I have that software that hooks himself to recv from ws2_32.dll. I also double checked with spystudio and the data coming is just unreadable for me.
From spy studio I get that kind of output:
PID: 3188 TID: 3280 ws2_32.dll!recv ( SOCKET s: 0x2276, '', int len: 0x29, int flags: 0x0 );
Could anyone help me find a way to learn what kind of datatype/structure is being sent here? It shows the same "image" at every packet received pretty much. How would I proceed to learning such a thing? Any tools to help?
Hey, I have tried with wireshark too, I get similar rubbish. I can get part info though, but nothing much.
This is the kind of stuff I get fr开发者_开发技巧om wireshark
....U...........,. ....S..........U..........,. ....V.......R...E.2K...O......R..........E.7=..8...........p.a.b.-.g.r.a.m.o.s...Jq...............U............ ....S..........U........... ....4..4.R....=.....87H...R.........R...........&......2.....,..........&......2.....&.....E......X..
we can see some stuff, like that guy name gramos, but that's about it?!
Also from wireshark I can get the C Arrays, the data should be some readable text in the end.
char peer1_24[] = { 0x12, 0x00, 0x00, 0x00, 0x55, 0x10, 0x00, 0x01, 0x00, 0x40, 0x00, 0x00, 0x02, 0xcd, 0x40, 0x01, 0x64, 0x0a, 0x0b, 0x00, 0x00, 0x00, 0x53, 0x10, 0x01, 0x01, 0x00, 0x00, 0x07 };
is there anyway to convert those into something a human can read?
WireShark is the de-facto packet sniffing too9l. It has the advantage of being able to be extended with "dissectors", which is processing code you write in C.
http://wireshark.com/
精彩评论