Thread: OllyDBG Beginner

I'm starting to work with OllyDbg and when I try to execute Aika unpacked (F9) it doesn't
open. I don't know if it's about windows 7 64 bits.

It stops there at FB | STI... and doesn't happen nothing.
I'm newbie and I really want to learn everything about it.

I'm trying to disable first xTrap by nopping some calls at OllyDbg, but I can't see them as I showed before? Am I in the right way? If not, guide me pls.


I heard about IDA PRO decompiler, is it better for beginners than OllyDBG?
I'm newbie and I really want to learn everything about it.

Thanks!

you are inside one of Xtrap functions... since you must stop before Xtrap execution, search for the string "cannot init xtrap" (no case-sensitive) and look at above: 2 CALLs followed by a JE. You can make the first patch there...

Originally Posted by rhu10

I'm starting to work with OllyDbg and when I try to execute Aika unpacked (F9) it doesn't
open. I don't know if it's about windows 7 64 bits.

It stops there at FB | STI... and doesn't happen nothing.
I'm newbie and I really want to learn everything about it.

I'm trying to disable first xTrap by nopping some calls at OllyDbg, but I can't see them as I showed before? Am I in the right way? If not, guide me pls.


I heard about IDA PRO decompiler, is it better for beginners than OllyDBG?
I'm newbie and I really want to learn everything about it.

Thanks!

Also, isn't only about changing it, u must change JE for JNZ, and the two above calls to NOP

it'll be like this:

call xtrap

call xtrap

if xtrap is loaded, jump, if not, "cannot init xtrap"

should NOP the two calls and change JE for JNZ right above the message.

The last call u must trace back from terminateprocess to the first call, maybe u can get something from winmain too...

OK GM3X, but can I run it on normal mode, or only on debugger?

When you run alone, it terminate, should find the terminateprocess call, by tracing it (trace function in ollydbg), when you do it, the client will not shutdown anymore.
Also, you can use the "AikaClient.log" to see where your client stopped and shut down, when I was makin' my dextrap, it was stoping after the "Init Network Manager"
Also, I'm proud to say that maybe Dwar release a nice tutorial about disabling xtrap soon.

You can use my guide to get some tips too...

See ya

Originally Posted by rhu10

Thanks bro, you helps me a lot.
I'll try it and post here my results.

------------------------------------------------
It stops here after "Init Network Manager" too.
But I can't run it even in debugger mode, it stops here:

Code:

772BF9CD    C2 0C00         retn    0xC

And it takes 10-20 seconds, after all this, aika stops working (windows tell me so).

Try to put some breakpoints on some calls, run it by alt+F9,NOP 2 calls above the messagebox and JNZ the jump over the message 'cant init xtrap', after u can breakpoint some calls and run it by alt+F9, also, you can run by animation too, or u can make 'trace into' and after, run by F9 too, and after the crash, see the trace list...

The 10-20 seconds maybe the loading screen.
RUN BY ALT+F9, line by line, keep pressing it with the breakpoint, I hope u can make it...

More than half-so, u must find the call that I said, about terminateprocess,isn't the intermodular call, it's a call that refeer to TP.