at the other thread started by dlnqt it stated the process on how to remove the dc flags.. but for us noobs we stuck on unpacking the exe.... i admit im a noob in olly but im determined to learn.. pls give me hints on how to unpack cabal.exe
[Discussion]How to unpack cabalmain.exe
08/31/2009 09:16
NoobWant2Learn#1
08/31/2009 12:47
sparrowaie#2
good one! this is the thread for us noobs. we just hope some pro hackers/crackers pass by and give us ideas on how to start with this thingy. :handsdown:
08/31/2009 14:47
NoobWant2Learn#3
^
^
^
lets hope they would clear out our troubled minds
^
^
lets hope they would clear out our troubled minds
08/31/2009 15:35
ashgamer#4
plzzzz... help me easy tips to get @_@...
08/31/2009 15:55
NoobWant2Learn#5
we cant find oep by just tracing coz the protector uses anti-dumping,anti tracing,pe header erasing and etc etc...im stuck
08/31/2009 16:11
dlnqt#6
use PEiD to identify the packer..
08/31/2009 17:10
NoobWant2Learn#7
the packer of cabalmain.exe is yoda 1.x / modified as what Peid shown to me.. but it doesnt seem to match w/ yoda tutorials
09/01/2009 00:58
025025#8
post the tutorial step by sped for all , PLEASE :handsdown:
09/01/2009 06:30
jammer07#9
why do you need to unpack the exe file?.was it to bypass GG?can't we use CR to bypass GG?
I tried attaching olly directly to the cabal process but it always end up terminating the process, then I have to restart again.. if I attach the olly to the cabalmain.exe file It shows those addresses,calls,functions, etc...I think it shows how the program executes itself..
Can someone give us a hint on where do we start...??
I tried attaching olly directly to the cabal process but it always end up terminating the process, then I have to restart again.. if I attach the olly to the cabalmain.exe file It shows those addresses,calls,functions, etc...I think it shows how the program executes itself..
Can someone give us a hint on where do we start...??
09/01/2009 06:38
jaypee02#10
help :p
09/01/2009 16:51
sparrowaie#11
we need to unpack cabalmain to begin removing the DC flags as explained in the other thread "Removing DC flag". you can't do that if you do not unpack cabalmain because it is protected for reversing/cracking. they do not mean to give this just easily so we need to make our way out. this is to prevent unwanted proliferation of the exploit just like before. if you happen to get it the hard way, i don't think you'll give that the easy way don't you? that i think is their point. i myself haven't gone that far yet. hehehe... but i'm willing to learn... :mofo:
and mind you. if you go through all the tutorials available on the net on reversing, you can apply it in other apps/software not just cabal. its your own benefit anyway going through all those hardships.
i tried reading unpacking tuts but to no avail, i can't seem to understand all of it so i decided to make it through step 1 of the reversing tuts. its feels better... :D
and mind you. if you go through all the tutorials available on the net on reversing, you can apply it in other apps/software not just cabal. its your own benefit anyway going through all those hardships.
i tried reading unpacking tuts but to no avail, i can't seem to understand all of it so i decided to make it through step 1 of the reversing tuts. its feels better... :D
09/01/2009 17:14
dlnqt#12
Unpacker for cabalmain.exe..
[Only registered and activated users can see links. Click Here To Register...]
Antivirus will detect it as a virus, mine deletes it.. open it then point to your cabalmain.exe, it will successfully unpack cabal.. you will see a dump.exe in you cabal folder. But there is another protection for it.. aspack/asprotect..
[Only registered and activated users can see links. Click Here To Register...]
Antivirus will detect it as a virus, mine deletes it.. open it then point to your cabalmain.exe, it will successfully unpack cabal.. you will see a dump.exe in you cabal folder. But there is another protection for it.. aspack/asprotect..
09/01/2009 17:56
logan432#13
i did find the oep but cant repack it again.. did you repack you unpack exe?Quote:
Unpacker for cabalmain.exe..
[Only registered and activated users can see links. Click Here To Register...]
Antivirus will detect it as a virus, mine deletes it.. open it then point to your cabalmain.exe, it will successfully unpack cabal.. you will see a dump.exe in you cabal folder. But there is another protection for it.. asprotect..
09/01/2009 18:48
dlnqt#14
there is another unpacker needed.. not just unexestealth. look for RL!dePacker.exe
I will be posting soon how to unpack cabalmain.exe step by step. but there is another problem, I don't know how to pack cabalmain.exe back again. AFAIK, they said that cabalmain.exe will still run even if it's not the same size, so unpacked cabalmain.exe SHOULD work normally. But maybe my OEP is wrong or some asm codes were destroyed during unpacking..
btw, after you unpack it again with RL!dePacker.exe, look at the unpacked.exe. you will now see all the asm of cabal, str skill commands etc. unlike in a packed cabalmain.exe that's full of garbage asm or whatever :p
btw for those people that would encounter this specific error (ollydbg will completely hang when you open unpacked.exe), try a fresh installation of ollydbg without any plugins, it should work.
I will be posting soon how to unpack cabalmain.exe step by step. but there is another problem, I don't know how to pack cabalmain.exe back again. AFAIK, they said that cabalmain.exe will still run even if it's not the same size, so unpacked cabalmain.exe SHOULD work normally. But maybe my OEP is wrong or some asm codes were destroyed during unpacking..
btw, after you unpack it again with RL!dePacker.exe, look at the unpacked.exe. you will now see all the asm of cabal, str skill commands etc. unlike in a packed cabalmain.exe that's full of garbage asm or whatever :p
btw for those people that would encounter this specific error (ollydbg will completely hang when you open unpacked.exe), try a fresh installation of ollydbg without any plugins, it should work.
09/01/2009 19:14
logan432#15
maybe we need to join force lol:)Quote:
I will be posting soon how to unpack cabalmain.exe step by step. but there is another problem, I don't know how to pack cabalmain.exe back again. AFAIK, they said that you cabalmain.exe will still run even if it's not the same size, so unpacked cabalmain.exe SHOULD work normally. But maybe my OEP is wrong or some asm codes were destroyed during unpacking..
btw, after you unpack it again with RL!dePacker.exe, look at the unpacked.exe. you will now see all the asm of cabal, str skill commands etc. unlike in an unpacked cabalmain.exe that's full of garbage asm or whatever :p
btw for those people that would encounter this specific error (ollydbg will completely hang when you open unpacked.exe), try a fresh installation of ollydbg without any plugins, it should work.