This does not belong anywhere else...so...

[AYB]

The issue about cydoor is presumably it is calling the WinAPI function LoadLibrary and if it fails, complaining and exiting. So our job is to make it think the LoadLibrary call has succeeded, which my involve quite a lot of work filling in certain variables and forcing certain functions to return "correct" values. This can either be done at load time by editing the actual EXE file or at run time, by patching the call to LoadLibrary which causes it to first perform some of our code ( such as if( trying_to_load_cydoor ){ return success } else { call LoadLibrary } )

I will have a go with Hview, but surely all it gives you is the packed executable code?

[Scyth]

Quote:

Originally posted by AYB
Programs are able to check for debuggers such as SI by checking for INT3 (interrupt 3) which is a breakpoint. i.e. stops program execution so you can examine registers, memory etc. Kazaa is one of those which will not run if it detects it. I will read up more on this to see if there is a way around it.

Actually, Kazaa does something a little more tricky than this. Specifically it does something along the lines of (in C-like pseudo-code):

Code:

try {
  INT3
  ExitProcess();
} catch (...) {
}
//rest of code here

When not under a debugger, the breakpoint exception caused by the INT3 is caught by the program before ExitProcess is called. Under a debugger, the debugger catches the breakpoint exception. When execution is resumed, it continues at the next statement which causes the program to terminate.

You can get around this by patching changing four bytes in the latest executable begining at offset DD052h to 31-C9-F7-F1. This causes a divide by zero exeception to be thrown rather than a breakpoint exception. A debugger shouldn't catch divide by zero exceptions without first giving the program a chance to handle them.

Of course, that'll only let you debugger the loader section of the executable. You'll still have to get around the compression/encryption being used. Good luck with that.

[AYB]

Is it not possible to simply replace the INT3 with a JMP to the rest of the code? In order to debug the unpacked executable that is.

[Scyth]

Quote:

Originally posted by AYB
Is it not possible to simply replace the INT3 with a JMP to the rest of the code? In order to debug the unpacked executable that is.

You could, but first you'd have to do some cleaning up of the stack.

By the way, the debugger detection routine is in the unpacker/loader section of the executable. I've yet to succeed in unpacking it.

[AYB]

When you do, let us know

[Scyth]

Quote:

Originally posted by AYB
When you do, let us know

I'm not sure if I'll be able to. Reverse engineering isn't really my thing.

[Mowzer]

Timmy,

1) A modded morpheus, that presents the best UI change I have seen, Incorporating tabs, and a always present search box.

screenshot... http://home.attbi.com/~darkstar559/stuff/morpheus2.jpg

2) Old kazaa builds
http://ftp.pu.edu.tw/Cpatch/other/kazaa/source/

and here

http://ftp.nchu.edu.tw/Winsock/other/kazaa/source/

3) For refrence to those who want the original Disassembly of Kaza listing...

http://www.new-wave.net/gift/dis/rlandor.html

[butterfly_kisses]

re: Ethen thank-you that was some really helpful info.

a)concerning the jpg of morpheus (preview edition)

[i]if i could make my client look that for you.....i probably would. I like the idea of the constant search button btw

i have a semi-quasi archive of your old geocities p2ptech site do you mind if i post those 3 jpg's of the KaZaA (xp-ish) version that you once had worked on?

and also I really loved your comments on what the "client" should be like (that was an execellent article) mind if i repost those (here to Napsterites?) for the benefit of and the enjoyment of the "community"? thanks (hoping you will say yes, in advance

the older versions of the client links were cool and may be useful.

The sourcode or (dissasembly was excellent) for you cats on dial-up like me ....try downloading it (the webpage) with getright (select "No" if it asks you if you want to open the page in the getright browser window...just download it to your harddrive and view it from there with the webbrowser of your choice)

[Mowzer]

Nope. Please dont post my P2P stuff.

Its all enjoying retirement. Thanx in advanced.

[butterfly_kisses]

Quote:

Nope. Please dont post my P2P stuff.

Its all enjoying retirement. Thanx in advanced

I shall respect your wishes, then, mistar.

p.s or rather "btw" did you know

that this site http://communities.msn.com/P2PTech was online

and "operational" again...only this time it has been made a private closed to the community republic in an effort

to keep out the "frank rizzo's" of the world

[Mowzer]

Yeah I know. I can see the hits from MSN stats.

Just dont be putting up any of my old things. The name I dont own, but the material I do.

[butterfly_kisses]

okay, ethen we are cool then

i will respect your wishes....

now then an update for all on "what is taking you guys so long to do this? (p2p development and enhancement projects)"

First off, I'd like to say that it is NOT EASY to do what we are

trying to do. It is also NOT IMPOSSIBLE

what are some of the stumbling blocks in MY way?

a)i'm not a programmer

b)kazaa.exe has some seriously good protection schemes going on with it...please check out posts by "snowman" and "scyth" for more details.

1)encrypted processes which prevent tampering (removing of and changing icons, bitmaps, etcetera

2)protections (unknown file compression for an executable file similiar to the way you'd zip a regular file only this type of encryption is done to compress (make smaller) executable files with the extensions .EXE) it also prevents a Debugger or and uncompressing agent from unzipping it so that it can be broken down into a simpler form (uncompressed and "unpacked" with an unpacking tool like windasm8.93 or similiar)

3)some type of protection that detects softice (a program used by programer's for "debugging" problems with programs and can also be used by "us" hopefull to remove the dependency on having a cd_clint.dll in the first place as well as providing us with furthur insight into the wonderful program known as kazaa


what else is slowing me down?

c)While using Resource Hacker (a wonderful program invented by a genius programmer that allows you to customise most any 32bit windows executable program) I've encountered problems with the kazaa program that will either hang or crash the resource hacker program (its like walking through a landmine you never know which change will set off the bomb) so while i've been extremely close to getting things just right (remember i'm being brief and leaving out a few details for the sake of brevity here) Whenever one of these "bombs" would be triggered i would lose all the previous work i'd done on the client and have to begin again each time all over...This has happened to me 3 or 4 times already.

d)sometimes I get sick of trying to figure it out and need a break.

e)My main biggest problem which I consider (for me only) to be my biggest setback is making the application compatible with windows XP...i can get it to run perfectly on a Windows 9x machine but XP is in my humble opinion "so different" from windows 9x...the locations for the files...logins for multiple users..etecetera


f)My program will come with an uninstaller which WILL work (i think it was either Twinspan or Buzzbk who mentioned something about this in another post about how they hated having "leftovers" in the kitchen (window's registry) after a program was removed from their system)

Gentlemen, SO DO I


well, these are some of the reasons its taking me a while to complete this endeavor.

The last reason is this:

Do y'all want any form of "cookie" control or the ability to block websites from showing up inside the client window (metamorphesis or "whatever the final name will be") of the client?

I personally like the idea of cookie control but what are your thoughts?

Please some comments are DESIRED

feedback is important to this project and so too will betatesters

Goldenrod you are already on my list for one of the first to receive

a beta when its ready...


i could use a few more volunteers?

alright...who wants some?

hehe

[Mowzer]

"kazaa.exe has some seriously good protection schemes going on with it..."

Yeah thats why its taking you so long. Your not making a P2P app.

Your just ripping code from fasttrack, and reg editing it with your own icons etc, web browsing etc.

AYB and others I presume are building P2P apps based on kazaa maybe? But from code they developed, or prehaps making a program from scratch.

I would bet for that reason on the others being finished first.

As for editing kazaa to be spyware free and include other features, one like that is already done and its very good. Its called KaZaALite.

Gift tried orignally reverse enginering KaZaA and the Fast track network, and even though they met with sucess, they decided it was far better to switch the mindset over into developing thier own app.

Why not use your skills to do the same?

[butterfly_kisses]

hi, ethen

you almost make that sound like a bad thing (trying to reverse

the kazaa app) and while gift did change their focus i think it

was due more to frustration over not being able to understand

the mechanisms behind the updated software (i'm sure this was

a dissapointment and major setback for them) I look forward

to their new independent project and wish them much success

with it.


To answer you briefly as to why not make my own p2p app?

I do not think i am talented enough or have the necessary

specific skills (e.g., programming understanding networks

especially packet based and how they work, encryption/decrption

etcetera, etcetera)

so i do what all good "programmers" people do...I piggyback "much like ALTnet" on the back of kazaa

or rather I take an already existing idea and try to make it better

and TRUE very TRUE kazaalite is GREAT i do not give Shaun

enough credit (i think he and "yuri" are one in the same) His websites (the one shutdown that contained the info i needed on Xml "skinning" for windows XP and the kazaalite app....darn that Sharman") and his new site the tk one with the "nuke" was a great idea. I won't say much more about it except that i admire him and his site.

i can't remember the exact quote i wanted to make but i'll try to give you something anyway ...here goes:

shoot i can't remember...maybe tomorrow i will have a "snappy" comeback for you but tonight i am tired and in need of rest (deserved or not....i need some)



p.s. thanks for implying that i have skills or talents that was nice.

[Mowzer]

Okay then. Enjoy your Kazaa clone.

I didnt realize your not into programming. Always thought you were.

[butterfly_kisses]

first my apologies to all who rely on me for their information concerning fasttrack and the continuing events at kazaa.

what you read here...a lot of it will be unpolished meaning you won't always find fancy words or descriptions here...sometimes you will just see me "doodling" or "taking notes" this thread is kind of like a repository for my ideas and hopefully for the ideas of others of you too.

I know that there are quite a few of you who possess some firsthand knowledge of these clients (kazaa/oldMorpheus/Grokster) some of you helped to work on the applications themselves performing different tasks..some of you were also put out of work by the morpheus shutdown. it would be nice if some of you PM me with information on the network you'd now like to share as a form of "revenge"

Now a little rant:

Okay we(we here represents "the people") have cracked DeCsS (the encryption for DVD's) we've cracked the RS5 (damn i get the version wrong...all the time) encryption....but when it comes to kazaa, [sarcasm]nope, that's WAY TO HARD![/sarcasm]

lol, fancier encryption algorithyms have been cracked, DeCss has been cracked so why not KaZaA? we just need a few motivated and talented/interested people to do it who will share their knowledge.

Remember to these elite few who possess the knowledge and abilities above those of their "fellow men" this task is nothing to most of them and to some of them they could care less about changing the icons in kazaa the true joy for them comes in opening up the protection on a "locked box" (in this case the lock is the protection scheme on a program) for them they take pleasure in outsmarting someone else...their motto "if it can be encrypted it can be unencrypted" to these people i salute you.

[Scyth]

Quote:

Originally posted by AYB
When you do, let us know

I just managed to unpack the Kazaa installer. I won't be posting it as that would be illegal. Instead, I'll write an automated unpacker and post that. Look for it later today.

The Kazaa executable itself appears to use the same packing/protection system. Unpacking it should be easy enough now.

[butterfly_kisses]

with the above in mind....i found this thread located on the new
kazaalite forums:

http://www.kazaalite.com/nuked/modul...thread&tid=240

Quote:

Author: Subject: Cleaned Kazaa.exe
dixi

Newbie





Posts: 1
Registered: 9/5/2002
Status: Offline
posted on 9/5/2002 at 12:24 PM
Hi!
1. True "kazalite" (no need for cd_clint.dll),
packed with upx:

File: kazaa_1.61_cracked.exe
Length: 940032 Bytes, 918KB
UUHash: =YMkxS8lOEVYG2ITZAlpTb57ifo8=

2. For all wannabe crackers
original but unpacked exe:

File: kazaa_1.61_main_exe_upacked.exe
Length: 2494464 Bytes, 2436KB
UUHash: =IYaFdO0FrgMfe76KFlx7EkJOtEg=

bye !

i've been trying unsuccessfully to download this for about 20 minutes....if its a hoax then that sucks if its for real then it would be a breakthrough....if its a trap....then oh well

but right now i/we can't afford to pass up any chance at anything that will be helpful or useful to us.

Thanks for the support i have here in the Napsterites forum and thank-you to the programmer's here who offer their insights and some who even don't mind compiling the raw source code for a few apps i have.

I've got some information attained from astalavista.com and i believe bugtraq for a program that would allow you to send an instant message to anyone on the kazaa network based on their username@KaZaA

someone has asked me about the newer versions of KaZaA and the way the DNS works...i will try to do an indepth tutorial on this soon (hopefully no longer than a week's time from this post today)

Short answer to (your question) Yes, you can change your username at well and yes the DNS is updated in realtime by the supernode(s) you are connected to.

[butterfly_kisses]

God(deity of your choice inserted here) bless you Scyth!

Excellent work my friend. I knew you could do it!

[butterfly_kisses]

some helpful tools can be found here

The PEexplorer is very useful and comes with the upx uncompressors also the resource tuner allows you to see a lot more of those "forbidden" bmp's than resource hacker would let you see....both of these programs are shareware (free to evaluate for 30-days)

Scyth I look forward to your utility soon as well.

you know you could post something like:

http://www.angelfire.com/super2/kazaa and that way you are only posting the link to angelfire...and people can copy and paste the ending in their webbrowser...that way you'd not be violating any TOS on napsterites