.::NℰOH4X::.
Finding LTClient || Tutorial #1 by .::NℰOH4X:: ||
Requirements:
-master131's Module Dumper
-LordPE
-OllyDbg
-------------------------------------------------------------------------------------------
*VIDEO TUTORIAL*
-------------------------------------------------------------------------------------------
*TEXT TUTORIAL*
First off , we will need to dump cshell.dll to access it via Ollydbg .
1.)Follow master131's tutorial here , Thanks @master131: ---->https://www.mpgh.net/forum/207-combat...le-dumper.html
2.)Once you have followed the process of dumping cshell.dll and removing the .dmp extension (Tip : that extension may be hidden and you will need to untick hide extensions in your folder options in control panel / appearance ! )
we can now move forward to the next process , opening it in OllyDbg .
Your screen should now look like this :
Now , once you've opened it and it looks like the above image , right click anywhere , and click on Search for -> All Referenced Text Strings .
Your screen should now look like this :
Ok once you screen looks like the above image , scroll ALL the way up than scroll like two or one arrow key down and find " ASCII "invalid vector<T> subscript" " , once you find it CLICK on it than right click on it and click on search for text and type in "ILTModelClient.Default" , once you do , it'll take you to it , !
Here's an image when finding ( ASCII "invalid vector<T> subscript" ) :
* Don't mind the square the invalid vector string is behind it *
Once you get the ILTModelClient.Default highlighted , Press CTRL + L 2 Times ! on the second time it will highlight the red CPU selection press it again rapidly one more time and it should go back to ILTModelClient.Default ! , *It'll take a few tries to get it right !* ,right click on it and click on "Follow in disassembler ! " .
Here is how it should look after doing CTRL + L 2 Times :
Now keep scrolling up till you see the first black dot !
It should look like this ! :
there should be 8 numbers highlighted in gray in the left . Take those numbers and add a 0x in front of them !
If you did everything right LTClient should be : 0x3781D678
--------------------------------------------------------------------------------------------------------------
~NℰOH4X~
I hope this helped anyone wanting to find the LTClient Address , with this method , it can be used to find other different addresses in cshell.dll .
If this tutorial is too confusing , I will make a video in the afternoon step by step !
Thanks .
~NℰOH4X~