Hi all
Many of ppl who hex dont know how to hex PI client since it doesnt contain a stub like bifrost ..It contains res sections that are included in the server .It depends on the settings you choose for the server.
I have mentioned the res that are in the PI client.
RES section are for :
DYNPROXYSTEAL.res for hijack proxy setting
ADDAUTOSTART.res for Auto start setting
PERSISTTHREAD.res for persistance setting
PENORMAL.executable for PE of server w/o icon support
PEICON.executable for PE of server with icon support
SHELLCODE.res shell code always included in the server
PILIB.executable always included in the server
BSDATA.res ?
Data_JOURNALLOGHOOK.res Always included in the server
OK now the way to hex PI is as this:
-Open the PI unpacked client with any res hacker etc...e.g:"PE explorer.."
-Do as here:
-After that select all the saved files and open them in Hex editor
-Create A PI server with 127.0.0.1 or anything, use these settings:
In the connections Menu choose hijack proxy & persistant.
In the install Menu choose ActiveX start-Melt-Key logger-Persistance.
In advanced Menu Inject into a custom process
-Now hex the server and find the detected value and change it and try the server that must work of course(to continue the work)
-Now copy the line that contains the detected value:
-After that ctrl+F and paste the copied line and search in all the opened files in the hex editor
-When u find the line. change the value u changed in the server.
-Replace the edited res or exe in the PI client.
-Now create the server it will work now and UD from the AV u hexed from.
N.B:Any question or if u didnt undestand the concept reply in the topic.
This TUT was written by ::Stranger21::
Good Luck in HEXing guys
//edit this is a vid tut abt that
http://rapidshare.com/files/37929412....0_UD.rar.html
pwd : uNkn0wn.eu