[RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE

one video tutorial plz..... :p :p :p :p :p :p :p :p plz :(

Yey. I finally make it to work with olly attached and some plugin like ollytrace/calltrace, however I dunno how to find and patch the dc flag that i have read in your other thread. Maybe a similar tutorial on how to do it would be a big help. thnks C:

Quote:

Originally Posted by gearbox Yey. I finally make it to work with olly attached and some plugin like ollytrace/calltrace, however I dunno how to find and patch the dc flag that i have read in your other thread. Maybe a similar tutorial on how to do it would be a big help. thnks C:

what u have attach?? cabalmain or the unpacked one my unpacked won't run normally

i can see the text string in unpacked but when i detect my unpacked cabal with bin (die to easy) its show molebox !! that mean ineed remove this protect too?? coorect me if im wrong plz

the unpacked one. just make sure it runs normally after unpacking. Just play a little with the settings of your olly. jeez.. i'm having a hard time need to learn more on how to use olly and the plugin.

Quote:

Originally Posted by gearbox the unpacked one. just make sure it runs normally after unpacking. Just play a little with the settings of your olly. jeez.. i'm having a hard time need to learn more on how to use olly and the plugin.

but my problem its the unpack won't to run, how i can play with setting in olly

i have try useexestealth and rl depacker method from this tread ,i got a unpacked.exe where we can see the text string but its can't run for attach it with olly so i think its this method of unpacking give wrong oep or maybe this unpacked don't pass gameguard im really out of idea .

i have try manual unpacking by following this tut
[Only registered and activated users can see links. Click Here To Register...]

i stop here in the tuto:

This is the end ;) Place memory bp on access on whole .code section and run target (Shift+F9 two times). You'll land on OEP of packed target:

00401000 MOV BYTE PTR DS:[40438C],0 ; This should be the OEP!
00401007 MOV BYTE PTR DS:[40448C],0
0040100E PUSH 0 ; /pModule = NULL
00401010 CALL IczEdit.00402E7A ; GetModuleHandleA

i don't know where i will put the bp for get the oep ,i have open the memory map and set memory bp on acess on .code after don't know what i can do :)
if some one can help me

thx to dlnqt :)
i have question for u dlqnt iof u still cheking this thread :) are u sucess to run your unpack cabalmain or not yet ??

Quote:

Originally Posted by gearbox guyzz.. i finally found the 1 shot unpacker, but the problem is when I open it with olly it says Entry Point is outside the code @_@. What should I do next?

what unpacker software did you use?

can anyone make a tutorial w/ VIDEO

thnx

Quote:

Originally Posted by adipogi99 can anyone make a tutorial w/ VIDEO thnx

:p:p:p:p:p:p:p

Quote:

Originally Posted by NewMaker but my problem its the unpack won't to run, how i can play with setting in olly i have try useexestealth and rl depacker method from this tread ,i got a unpacked.exe where we can see the text string but its can't run for attach it with olly so i think its this method of unpacking give wrong oep or maybe this unpacked don't pass gameguard im really out of idea . i have try manual unpacking by following this tut [Only registered and activated users can see links. Click Here To Register...] i stop here in the tuto: This is the end ;) Place memory bp on access on whole .code section and run target (Shift+F9 two times). You'll land on OEP of packed target: 00401000 MOV BYTE PTR DS:[40438C],0 ; This should be the OEP! 00401007 MOV BYTE PTR DS:[40448C],0 0040100E PUSH 0 ; /pModule = NULL 00401010 CALL IczEdit.00402E7A ; GetModuleHandleA i don't know where i will put the bp for get the oep ,i have open the memory map and set memory bp on acess on .code after don't know what i can do :) if some one can help me thx to dlnqt :) i have question for u dlqnt iof u still cheking this thread :) are u sucess to run your unpack cabalmain or not yet ??

if im not mistaken, 00401000 is the EP of the application and is not the OEP, that what i think.. i tried it also and it seems like it

hmmm i think... i need a video tut ^^, hope some1 can make 1
i have try this one.. but it wasnt easy... please upload some

Quote:

Originally Posted by angelrine if im not mistaken, 00401000 is the EP of the application and is not the OEP, that what i think.. i tried it also and it seems like it

we have the same problem here..

Quote:

Originally Posted by light_yagami hmmm i think... i need a video tut ^^, hope some1 can make 1 i have try this one.. but it wasnt easy... please upload some

dont expect anyone to post a step by step on everything, they hate leechers you know ^_^

@angelrine

even a more wider o more explaination in this dc flag is a big deal for me...

i have read the whole thread and i just get the program needed but i dont know what to do or what will happen next more explantion and those plug-in i think we need a link

its a hard to build a diamond from a piece of crapz do you get it?

hope someone can explain it more wider tnx

ty

English is not good, would only say thank you! :)