Name: Anonymous 2011-06-17 15:21
I want to do some reverse engineering but my knowledge is rather limited. I'm working on Windows.
To be precise, I want to reverse-engineer a protocol used by a flash application, but I can't just sniff packets as the connection is encrypted.
So I thought that perhaps I could "hot patch" the functions that encrypt/decrypt the data sent/received so that they would save the data in a file, which I could then analyze.
But I'm not sure what to do now. I know how to use OllyDBG to attach to the process I'd want to infiltrate and check the modules it imports and the functions imported/exported by the modules, but I don't know how to (easily) check which of those functions are called, and then I would have to change the code of those functions, which I've never done before, and I don't even know if I should prepare a second DLL to replace the original one or simply change the functions directly in the memory of the process I'm targeting.
Or maybe I'm overthinking all this and there's no need to mess around with WinAPI stuff and I could exploit the fact that the protocol is used by a flash application.
To be precise, I want to reverse-engineer a protocol used by a flash application, but I can't just sniff packets as the connection is encrypted.
So I thought that perhaps I could "hot patch" the functions that encrypt/decrypt the data sent/received so that they would save the data in a file, which I could then analyze.
But I'm not sure what to do now. I know how to use OllyDBG to attach to the process I'd want to infiltrate and check the modules it imports and the functions imported/exported by the modules, but I don't know how to (easily) check which of those functions are called, and then I would have to change the code of those functions, which I've never done before, and I don't even know if I should prepare a second DLL to replace the original one or simply change the functions directly in the memory of the process I'm targeting.
Or maybe I'm overthinking all this and there's no need to mess around with WinAPI stuff and I could exploit the fact that the protocol is used by a flash application.