by Magickian; 13/10/03 12:29 PM.
