[RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE

Page 3 of 10

09/07/2009 06:32 iNFIDEL_#31

Well, good luck finding ways to unpack Themida/WinLicense. :)

09/07/2009 06:58 brian86#32

@dlnqt i reach the MoleBox 2.6x but i dont know how to remove this in such a way that the unpacked cabal can be attach to olly.. any tips?? tnx for the guide.

09/07/2009 07:36 angstfeardoubt#33

to dlqnt and atomica:

of cabalmain is unpacked up to this point, will i already be able to locate the dc flag?

is the dc flag on the cabalmain thread?

[Only registered and activated users can see links. Click Here To Register...]

thanks to the previous tips, i was able to change the bad and good combo thing to excellent. I'm learning!!!!

09/07/2009 09:56 dlnqt#34

I dont know if the dc flag is located in main.. but i think it is.. not sure though.. haven't found it yet :D

what you did there was live debug your original cabalmain.exe right? I guess only a handful of people know how to use the very basic of ollydbg :D

09/07/2009 10:06 NoobWant2Learn#35

try using the dmg_explo search.. i found 4-5 lines containing a comment dmg_explo
dont know if its for dmg_exploits, or dmg_explode , or dmg_explosion.. haha... but still try it

09/07/2009 10:23 trevsky#36

im starting from the very beginning on how to go live debug on Olly....

09/07/2009 10:30 NoobWant2Learn#37

open cabal via cr, start cabal, attach olly = live dbg

09/07/2009 13:27 lamenin#38

@noob
can u share with me how do u manage to keep ur cabal running when the olly is attached, coz when i attached it it shows that it's paused and when i play it it does continues to pause, even shift+f9 doesnt work for me. can u share me some insight with this

09/07/2009 13:51 spankwirenation#39

ANyone has a comshop here in manila? pm me i have an interesting offer!!!

09/07/2009 14:05 NoobWant2Learn#40

when attach its paused.. hit f9 to continue.. and if it doesnt, maybe ur options in olly blocks it... play with ur options.. and u will see what i mean

09/07/2009 14:47 lamenin#41

tnx, im onto tracing now, ist ollysocketrace that u used or ollycalltrace

09/07/2009 15:06 howcow95#42

@ anyone who can answer this question

instead of using cr to open cabal can you use hideolly? or phantom or some other plugin?

09/07/2009 15:17 NoobWant2Learn#43

hideOD hides the debugger from being detected, still u cant bypass the gameguard

09/07/2009 15:54 howcow95#44

still has a chance with x trap (CabalNA).... guess I'll try it after nw :)

09/07/2009 17:38 NoobWant2Learn#45

i think twinR would bypass xtrap as my friends from SEA uses that...

Page 3 of 10

Last »