Page 6 of 8 FirstFirst ... 45678 LastLast
Results 51 to 60 of 78
  1. #51
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by daily View Post
    dwar comon release new unpacked
    I release unpacked files right after client updates (generally)
    Quote Originally Posted by choyung View Post
    hmm, maybe we can inject dll for the gameguard?
    It will be discussed in another thread
    Quote Originally Posted by rendika2 View Post
    i cant find that.
    Code:
    0090F94E > $ 6A 74          PUSH 74
    0090F950   . 68 388A9C00    PUSH 2Game.009C8A38
    Stolen bytes. You need to find them while unpacking
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. #52
    rendika2
    rendika2 is offline
    Member-in-training
    Join Date
    2012 Aug
    Posts
    61
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    40
    Thanked in
    4 Posts
    Rep Power
    0
    can i see where stolen bytes?
    and replace that?
    Last edited by rendika2; 2012-08-14 at 02:54 PM.

  3. #53
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by rendika2 View Post
    can i see where stolen bytes?
    If I correctly understand your question, you can't find them in exe. ASProtect execute stolen code during unpacking and then point you to the OEP without these stolen bytes. Follow general ASProtect unpacking tutorial and try to get needed data
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  4. #54
    rendika2
    rendika2 is offline
    Member-in-training
    Join Date
    2012 Aug
    Posts
    61
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    40
    Thanked in
    4 Posts
    Rep Power
    0
    but im try to find stolen code.
    i cant find that
    so much bytes
    u can ss where ur find stolen code?

  5. #55
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by rendika2 View Post
    u can ss where ur find stolen code?
    During tracing and deobfuscating ASProtect code. It's impossible to directly point you to the right place. Just analyze the code.

    Let me make small explanation: ASProtect, due further exe protection, remove and copy to the internal routines several instruction from original OEP. Removed instruction are replaced by zero. At the end of unpacking protector executes these stolen instructions from his obfuscated routines and then continue running application right after zeros at the beginning of OEP.
    How to get these bytes? You need manually trace code after last exception (if you follow the tutorial).
    You should find junk code with a lots of jmp's
    Code:
    01E9D4D3    83CF 98         or      edi, -0x68
    01E9D4D6    5F              pop     edi
    01E9D4D7    6A 74           push    0x74
    01E9D4D9    68 388A9C00     push    0x9C8A38
    01E9D4DE    F3:             prefix rep:
    01E9D4DF    EB 02           jmp     short 01E9D4E3
    01E9D4E1    CD20 66812DEC   vxdjump 0xEC2D8166
    01E9D4E7    D4 E9           aam     0xE9
    01E9D4E9    0145 67         add     dword ptr [ebp+0x67], eax
    01E9D4EC    36:EB 01        jmp     short 01E9D4F0
    01E9D4EF    F3:             prefix rep:
    01E9D4F0    53              push    ebx
    01E9D4F1    EB 08           jmp     short 01E9D4FB
    01E9D4F3    E3 13           jecxz   short 01E9D508
    01E9D4F5    3B94E3 133B94EB cmp     edx, dword ptr [ebx-0x146BC4ED]
    01E9D4FC    01C7            add     edi, eax
    01E9D4FE    68 F3D4E901     push    0x1E9D4F3
    01E9D503    5B              pop     ebx
    01E9D504    F2:             prefix repne:
    01E9D505    EB 01           jmp     short 01E9D508
    01E9D507    9A 50EB01F0 FF3>call    far 34FF:F001EB50
    here we have our stolen code at 01E9D4D7 and 01E9D4D9
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  6. #56
    rendika2
    rendika2 is offline
    Member-in-training
    Join Date
    2012 Aug
    Posts
    61
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    40
    Thanked in
    4 Posts
    Rep Power
    0
    for trace like this?
    Ctrl+T
    REP STOS BYTE PTR ES:[EDI]
    Ctrl+F11
    view trace?

  7. #57
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by rendika2 View Post
    for trace like this?
    Are you kidding? I say "manually trace the code".
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  8. #58
    rendika2
    rendika2 is offline
    Member-in-training
    Join Date
    2012 Aug
    Posts
    61
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    40
    Thanked in
    4 Posts
    Rep Power
    0

  9. #59
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by rendika2 View Post
    like this find trace?
    I don't use condition BP and "run trace". After last exception, I step-by-step tracing code until I reach needed data. Sorry, but do you understand word "manually"?
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  10. #60
    rendika2
    rendika2 is offline
    Member-in-training
    Join Date
    2012 Aug
    Posts
    61
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    40
    Thanked in
    4 Posts
    Rep Power
    0
    Code:
    0090F94E     00             DB 00
    0090F94F     00             DB 00
    0090F950     00             DB 00
    0090F951     00             DB 00
    0090F952     00             DB 00
    0090F953     00             DB 00
    0090F954     00             DB 00
    0090F955   . E8 36040000    CALL Game.0090FD90
    0090F95A   . 33DB           XOR EBX,EBX
    0090F95C   . 895D E0        MOV DWORD PTR SS:[EBP-20],EBX
    0090F95F   . 53             PUSH EBX
    0090F960   . 8B3D CC029200  MOV EDI,DWORD PTR DS:[9202CC]
    0090F966   . FFD7           CALL EDI
    0090F968   . 66:8138 4D5A   CMP WORD PTR DS:[EAX],5A4D
    0090F96D   . 75 1F          JNZ SHORT Game.0090F98E



    u mean like F7 F8??
    btw why not shere unpack with vid?

Page 6 of 8 FirstFirst ... 45678 LastLast

Similar Threads

  1. [Release] Prius Online (Anima Online) Unpacked
    By Dwar in forum Other MMO
    Replies: 30
    Last Post: 2014-11-06, 11:56 AM
  2. [Release] SealOnline Eternal Destiny ASProtect unpacked
    By Grooguz in forum Other MMO
    Replies: 61
    Last Post: 2014-08-17, 05:00 AM
  3. [Release] Aika Online Themida unpacked
    By Dwar in forum Aika Bots, Hacks, Cheats
    Replies: 114
    Last Post: 2014-01-28, 09:54 PM
  4. [Dev] Cabal EU Yoda-ASProtect Unpacked
    By Grooguz in forum Cabal Bots, Hacks, Cheats
    Replies: 8
    Last Post: 2013-05-31, 01:31 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •