Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    susimilikiti
    susimilikiti is offline
    New member
    Join Date
    2011 Dec
    Posts
    48
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    144
    Thanked in
    9 Posts
    Rep Power
    0

    learning to unpack

    ok
    in here we all can start to help each other by learning together about how to unpack client

    first let me start
    this is the step by step things youll need to unpacked the client

    - Find OEP / Near OEP / stolen code
    - Find IAT / Magic Jump / Use GDI32 - API will not redirect in TM / WL
    - Get Full IAT / Fix VM API call´s and jump´s / Use Script
    - Repair stolen code / find input and output / log results
    - Delete useless section´s to reduce the target size

    question is.. how do you start finding these OEP... in aikain when i press shift-f9 in ollydbg several times its detected the debuger and immediately close the game client

    any one wants to share information is welcome

  2. The Following 2 Users Say Thank You to susimilikiti For This Useful Post:


  3. #2
    emoisback
    emoisback is offline
    Full member
    Join Date
    2011 Dec
    Location
    Indonesia there i'm
    Posts
    508
    Thanks Thanks Given 
    83
    Thanks Thanks Received 
    244
    Thanked in
    68 Posts
    Rep Power
    13
    use aadp4olly plugin to make your debuger not detected by Client..
    Learn from PGC for Share on PGC..


    For another Stuff i have make try to find it [Please, register to view links]
    If i have help you, please thanks and respect ..

  4. #3
    susimilikiti
    susimilikiti is offline
    New member
    Join Date
    2011 Dec
    Posts
    48
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    144
    Thanked in
    9 Posts
    Rep Power
    0
    and how do you setting aadp4olly
    its just .dll file
    i open it in olly setting and there is none for aadp

  5. #4
    rodoxfnx
    rodoxfnx is offline
    Banned
    Join Date
    2011 Dec
    Posts
    281
    Thanks Thanks Given 
    48
    Thanks Thanks Received 
    745
    Thanked in
    77 Posts
    Rep Power
    0
    Quote Originally Posted by susimilikiti View Post

    - Find OEP / Near OEP / stolen code
    - Find IAT / Magic Jump / Use GDI32 - API will not redirect in TM / WL
    - Get Full IAT / Fix VM API call´s and jump´s / Use Script
    - Repair stolen code / find input and output / log results
    - Delete useless section´s to reduce the target size
    Themida

    About OEP Load it up, ignore all the warnings, single step until you see the ESP change (turns red), right click on ESP and select “Follow in Dump”, highlight the first 4 bytes in the hex dump window, right click on them, select Breakpoint -> Hardware on access ->Dword, run, when it breaks it should be on the OEP or jump to OEP.

  6. The Following User Says Thank You to rodoxfnx For This Useful Post:


  7. #5
    susimilikiti
    susimilikiti is offline
    New member
    Join Date
    2011 Dec
    Posts
    48
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    144
    Thanked in
    9 Posts
    Rep Power
    0
    Quote Originally Posted by rodoxfnx View Post
    Themida

    About OEP Load it up, ignore all the warnings, single step until you see the ESP change (turns red), right click on ESP and select “Follow in Dump”, highlight the first 4 bytes in the hex dump window, right click on them, select Breakpoint -> Hardware on access ->Dword, run, when it breaks it should be on the OEP or jump to OEP.
    thanks but i cant get to open the aadp4olly setting..
    i copy it in ollydbg folder.. and stuck in there.. dont know what to do
    can you help me with my problem?

  8. #6
    rodoxfnx
    rodoxfnx is offline
    Banned
    Join Date
    2011 Dec
    Posts
    281
    Thanks Thanks Given 
    48
    Thanks Thanks Received 
    745
    Thanked in
    77 Posts
    Rep Power
    0
    Quote Originally Posted by susimilikiti View Post
    thanks but i cant get to open the aadp4olly setting..
    i copy it in ollydbg folder.. and stuck in there.. dont know what to do
    can you help me with my problem?
    aadp4olly is a plugin for Ollydbg that aims to hide Ollydbg from most of the common anti-debugger tricks,
    Just copy aadp4olly.dll to your plugin folder and that's all.



    I've got many kinda of Ollydbg with differ features but i like this one below.

    http://rapidshare.com/files/13814919..._EvOlUtIoN.rar

    Virustotal result: 9%
    Last edited by rodoxfnx; 2012-01-11 at 05:56 AM.

  9. The Following User Says Thank You to rodoxfnx For This Useful Post:


  10. #7
    susimilikiti
    susimilikiti is offline
    New member
    Join Date
    2011 Dec
    Posts
    48
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    144
    Thanked in
    9 Posts
    Rep Power
    0
    Quote Originally Posted by rodoxfnx View Post
    Quote Originally Posted by susimilikiti View Post
    thanks but i cant get to open the aadp4olly setting..
    i copy it in ollydbg folder.. and stuck in there.. dont know what to do
    can you help me with my problem?
    aadp4olly is a plugin for Ollydbg that aims to hide Ollydbg from most of the common anti-debugger tricks,
    Just copy aadp4olly.dll to your plugin folder and that's all.
    edit

    your picture just showed up

    let me try
    thanks dude


    edit.. so this the one that right... thanks again
    im confused because i just use the ollydbg it selft.. dont know if this kind of olly exist in the first place
    thanks

    ---------- Post added at 05:09 AM ---------- Previous post was at 04:54 AM ----------

    problem again

    when i try to play or shift f9 or f9, click step into step over it come up to this




    Uploaded with ImageShack.us


    any wrong move i make???
    Last edited by susimilikiti; 2012-01-11 at 06:19 AM.

  11. #8
    The_USDL
    The_USDL is offline
    Senior Member The_USDL's Avatar
    Join Date
    2011 Oct
    Posts
    201
    Thanks Thanks Given 
    24
    Thanks Thanks Received 
    538
    Thanked in
    47 Posts
    Rep Power
    0
    To Selecet / Change Plug-ins Folder

    1 - Click in Menu Option
    2 - Click in Aparence
    3 - Ciick in Directory Tab
    4 - Chagne de Directory

  12. #9
    susimilikiti
    susimilikiti is offline
    New member
    Join Date
    2011 Dec
    Posts
    48
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    144
    Thanked in
    9 Posts
    Rep Power
    0
    is there any solution to my problem??

    ---------- Post added at 09:48 PM ---------- Previous post was at 06:46 AM ----------

    i found my stolen code... but when i try to write it in dump_.exe it doenst fit all the nop in there
    my stolen code its a lot more than the code cave in dump_.exe

    whats wrong with it?
    can someone help me?

  13. #10
    Awal
    Awal is offline
    Member-in-training Awal's Avatar
    Join Date
    2011 Dec
    Location
    KOREA
    Posts
    124
    Thanks Thanks Given 
    17
    Thanks Thanks Received 
    56
    Thanked in
    11 Posts
    Rep Power
    0
    me too in other region work?this tutorial is usefull and helping other

Page 1 of 2 12 LastLast

Similar Threads

  1. [Info] BOI sqp archive unpack
    By Dwar in forum Battle of the Immortals
    Replies: 39
    Last Post: 2022-09-28, 09:40 AM
  2. unpack themida
    By bboydav in forum General Game Research
    Replies: 4
    Last Post: 2012-01-03, 11:49 AM
  3. Replies: 1
    Last Post: 2011-11-18, 10:51 AM
  4. [Request] Can someone unpack AIKAEN
    By pkedpker in forum Aika Online
    Replies: 3
    Last Post: 2011-04-20, 06:30 AM
  5. Good resource for learning how to CE in Aika
    By lionheart214 in forum Aika Online
    Replies: 11
    Last Post: 2010-11-30, 05:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •