updated the doc about quick_sniff

oryair1 · oryair1 · commit fb536e00ff88 · 2024-08-12T12:41:18.000+03:00
diff --git a/docs/doc_quick_sniff.md b/docs/doc_quick_sniff.md
@@ -18,7 +18,7 @@ quick_sniff is really a DLL that is injected into the Quick Share for Windows ap
 ### Parameters
 Since quick_sniff is a DLL and not a command line tool, we created two constant variables at the top of the `quick_sniff.cc` file that is compiled into `quick_sniff.dll`. These are their names and purpose:
 * `LOG_FILE_PATH`: A path to a log file to create. The sent and received packets will be logged into this log file.
-* `PACKET_FLOW_DIR_PATH`: A path to a directory to save files in our custom format that contain sequences of sent packets. For each session between two Quick Share devices, two files will be created. Each of them contains the sequence of packets that were sent by one of the participated devices. The format is very simple - 4 bytes of length in little endian, followed by a serialized packet (the packets that Quick Share uses are called OfflineFrame, and they are defined by Protobuf. So, a serialized packet means a Protobuf serialized OfflineFrame)
+* `PACKET_FLOW_DIR_PATH`: A path to a directory to save files in our custom format that contain sequences of sent packets. For each session between two Quick Share devices, two files will be created. Each of them contains the sequence of packets that were sent by one of the participated devices. The format is very simple - 4 bytes of length in little endian, followed by a serialized packet (the packets that Quick Share uses are called OfflineFrame, and they are defined by Protobuf. So, a serialized packet means a Protobuf serialized OfflineFrame). To better understand the custom format, read the docs about [**pack_packet_flows & parse_packet_flows**](/docs/doc_pack_parse_packet_flows.md)
 
 ### Advanced Parameters
 quick_sniff works by hooking the most basic Read & Write functions that are used by Quick Share to send and receive packets using any communication method. They don't have symbols inside the compiled binary, and so we must set their addresses (offsets) statically per the version of the Quick Share app. We set the addresses to the addresses of these functions in the vulnerable version of Quick Share that is present in this repository. If you want to sniff packets on a different version, you'll have to modify the addresses. Quick explanations for how to find these functions in a disassembler are written in comments in `quick_sniff.cc`. The names of these functions in Quick Share's source code are:
