Unpacking question

01/21/2011 02:19 vmrtyr2#1
1st i hope i am in right section !!
2nd i have a packed cabalmain.exe ( as usual )
so i did what i know on it ( use PEiD 0.94 and DiE_0.64 ) and i found it is packed with ( ASPack 2.12 -> Alexey Solodovnikov )
and becuse i am noob in coding i search ( google & you tube )
i found a good way to unpack cabalmain.exe

i done what showed in the vidoe and i unpacked it then i rebuild imports
( i can open the game with the new cabalmain.exe ) but the prob in when i try to make G.M command !! i usualy use ResHacker to find version then apply it to anather unpacked cabal but in my case it says : " This file has non-standard resource layout , it has probably been compressed with exe comperessor "
so i go pack to PEiD 0.94 and DiE_0.64 to chk and it give me " Microsoft Visual C++ 7.0 [Debug] "
so -the noob question - what i suppose to do next ?!
sorry for long thread but i really want to know !! ty
01/22/2011 04:24 zeke____#2
Quote:
Originally Posted by vmrtyr2 View Post
1st i hope i am in right section !!
2nd i have a packed cabalmain.exe ( as usual )
so i did what i know on it ( use PEiD 0.94 and DiE_0.64 ) and i found it is packed with ( ASPack 2.12 -> Alexey Solodovnikov )
and becuse i am noob in coding i search ( google & you tube )
i found a good way to unpack cabalmain.exe
[Only registered and activated users can see links. Click Here To Register...]
i done what showed in the vidoe and i unpacked it then i rebuild imports
( i can open the game with the new cabalmain.exe ) but the prob in when i try to make G.M command !! i usualy use ResHacker to find version then apply it to anather unpacked cabal but in my case it says : " This file has non-standard resource layout , it has probably been compressed with exe comperessor "
so i go pack to PEiD 0.94 and DiE_0.64 to chk and it give me " Microsoft Visual C++ 7.0 [Debug] "
so -the noob question - what i suppose to do next ?!
sorry for long thread but i really want to know !! ty
umm i think you should visit hellspiders thread

[Only registered and activated users can see links. Click Here To Register...]

note:the unpacked .exes he has are euro cabal, im sure theres alot of questions you have that probably have been asked in that thread, so id scour through it.

[Only registered and activated users can see links. Click Here To Register...]

has some resources to use, he also links [Only registered and activated users can see links. Click Here To Register...] which has alot of helpful tutorials and add-ons/mods.

Most likely if anyone could answer your question it would be him. good luck :)
01/22/2011 13:48 vmrtyr2#3
mm i did like you said :S ,i dig it up and it is very good one ( for yoda pack + ASpack ) but still i sucseed in dump the cabalmain and fix its entery point ( it work fine for me ) but i have a couple of question :
1-how spider know it is yoda + AsProtect ( scan only show yoda + and ofcourse PUSH command is ASP ) so any other prog to show the multi packing ?
2- is me in right section or what ? ( coz i was w8ting for Punk or Omega or Pupix or hell they are the ones i always read to )
i am not asking for direct help !! need only to show me the right path - i will walk it alone -
01/22/2011 16:56 HellSpider#4
Quote:
Originally Posted by vmrtyr2 View Post
mm i did like you said :S ,i dig it up and it is very good one ( for yoda pack + ASpack ) but still i sucseed in dump the cabalmain and fix its entery point ( it work fine for me ) but i have a couple of question :
1-how spider know it is yoda + AsProtect ( scan only show yoda + and ofcourse PUSH command is ASP ) so any other prog to show the multi packing ?
2- is me in right section or what ? ( coz i was w8ting for Punk or Omega or Pupix or hell they are the ones i always read to )
i am not asking for direct help !! need only to show me the right path - i will walk it alone -
For multi-layer packers you need to unpack them layer by layer before you can detect which packers are used. Yoda's Crypter 1.x is used as the top layer, ASProtect lies beneath it.

You can detect ASProtect packed stuff by the entry:

Code:
PUSH <address>
CALL <address>
RETN
RETN
The resource directory structure error is often caused by resource editors which try to assume only one type of resource structure. I'd suggest you to try some other resource editor, there are good freeware ones :).