Originally Posted by
fennes
ont Unpack The Old Client, If You Succeed Unpacking It Wont Work On Latest Patch 3.3.1
For Latest AIKAIN,
Do Shift + F9 ; 18 Times
Until You Find This Sequence Code :
03C439EC 3100 XOR [EAX],EAX
03C439EE 64:8F05 00000000 POP DWORD PTR FS:[0]
03C439F5 58 POP EAX
03C439F6 833D B07EC403 00 CMP DWORD PTR [3C47EB0],0
03C439FD 74 14 JE SHORT 03C43A13
03C439FF 6A 0C PUSH 0C
03C43A01 B9 B07EC403 MOV ECX,3C47EB0
03C43A06 8D45 F8 LEA EAX,[EBP-8]
03C43A09 BA 04000000 MOV EDX,4
03C43A0E E8 2DD1FFFF CALL 03C40B40
03C43A13 FF75 FC PUSH DWORD PTR [EBP-4]
03C43A16 FF75 F8 PUSH DWORD PTR [EBP-8]
03C43A19 8B45 F4 MOV EAX,[EBP-C]
03C43A1C 8338 00 CMP DWORD PTR [EAX],0
03C43A1F 74 02 JE SHORT 03C43A23
03C43A21 FF30 PUSH DWORD PTR [EAX]
03C43A23 FF75 F0 PUSH DWORD PTR [EBP-10]
03C43A26 FF75 EC PUSH DWORD PTR [EBP-14]
03C43A29 C3 RET <<<<< Put BreakpOINT Here....
Shift + F9 1 Time
And Olly Will Stop on BreakPoint,
Just Push ALT + M ;
Look at Pop Up Windows
00400000 00001000 AIKAIN 00400000 (itself) PE header Imag 01001002 R RWE
00401000 0020E000 AIKAIN 00400000 code Imag 01001002 R RWE <<<<< Put BreakpOINT on access Here
0060F000 0001D000 AIKAIN 00400000 Imag 01001002 R RWE
0062C000 02178000 AIKAIN 00400000 Imag 01001002 R RWE
027A4000 0001A000 AIKAIN 00400000 .rsrc resources Imag 01001002 R RWE
027BE000 00013000 AIKAIN 00400000 .data data,imports,relocations Imag 01001002 R RWE
027D1000 00002000 AIKAIN 00400000 .adata Imag 01001002 R RWE
Push CTRL + T, thick box "Command is one of" put this in the right box "REP STOS BYTE PTR ES:[EDI]
"
Press OK and Then CTRL + F11.
Wait Until olly Stop Tracing...