i tried to do exactly like the pictures.. but i got different values and now i don't know how to discover the right oep and size to use in importREC. if someone can answer i would be grateful
i tried to do exactly like the pictures.. but i got different values and now i don't know how to discover the right oep and size to use in importREC. if someone can answer i would be grateful
all we can do right now is wait for S4R4H. i cant seem to make a bp at [0x2D53A30] since it will run the game and the debugger gets detected. i can find the same values if i bp at [0x2D53A29] but encounters a problem at "run trace". i cant seem to find the EBP=[0x12FFC0].
i try it at AikaIn, when i shit+f9 5x it show up :
https://progamercity.net/attachment....1&d=1326458124
anyone can help me?? >.<
Please register or login to download attachments.
just read carefuly, what s4r4h say, what he plugin used..
have u have plugin anti-anti debuger.
Learn from PGC for Share on PGC..
- [Please, register to view links]
- [Please, register to view links]
- [Please, register to view links]
- [Please, register to view links]
For another Stuff i have make try to find it [Please, register to view links]
If i have help you, please thanks and respect ..
i having a hard time looking for the right stolen codes for aikasm.exe can someone update the tut? i think the values changed after the update.
well after looking at all the problems you guys posted I realized that I have made a mistake, placing BP at the wrong place earlier in the guide..
so I went over and over again trying to unpack the client, this time the BP is on the first RETN, unsuccessful..
the number of stolen bytes are larger than the code cave..
what I got.. (excluding all the JMP SHORTs)
the replacements went over the original OEP, after finishing with LordPE the whole thing just would not run anymore..LEA ESP,DWORD PTR SS:[ESP+4]
MOV EBP,ESP
PUSH -1
PUSH 623730
PUSH 5EF620
MOV EAX,DWORD PTR FS:[0]
SUB WORD PTR DS:[2E562AF],57AB
PUSH 5F
PUSH D07337EF
MOV DWORD PTR SS:[ESP+4],EAX
LEA ESP, DWORD PTR SS:[ESP+4]
MOV DWORD PTR FS:[0],ESP
SUB ESP,58
SUB WORD PTR DS:[2E562DD],57AB
PUSH 5F
PUSH D07337EF
MOV DWORD PTR SS:[ESP+4],EBX
LEA ESP,DWORD PTR SS:[ESP+4]
SUB WORD PTR DS:[2E56301],57AB
PUSH 5F
PUSH D07337EF
MOV DWORD PTR SS:[ESP+4],ESI
LEA ESP,DWORD PTR SS:[ESP+4]
SUB WORD PTR DS:[2E56325],57AB
PUSH 5F
PUSH D07337EF
MOV DWORD PTR SS:[ESP+4],EDI
LEA ESP,DWORD PTR SS:[ESP+4]
MOV DWORD PTR SS:[EBP-18],ESP
I am so sorry guys.. the guide is my first time in trying to unpack a client and it looks like I have failed
I like to make stupid theories and asssumptions..
i got the same problem as you. i manage to finish unpacking the client but after running it i can see aikasm.exe in process but disappers in a few secs. and "PUSH D07337EF" seems to be an unknown identifier when you try putting it in. thank you for you efforts though.
Dont Unpack The Old Client, If You Succeed Unpacking It Wont Work On Latest Patch 3.3.1
For Latest AIKAIN,
Do Shift + F9 ; 18 Times
Until You Find This Sequence Code :
03C439EC 3100 XOR [EAX],EAX
03C439EE 64:8F05 00000000 POP DWORD PTR FS:[0]
03C439F5 58 POP EAX
03C439F6 833D B07EC403 00 CMP DWORD PTR [3C47EB0],0
03C439FD 74 14 JE SHORT 03C43A13
03C439FF 6A 0C PUSH 0C
03C43A01 B9 B07EC403 MOV ECX,3C47EB0
03C43A06 8D45 F8 LEA EAX,[EBP-8]
03C43A09 BA 04000000 MOV EDX,4
03C43A0E E8 2DD1FFFF CALL 03C40B40
03C43A13 FF75 FC PUSH DWORD PTR [EBP-4]
03C43A16 FF75 F8 PUSH DWORD PTR [EBP-8]
03C43A19 8B45 F4 MOV EAX,[EBP-C]
03C43A1C 8338 00 CMP DWORD PTR [EAX],0
03C43A1F 74 02 JE SHORT 03C43A23
03C43A21 FF30 PUSH DWORD PTR [EAX]
03C43A23 FF75 F0 PUSH DWORD PTR [EBP-10]
03C43A26 FF75 EC PUSH DWORD PTR [EBP-14]
03C43A29 C3 RET <<<<< Put BreakpOINT Here....
Shift + F9 1 Time
And Olly Will Stop on BreakPoint,
Just Push ALT + M ;
Look at Pop Up Windows
00400000 00001000 AIKAIN 00400000 (itself) PE header Imag 01001002 R RWE
00401000 0020E000 AIKAIN 00400000 code Imag 01001002 R RWE <<<<< Put BreakpOINT on access Here
0060F000 0001D000 AIKAIN 00400000 Imag 01001002 R RWE
0062C000 02178000 AIKAIN 00400000 Imag 01001002 R RWE
027A4000 0001A000 AIKAIN 00400000 .rsrc resources Imag 01001002 R RWE
027BE000 00013000 AIKAIN 00400000 .data data,imports,relocations Imag 01001002 R RWE
027D1000 00002000 AIKAIN 00400000 .adata Imag 01001002 R RWE
Push CTRL + T, thick box "Command is one of" put this in the right box "REP STOS BYTE PTR ES:[EDI]
"
Press OK and Then CTRL + F11.
Wait Until olly Stop Tracing...
tx
Dont used old client if u used it, when you chose aeris, calpar or other they will say if your client version is wrong.
just do what fennes say..
for 16x or 18x its doesnt metter just press shift + f9 until you find a similiar code..
what fennes post is a half way to unpack the client..
just say thanks to him if its help you..
Learn from PGC for Share on PGC..
- [Please, register to view links]
- [Please, register to view links]
- [Please, register to view links]
- [Please, register to view links]
For another Stuff i have make try to find it [Please, register to view links]
If i have help you, please thanks and respect ..