Javier Albinarrate - LU8AJA

  • Increase font size
  • Default font size
  • Decrease font size

POPROXY Antivirus Project - Code Modifications

Print
Article Index
POPROXY Antivirus Project
Code Modifications
All Pages

Code Modifications

These are the few bytes that need to be modified and their explanation.

POPROXY_O.EXE Original File bundled with NAV 2001
POPROXY_B.EXE Patched version for Gateway and Server Side.

Values:
      Bind to               0.0.0.0
      Default Server IP     127.0.0.1
      Default Server Port   8110


17/05/2002 03:00
===================================================================================
Constants:
-----------
Address           Hex             ASCII       Description
0000BCD0-0000BCD1 AE1F            8110        Remote Port sin / (Hex Inv)
0000BCDC-0000BCDD 6E00            110         Default Remote Port con / (Hex Inv)
00004BB0          2B              +           OK Return Character
00004F68          2F              /           Mail Separator Character
00004F7B          5C              \           Mail Alternative Separator Character
00004FD2          3A              :           Port Separator Character
00010400-0001040F                 0.0.0.0     IP Local Bind (End with 0x00)
00010410-0001011F                 127.0.0.1   Default Remote IP (End with 0x00)
===================================================================================
Patches:
--------
===================================================================================
Bind IP:
00409C2A 6800044100             push 00410400     
===================================================================================
No char "/" requirement for USER:
00404820 83BDECFDFFFF00          cmp dword[ebp+FFFFFDEC], 00000000
00404827 E982000000              jmp 004048AE                          JUMP Always
===================================================================================
Host Management:

00404A30 51                      push ecx
00404A31=E94A720000              jmp 0000BC80
00404A36=EB00                    jmp 00404A38
00404A38 8B85FCFDFFFF            mov eax, dword[ebp+FFFFFDFC]
-----------------------------------------------------------------------------------
0040BC80 83BDECFDFFFF00          cmp dword[ebp+FFFFFDEC], 00000000
0040BC87 0F8513000000            jne 0040BCA0
0040BC8D 6810044100              push 00410410 (StringData)"127.0.0.1" Default IP
0040BC92 E9A18DFFFF              jmp 00404A38
0040BC97
--------
0040BCA0 8B95B8FDFFFF            mov edx, dword[ebp+FFFFFDB8]     Hostname after /
0040BCA6 52                      push edx
0040BCA7 E98C8DFFFF              jmp 00404A38
0040BCAC
===================================================================================
Remote Port Management:

004049DA=E9E1720000              jmp 0000BCC0
004049DF=EB00
004049E1
-----------------------------------------------------------------------------------
0040BCC0 83BDECFDFFFF00          cmp dword[ebp+FFFFFDEC], 00000000
0040BCC7 0F850C000000            jne 0040BCA0
0040BCCD C745E4AE1F0000          mov dword[ebp-1C], 00001FAE (8110) Port of Def IP
0040BCD4 E9088DFFFF              jmp 004049E1
0040BCD9 C745E46E000000          mov dword[ebp-1C], 0000006E  (110) Def General Port
0040BCE0 E9FC8CFFFF              jmp 004049E1
0040BCE5
===================================================================================
USER command Management:

00404C07 C645FC0D                mov byte[ebp-04], 0D
00404C0B=E920710000              jmp 0040BD30
00404C10=..                      Relleno
00404C11=EB00                    jmp 00404C13
00404C13=EB00                    jmp 00404C15
00404C15 68ACF54000              push 0040F5AC (StringData)"USER %s <cr><lf>"
-----------------------------------------------------------------------------------
0040BD30  83BDECFDFFFF00         cmp dword[ebp+FFFFFDEC], 00000000
0040BD37  0F8513000000           jne 0040BD50
0040BD3D  8B8DF0FDFFFF           mov ecx, dword[ebp+FFFFFDF0] ebp-210 Print FULL str
0040BD43  51                     push ecx
0040BD44  E9CC8EFFFF             jmp 00404C15
0040BD49
--------
0040BD50  8B8DFCFDFFFF           mov ecx, dword[ebp+FFFFFDFC]   Print User before /
0040BD56  8B5148                 mov edx, dword[ecx+48]
0040BD59  52                     push edx
0040BD5A  E9B68EFFFF             jmp 00404C15
0040BD5F
===================================================================================

 



Last Updated on Friday, 26 June 2009 20:20  

Google Translate

English French German Italian Portuguese Spanish