[RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE

Page 7 of 10 « First 56 7 89 Last »
09/27/2009 21:01 jinghow#91
hi, im just trying to work thru the steps on the first page, and currently trying to unpack the dump.exe file. but i have tried every combination of options on rl depacker and still unable to unpack, i mostly get:
unpack started...
+ OEP found at 00797AF2
+ Process dumped
+ Searching for IAT
File can not be unpacked!

Ive tried to repeat the steps prior and i fall at the same hurdle, I know its bad practice to ask such simple questions when the instructions are plain and simple, but i was hoping some one can point me in the right direction.

Thanks in advance!
09/27/2009 22:05 pajoo#92
4. For the options, checking the following options FAILS the unpacking process:
> Hide unpacker for detection
> Use tracer to correct IAT

but after that step i try to start unpacked.exe with cabal rider and it doesnt start
09/28/2009 01:43 bboyecko#93
Quote:
Originally Posted by pajoo View Post
4. For the options, checking the following options FAILS the unpacking process:
> Hide unpacker for detection
> Use tracer to correct IAT

but after that step i try to start unpacked.exe with cabal rider and it doesnt start
cabalrider cant start a modified cabalmain(in this case unpacked.exe) afaik
09/28/2009 20:10 angstfeardoubt#94
Quote:
Originally Posted by bboyecko View Post
cabalrider cant start a modified cabalmain(in this case unpacked.exe) afaik

It can. I'm running an unpacked cabalmain (although not fully unpacked and not really necessary) with cabalrider for debugging.
09/28/2009 21:38 foxxxx#95
i have the same problem with unpacking the dump.exe and can't solve the problem too :( any help ?


aslo can any1 tell how to run plugin ollycalltrace ? in "readme" i read "just intstal the plugin ... etc." but how instal it ? i see the file "unkown file format" and when i double click it windows ask me how to start the file (sorry can't explain it better poor eng)
09/28/2009 23:07 howcow95#96
Quote:
Originally Posted by angstfeardoubt View Post
It can. I'm running an unpacked cabalmain (although not fully unpacked and not really necessary) with cabalrider for debugging.
how are you doing this >.>? I tried using CR but as soon as I get olly open and try to attach it just crashes
09/28/2009 23:22 foxxxx#97
i have similiar problem with mine unpacked (seems to be) main.exe---- when i run it with CR gg loads o.O and error mesage appears " there is a problem with your hacking .....etc." so i think CR don't bypass gg with unpacked exe :(
09/29/2009 13:01 angstfeardoubt#98
let the bypass remain active without CR functions
09/29/2009 15:04 foxxxx#99
Quote:
Originally Posted by angstfeardoubt View Post
let the bypass remain active without CR functions
what do you mean ? i use Cr only for bypass i did't pay for it :)
10/03/2009 00:15 howcow95#100
was wondering if sumone could tell me what it's supposed to look like if your actually debugging it properly :S... I see olly flipping out in the back when cabals running .... is that right?
10/12/2009 12:30 emmany#101
Somebody pls help me. i already saw the dc flag in the olly socket trace but i dont know what to do next. Please pm me your ideas. Thanks.
10/15/2009 19:40 gearbox#102
guyzz.. i finally found the 1 shot unpacker, but the problem is when I open it with olly it says Entry Point is outside the code @_@. What should I do next?
10/20/2009 21:14 edytza#103
thanks man it works :X
10/21/2009 05:48 brian86#104
can we ask for the link for the 1 shot unpacker ? T_T pls..
10/22/2009 05:00 NewMaker#105
when we can see the text string in olly of unpacked cabalmain that mean we have done??? cos i have try to open it for attach it with olly but nothing happend just see unpacked.exe in process i have try open it with CR same thing :(
maybe i have miss something to finish it plz some tips will help me ty u guys :)
Page 7 of 10 « First 56 7 89 Last »