Tonyweb: Zeus from Board4All Finally Slams Me

Finally, Zeus from Board4All decided to beat the sh*t out of me in his latest announcement yesterday:

https://team-ira.com/index.php?/announcement/22-techlord-is-not-the-owner-of-this-forum-i-zeus-am-the-owner-click-for-more-details/

Challenger and Markat (Kate) were not spared either, although they are a part of his real-life family as I see πŸ™

In any case, you all know how to find me. Instead of emailing me, in future you can find me directly at this forum where I can sell you my porn and cracked software:

https://www.board4all.biz/members/tonyweb.288708/


Boilsoft Video Splitter 8.1.4 KEYGEN for Sale ($20)

It was out of PITY for de!’s hard work that I did not post the password. I did not forget it! de! IF YOU DARE, make a comment in this blog challenging me to post your PW and I will do so! For ALL to see.

TSRh is HACKED and its security TOTALLY COMPROMISED but you fail to see it. See my
today’s post where I posted the proof!

Download: https://www.mirrored.to/files/0N6XD0LV/bvskgn.7z_links

How to debug Jumps

Load it in a debugger and find out!

  1. You have executable-can-move checked in DllCharacteristic and relocations are present, thus windows7+ loads the executable at a random address, imagebase is just the preferred address. But as you can see in the opcodes you are hardcoding your VA, which will then be invalid.
  2. Better to choose a relative jump directly, which doesnt encode an absolute VA but rather the location relative to the current address. Use the following and avoid all issues with location of the executable:

000000013F44D000 E9 FB3FFEFF jmp 13F431000

If you are wondering how to get “FB3FFEFF”:

(0x000000013F44D000 – 114693) + 5 –> FB3FFEFF

where 0x000000013F44D000 is the current address, 114693 is the difference to the new location and 5 the size of the jump instruction itself.