Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Atlantica Online
You last visited: Today at 21:37

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement
Bitcoin Dice Game


Atlantica Server unpacking, if anyone wants to help

Discussion on Atlantica Server unpacking, if anyone wants to help within the Atlantica Online forum part of the MMORPGs category.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: May 2014
Posts: 1,043
Received Thanks: 233
Atlantica Server unpacking, if anyone wants to help

I started manually fixing the imports for the Atlantica Server 3.23.05 released by x123x123x in the topic New Year's Surprise!

I look at the disassembly code after I dumped it, and it looks pretty close to the original 3.02.11 lots of areas look exactly the same.. and I was just scanning the whole file with my eyes alone and finding the import addresses and names for all imports that existed in 3.02.11 I believe if I add them all with the correct address it will work again, and you can have a server with Lvl 200 CAP and lots of improvements like bigger Item Id / Npc Id number limit.

I found from research on chinese websites where Safengine 2.4.0.0 is unpacked and downloaded their tools and even found a video how to do it.. but its sadly for x86 not x64 targets.. so I couldn't adapt it correctly..

There is no way to extract the imports with tools as the safengine packer completely overwrites all call qword ptr ds:[XXX] and jmp qword ptr ds:[XXX] with regular CALL [XXX], you will notice all the CALL's which have invalid data after them is the overwritten opcodes.. I fixed like 60-70% of all them with a custom x64 disassembler I worked on and lots of patches like 4000 or so of them I did purely by hand.. to make the v3.02.11 code look the same in the packed server.

I attached my project here if anyone wants to continue working on it.. i'll probably continue myself too until I finish it.. but it might take me months alone if anyone wants to help out be my guest.

I also attached the tools I found to open the Server in packed form with all the proper plugins to completely make it undetected from safengine.

Here is a list of all imports.. the ??? are the ones that I haven't found yet or brother to find yet.. lots of imports will not be found because of the patched CALL instructions by safengine they are hidden and will start appearing later when you start patching them correctly with the original code.

Also if you download the chinese tool to unpack the safengine.. I would recommend you download it because it contains my save files of my progress I did on the Atlantica_dump_64_FullyLoaded.exe which contains about 500 Label's I did to make the code look exactly the same as the old server.

The Tool is x64Dbg which was all chinese luckily for me I found the langauge changer in the ini file so I changed it back to english.

Here is the tool: 60 MB


Useful plugin for IDA 7.0 (Patchdiff): I compiled this plugin for IDA 7.0 and it works perfectly.. it saves soo much time and work! by automatically matching the old server EXE with the new one so you can just fix the issues.

P.S.> patchdiff is kinda slow on a 12 MB binary file.. it will take about 2 days to complete!



PW: aobot

My List

Quote:
ADVAPI32

RegCloseKey = 0x00000001411F6537
RegDeleteKeyW = 0x00000001411FD21B
RegDeleteValueW = 0x00000001411FD646
RegOpenKeyExW = 0x00000001411FE028
RegCreateKeyExW = 0x00000001411FDB1F
RegEnumKeyExW = 0x00000001411FE49D
RegSetValueExW = 0x00000001411FEF26
RegQueryInfoKeyW = 0x00000001411FF28F

COMCTL32

InitCommonControls = 0x00000001411E1330

GDI32

DeleteObject = 0x000000014120303D
TextOutW = 0x0000000141204B49
GetStockObject = 0x00000001411D99CB

KERNEL32

RtlEnterCriticalSection = 0x00000001411CE6B5
WideCharToMultiByte = 0x00000001411C84F6
MultiByteToWideChar = 0x00000001411C7784
ReadFile = 0x00000001411CFED7
SetFilePointer = 0x00000001411E3815
GetFileSize = 0x00000001411CFA3F
RltDeleteCriticalSection = 0x00000001411CE253 (30)(1411CB210)
RtlDeleteCriticalSection = 0x000000014124D056 (39) (1411CB210) (jmp) (removed) (converted to first address) (duplicate need combine 100% checked)
GetLastError = 0x00000001411F8E92
RtlInitializeCriticalSection = 0x00000001411E9882
GetSystemTime = 0x00000001411EDA92
WriteFile = 0x00000001411F18DA
IsDBCSLeadByte = 0x00000001411F299B
GetCurrentDirectoryW = 0x00000001411F811D
GetModuleHandleW = 0x00000001411FA552
lstrlenW = 0x00000001411C80A0
RaiseException = 0x00000001411F914D
SizeofResource = 0x00000001411FB21B
LoadResource = 0x00000001411FADFE
FindResourceW = 0x00000001411FA926
LoadLibraryExW = 0x00000001411FA477
lstrcmpiW = 0x00000001411FBBAD
GetTickCount = 0x00000001411E6AB2
HeapFree = 0x000000014126CD99 (99% or destory)
HeapReAlloc = ??? (filled with HeapFree for fun)
HeapAlloc = ??? (filled with HeapFree for fun)
GetSystemInfo = 0x0000000141239CE0
SetCurrentDirectoryW = 0x00000001412011FB
FindClose = 0x0000000141201B6D
FindFirstFileA = 0x000000014122F2F2
FindFirstFileW = 0x0000000141201688
OutputDebugStringA = 0x0000000141219A3D
VirtualFree = 0x000000014124CA85
CreateFileA = 0x00000001411CF5D8
SetEvent = 0x0000000141215149
SleepEx = 0x0000000141214CEB
CreateEventA = 0x00000001412155B0
RtlLeaveCriticalSection = 0x00000001411CBA5B (117) (1411CB066)
RtlLeaveCriticalSection = 0x00000001411CB570 (42) (jmp) (1411CB066) (removed) (converted to first address) (duplicate jmp 100% checked)
ResetEvent = 0x00000001412159DC
PostQueuedCompletionStatus = 0x000000014121A83A
GetQueuedCompletionStatus = 0x000000014121ACF8
CreateIoCompletionPort = 0x000000014121B123
FindNextFileW = 0x00000001412111A5
CreateDirectoryA = 0x000000014122ED90
RemoveDirectoryA = 0x0000000141230692
FindNextFileA = 0x0000000141230239
RemoveDirectoryW = 0x00000001412315CA
SetFileAttributesA = 0x000000014122F896
SetFileAttributesW = 0x0000000141230DD1
SetCurrentDirectoryA = 0x0000000141231FAF
GetModuleFileNameA = 0x0000000141231B05
QueryPerformanceCounter = 0x00000001411CEF52
QueryPerformanceFrequency = 0x00000001412348EB
UnmapViewOfFile = 0x000000014122E047
MapViewOfFile = 0x000000014122DE0B
OutputDebugStringW = 0x00000001411DE238
CreateMutexA = 0x0000000141234E1F
GetCurrentDirectoryA = 0x000000014121E258
SetFileTime = 0x000000014124060B
GetFileTime = 0x0000000141240135
IsDebuggerPresent = 0x0000000141265BBD
UnhandledExceptionFilter = 0x0000000141266091
TerminateProcess = 0x000000014126674F
GetStartupInfoW = 0x000000014125E2F0
HeapSize = ??? (filled with HeapDestory wrong on purpose)
HeapDestroy = 0x000000014126CD99 (guess kinda) wrong 100% i think
GetProcessHeap = 0x000000014126C56D
TlsFree = 0x00000001412727A4
TlsSetValue = 0x0000000141253301
TlsAlloc = 0x000000014127232F (guess kinda)
SetThreadAffinityMask = 0x0000000141252EED
CreateThread = 0x0000000141252A7B
GetProcessAffinityMask = 0x0000000141252AC3
ResumeThread = 0x00000001412525CF
SuspendThread = 0x000000014125212C
GetFileAttributesA = 0x0000000141250201
ReleaseSemaphore = 0x000000014124EC9B
CreateSemaphoreA = 0x000000014124F03C
SetThreadPriority = 0x0000000141251CE0
OpenMutexW = 0x00000001411D879F
CreateMutexW = 0x00000001411D9071
GetLocalTime = 0x00000001411D2AC5
CreateDirectoryW = 0x00000001411D740E
GetModuleFileNameW = 0x00000001411D12AD
LoadLibraryW = 0x00000001411DB10A
GetProcAddress = 0x00000001411DEFC7
CreateFileW = 0x00000001411DF3FE
GetCurrentThreadId = 0x00000001411CB1E9
GetCurrentProcessId = 0x00000001411DFB3A
GetCurrentProcess = 0x00000001411E0060
CloseHandle = 0x00000001411D03A5
SetUnhandledExceptionFilter = 0x000000014122CDBD
ReleaseMutex = 0x00000001411D547A
FreeLibrary = 0x00000001411D5D0C
GetSystemDefaultLangID = 0x00000001411D42C1
Sleep = 0x00000001411D466D
CopyFileW = 0x00000001411D338A
GetCommandLineW = 0x00000001411D4BBA
DeleteFileW = 0x00000001411D37DF
DeleteFileA = 0x000000014122FD07
RltVirtualUnwind = 0x00000001412708C9
RltLookupFunctionEntry = 0x00000001412711F9
RltCaptureContext = 0x000000014126572D
WaitForSingleObject = 0x0000000141215EF3
GetSystemTimeAsFileTime = 0x0000000141268936
CreateFileMappingA = 0x000000014123576C

MSVCP90

[email protected][email protected][email protected]@[email protected]@@[email protected]@QEBA [email protected][email protected]@[email protected]@@[email protected] = (bug same as below one) 0x000000014120E83B
[email protected][email protected][email protected]@[email protected]@@[email protected]@QEBA [email protected][email protected]@[email protected]@@[email protected] = 0x000000014120E83B
[email protected][email protected][email protected]@[email protected]@@std @@[email protected] = 0x000000014120EC76
[email protected][email protected]@[email protected]@[email protected] = 0x000000014120A62A
[email protected][email protected]@@QEBA_JXZ = 0x000000014120AB52
[email protected][email protected]@@QEBAHXZ = 0x000000014120B657
[email protected][email protected][email protected]@[email protected]@@[email protected]@QEB AGXZ = 0x000000014120B90D
[email protected][email protected][email protected]@[email protected]@@[email protected]@QE [email protected][email protected]@[email protected]@@[email protected] XZ = 0x000000014120BD9
[email protected][email protected][email protected]@[email protected]@@s [email protected]@[email protected] = 0x000000014120C686
[email protected][email protected]@[email protected]@SAGXZ = (bug same as [email protected]?$basic_streambuf) 0x000000014120CB5A
[email protected][email protected]@[email protected]@[email protected] = (bug same as [email protected]?$char_traits) 0x000000014120D023
[email protected][email protected][email protected]@[email protected]@@s [email protected]@[email protected] = 0x000000014120D52A
[email protected][email protected]@@[email protected] = 0x000000014120D972
[email protected][email protected][email protected]@[email protected]@@[email protected] @[email protected] = (bug same as below one)0x000000014120E5A7
[email protected][email protected][email protected][email protected]@@@st [email protected]@[email protected] = 0x000000014120E5A7
[email protected]@@YA_NXZ = 0x000000014120F1E1
[email protected][email protected][email protected]@[email protected]@@std @@QEAAXXZ = (bug same as below one) 0x000000014120F692
[email protected][email protected][email protected][email protected]@@@s [email protected]@QEAAXXZ = 0x000000014120F692
[email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@[email protected]@Z = 0x000000014120902F
[email protected][email protected]@[email protected]@@[email protected]@QE [email protected]@Z = 0x00000001412094A0
[email protected][email protected][email protected]@[email protected]@V [email protected]@[email protected]@[email protected]@[email protected]?$ch [email protected]@[email protected]@[email protected]@[email protected]@[email protected] = 0x0000000141209978
[email protected][email protected]@[email protected]@V? [email protected]@[email protected]@[email protected]@QEAAXXZ = 0x00000001412099A4
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected] = ??? (faked it with ??0?$basic_string below for fun)
[email protected][email protected][email protected]@[email protected]@V?$all [email protected]@[email protected]@[email protected]@[email protected]@Z = ??? (faked it with ??0?$basic_string for fun)
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@@Z = ??? (faked it with [email protected][email protected] for fun)
[email protected][email protected][email protected]@[email protected]@V?$all [email protected]@[email protected]@[email protected]@QEBA_KXZ = (bug same as &[email protected][email protected][email protected][email protected]@@V [email protected][email protected]@@[email protected]@QEBA_KXZ) = 0x000000014120428D
[email protected]@[email protected]@[email protected]@[email protected]@[email protected] @[email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@Z = 0x00000001411F55E7
&[email protected][email protected]@@[email protected][email protected]@@ [email protected]@[email protected][email protected][email protected] [email protected]@[email protected][email protected]@@[email protected]@Z = 0x00000001411F55E7 (same as above)
[email protected][email protected][email protected]@[email protected]@V?$al [email protected]@[email protected]@[email protected]@QEBAPEBGXZ = (bug same as &[email protected][email protected][email protected][email protected]@@V? [email protected][email protected]@@[email protected]@QEBAPEB_WXZ) = 0x00000001411F50F7
[email protected][email protected][email protected]@[email protected]@V?$al [email protected]@[email protected]@[email protected]@QEBAPEBDXZ = (bug same as &[email protected][email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@IEAAPEADXZ)
[email protected][email protected][email protected][email protected]@@V?$ [email protected][email protected]@@[email protected]@QEBAPEB_WXZ = 0x00000001411F50F7
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@Z = (bug same as &[email protected][email protected][email protected]@@V?$all [email protected][email protected]@@[email protected]@[email protected][email protected])
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@@Z = (bug same as below) 0x00000001411F609E
[email protected][email protected][email protected]@@V?$allo [email protected][email protected]@@[email protected]@[email protected]@@Z = 0x00000001411F609E
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected] = 0x00000001411F5BF6
[email protected][email protected][email protected]@[email protected]@@s [email protected]@QEAAXXZ = 0x000000014120FAFE
[email protected][email protected][email protected]@[email protected]@ @[email protected]@QEAAXXZ = 0x000000014120FFA6
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@Z = 0x0000000141210468
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@Z = (bug same as &[email protected][email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@[email protected]@Z)
[email protected][email protected][email protected]@[email protected]@V?$al [email protected]@[email protected]@[email protected]@QEBA_NXZ = (bug same as &[email protected][email protected][email protected][email protected]@@V? [email protected][email protected]@@[email protected]@QEBA_NXZ)
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected] = (bug same as &[email protected][email protected]@[email protected]@V?$alloc [email protected]@[email protected]@[email protected]@[email protected][email protected]@[email protected]@Z)
[email protected]@[email protected]@[email protected]@[email protected]@[email protected] @[email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@Z = 0x000000014124DA34
[email protected][email protected]@@QEBA_NXZ = 0x000000014120E2B8
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@@Z = 0x00000001411C978D
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@Z = 0x00000001411CD472
[email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@[email protected] = 0x00000001411C9C1F (69) (1411C919D)
[email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@[email protected] = 0x000000014124D656 (1 jmp, 3 calls to jmp) (removed) (converted to first address) (1411C919D) (duplicate jmp 100% checked)
[email protected][email protected][email protected]@[email protected] @@[email protected]@[email protected] = 0x000000014120CB5A
[email protected][email protected][email protected]@@[email protected] = 0x000000014120D023
[email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected][email protected]@[email protected]@Z = 0x0000000141232C7E
[email protected][email protected][email protected][email protected]@@V?$ [email protected][email protected]@@[email protected]@QEBA_NXZ = 0x0000000141233134
[email protected][email protected][email protected]@[email protected]@V?$a [email protected]@[email protected]@[email protected]@[email protected]@Z = 0x00000001412335F2
[email protected][email protected][email protected]@[email protected]@V?$a [email protected]@[email protected]@[email protected]@IEAAPEADXZ = 0x0000000141233B4E
[email protected][email protected][email protected][email protected]@@V? [email protected][email protected]@@[email protected]@QEBA_KXZ = 0x000000014120428D
[email protected][email protected][email protected]@@V?$allo [email protected][email protected]@@[email protected]@[email protected][email protected] = 0x00000001411F489C

MSVCR90

__imp_tanf = 0x0000000141264508
__imp_powf = 0x0000000141263D16
__imp_log10f = 0x000000014126383E
__imp_logf = 0x00000001412630BB
__imp_expf = 0x000000014126229E
__imp_atan2f = 0x000000014126225D
__imp_atanf = 0x0000000141261DF7
__imp_asinf = 0x00000001412615DB
__imp_acosf = 0x0000000141261596
__iob_func = 0x00000001412474C1
fflush = 0x0000000141246C52
iswalpha = 0x00000001412449A1
iswcntrl = 0x0000000141244E29
iswalnum = 0x000000014124456D
isxdigit = 0x0000000141243C33
iswdigit = 0x000000014124355E
iswxdigit = 0x00000001412437A5
toupper = 0x0000000141242EEE
wcstod = 0x000000014124211D
wcstol = 0x0000000141242550
__imp__setjmp = 0x000000014126110D
longjmp = 0x0000000141241C9F
__imp_fmod = 0x0000000141260C82
_vswprintf = 0x0000000141240AF1
wcsncpy = 0x000000014122D14F
_wcsdup = 0x0000000141238C22
_strdup = 0x0000000141238830
strtoul = 0x00000001412381B8
_atoi64 = 0x000000014123751B
wcstoul = 0x00000001412327FA
_gmtime64 = 0x000000014124917A
_wgetenv = 0x0000000141247914
_wsystem = 0x0000000141247DD1
clock = 0x00000001412481C3
_wrename = 0x0000000141248CC3
iswspace = 0x000000014124963B
isprint = 0x0000000141249AAC
isdigit = 0x0000000141249A8A
isupper = 0x000000014124B93B
islower = 0x000000014124B559
ispunct = 0x000000014124B107
iscntrl = 0x000000014124AC79
strrchr = 0x000000014126CF2C
__imp_fmodf = 0x0000000141264AFB
strncpy_s = 0x000000014124F548
strcat_s = 0x000000014124EEC0
strtok_s = 0x000000014124FD3C
_splitpath_s = 0x000000014124E79E
qsort = 0x000000014126D304
strcspn = 0x0000000141250AAC
__imp_getenv_s = 0x0000000141250FD4
exit = 0x000000014125380D
[email protected]@YAXXZ = 0x0000000141264FD5
__imp__unlock = 0x0000000141266984
__imp___dllonexit = 0x0000000141266EFA
_encode_pointer = 0x000000014125580C
__imp__lock = 0x0000000141267296
_onexit = 0x000000014125535E
_decode_pointer = 0x0000000141254F0F
__imp__amsg_exit = 0x0000000141267677
__wgetmainargs = 0x000000014125DED0
__imp__XcptFilter = 0x0000000141267AFE
_exit = 0x000000014125F35F
_cexit = 0x000000014125EB7F
_wcmdln = 0x000000014125E7BA
__imp__initterm_e = 0x0000000141268464
_configthreadlocale = 0x000000014126065F
__setusermatherr = 0x0000000141260190
_commode = 0x000000014125F958
_fmode = 0x000000014125F93E
__set_app_type = 0x00000001412605FE
__imp___crt_debugger_hook = 0x0000000141268E12
[email protected][email protected]@ QEAAXXZ = 0x00000001412691EB
memchr = 0x000000014126D36E
atol = 0x00000001411D0E0A
__imp__initterm = 0x0000000141267F2C
_wtof = 0x000000014123237B
fprintf_s = 0x000000014123401E
_beginthreadex = 0x000000014121633C
printf = 0x0000000141214836
strchr = 0x0000000141236CBA
isalnum = 0x000000014124A2C2
isalpha = 0x00000001412129DF
tolower = 0x0000000141242A32
isspace = 0x000000014124A7E9
atof = 0x0000000141237994
atoi = ??? 0x00000001411D0E0A (bad this one is replaced with atol instead.)
strcpy_s = 0x000000014124DFC5
__imp__abs64 = 0x000000014125DABA
fopen_s = 0x00000001412344C2

wtf is this?
------------------
sprintf = 0x000000014121A335 (14121904E) (2) is it really (removed and replaced with bottom one)sprintf? or not? why the cmp import address dont match
sprintf _wrapper call 1x = 0x00000001406D9490 (wrapper) (removed replaced with bottom one)
sprintf _wrapper call 2x = 0x00000001406D8B00 (wrapper 2x) (removed replaced with bottom one)
--------------------
sprintf = 0x0000000141206BD6 (no wrapper call to import) (141205017) (5) real one probably ???


__imp_cosf = 0x000000014125C03B
__imp_sinf = 0x000000014125C90F
fgets = 0x0000000141206177
sscanf = 0x00000001412066AD
_wcsnicmp = 0x0000000141205D8C
ldiv = 0x0000000141204222 (this one is really ldiv..) (141203084)
div = 0x0000000141206B88 (not duplicate with ldiv.. although both show as ldiv..) (1412073CD)
ftell = 0x00000001412501EF (141245019) (4)
ftell = 0x000000014124636A (141245019) (1) (removed) (converted to first address) (duplicate jmp qword 100% checked)
__imp_sqrtf = 0x000000014125BFE4
realloc = 0x0000000141241403
strnlen = ???
_ultoa_s = ??? (faked with it inet_ntoa)
wcsncpy_s = 0x000000014028E700
__imp___C_specific_handler = 0x000000014125BB44 (good guess no way to tell)
__imp_memcmp = 0x000000014125B23D
_recalloc = 0x00000001411FF6CB
malloc = 0x00000001411FFAD1
_wcsnicoll = 0x00000001411F892A
__imp_ceilf = 0x000000014125A98C
__imp_floorf = 0x000000014125B233
_itow = 0x00000001411F6E3D
__imp_abs = 0x00000001412572CE (565) (14125701C) (jmp) (100% abs)
__imp_labs = 0x000000014125A935 (24) (14125915A) (jmp) (100% labs)
__imp_strstr = 0x00000001411E3C6E
wprintf = 0x00000001411E9C8C
srand = 0x00000001411F3F90
_strupr = 0x00000001411F3BB7
strncpy = 0x00000001411F373D (4) (call) (1411F3024)
strncpy = 0x0000000141271C0D (6) (jmp) (1411F3024) (removed) (converted to first address)
__imp_strcpy = 0x000000014125A4CC
memmove_s = 0x00000001411CCC8D
wcsstr = 0x00000001411C5361 (5) (1411C5003) (call)
wcsstr = 0x00000001411C6503 (13) (1411C5003) (jmp) (removed) (converted to first address)
fseek = 0x00000001411EFEB5 (8) (call) (1411EF04F)
fseek = 0x0000000141245EBD (3) (jmp) (1411EF04F) (removed) (converted to first address)
fwrite = 0x00000001411EF5B6 (47) (call) (1411EEFFD)
fwrite = 0x0000000141245A7C (1) (jmp) (1411EEFFD) (removed) (converted to first address)
_itow_s = 0x00000001401579C0
sprintf_s = 0x00000001411EDF26
_wtoi64 = 0x00000001411EA3FA
__imp_sqrt = 0x0000000141259D86
__imp_pow = 0x00000001412594C7
strncmp = 0x00000001411D098C
feof = 0x00000001411E947E
_vsnprintf_s = 0x00000001411C6A7E
_wcslwr = 0x00000001411E86EA
wcsncmp = 0x00000001411E82C9
_wcsicoll = 0x00000001411E7970
wcschr = 0x00000001411C6090
wcstok = 0x00000001411E7531
fopen = 0x00000001411F333E
__imp__stricmp = 0x0000000141251319
memmove = 0x00000001412568CE
_localtime64 = 0x00000001412115C2
_mktime64 = 0x0000000141206B41
[email protected]@@[email protected] = 0x00000001411CA8B9
_time64 = 0x00000001411F43F3
[email protected][email protected] = 0x00000001412547F2 (jmp) (1) ?? whats this
[email protected][email protected] = 0x0000000141255C4F (jmp) (1) new(); (void *__stdcall operator new(unsigned __int64))
[email protected]@Z = 0x0000000141255C28 (jmp) (1) (void __stdcall operator delete[](void *))
[email protected]@Z = found look up delete
[email protected]@Z = found look up delete[]
__imp_memcpy = ??? (bad/bug? this is really memmove used instead)
wcscmp = 0x00000001411D500E
__imp_fclose = 0x00000001411D2630 (call) (95) (1411D11D0)
__imp_fclose = 0x0000000141247037 (jmp) (1) (1411D11D0) (removed) (converted to first address)
__imp__wfopen = 0x00000001411D1926 (call) (73) (1411D10CD)
__imp__wfopen = 0x00000001412451DF (jmp) (1) (1411D10CD) (duplicate jmp 100% checked)
__CxxFrameHandler2 = 0x0000000141253CD0
__imp___CxxFrameHandler3 = 0x0000000141253CD0 (same as CxxFrameHandler2)
[email protected][email protected] = found look up aka new();
_purecall = 0x0000000140C56290
_aligned_malloc = 0x00000001411D667D (call) (1) (1411CB0A5)
_aligned_malloc = 0x00000001411CBEFF (jmp) (1) (1411CB0A5) (removed) (converted to first address)
_aligned_free = 0x00000001411CC377
_aligned_realloc = 0x00000001411D6B18 (call) (1) (1411CB0E3)
_aligned_realloc = 0x00000001411CC7D1 (jmp) (1?) (1411CB0E3) (removed) (converted to first address)
memcpy_s = 0x00000001411D6184
__imp_memset = 0x0000000141256DD1
_wstrtime = 0x000000014120392D
wcslen = 0x00000001411D3D15
_wstrdate = 0x0000000141203573
fgetws = 0x00000001411D1D64
fwscanf = 0x00000001411D1D75
wcscpy = 0x00000001411DEAA7
wcsrchr = 0x000000014000CBC0
_vsnwprintf_s = 0x00000001411C4FC0 (this is a guess.. so not sure 100% not _vsnprintf_s) (1411C4F76)
_vsnwprintf_s = 0x00000001411C897C (duplicate also good 100% checked) (1411C7214)
setlocale = 0x00000001411D8776
_set_purecall_handler = 0x00000001411D82D0
_vswprintf_c_l = 0x00000001411DE65D
swscanf = 0x00000001411E2F51
fprintf = 0x00000001411E338F
_wtoi = ??? (bug same as _wtol)
_wtol = 0x00000001411E7DF0
__imp_fabs = 0x0000000141258719
__imp_strcmp = 0x0000000141258BCA
_wremove = 0x00000001412486C4
__imp_strlen = 0x000000014125905F (faked it also with strnlen cause i can't find it)
rand = 0x00000001411E5238
__imp_free = 0x00000001411E40E1 (21) (call) (1411E3123)
__imp_free = 0x0000000141259496 (1) (jmp) (1411E3123) (removed) (converted to first address)
_wcsicmp = 0x00000001411E4DED
fread = 0x00000001411E5633 (32) (call) (1411E502D)
fread = 0x000000014124565E (2) (jmp) (1411E502D) (removed) (converted to first address)
fwprintf = 0x00000001411E5AE2
__imp_abs = (found abs above..)
_snprintf = 0x00000001411E660B
_wcsupr = 0x00000001411F2554
__imp__CxxThrowException = 0x0000000141257694
[email protected]@@[email protected]@Z = 0x00000001411CF007
[email protected]@[email protected]@UEBAPEBDXZ = ??? (faked with CxxThrowException)
[email protected]@@[email protected]@@Z = ??? (faked with CxxThrowException)
[email protected]@@[email protected] = ??? (faked with CxxThrowException)


OLEAUT32

VarUI4FromStr = 0x00000001411FE4D2

SHELL32

ShellExecuteA = ??? (faked it with ShellExecuteW)
ShellExecuteW = 0x00000001411F118C
SHFileOperationW = 0x00000001411D7D58

SHLWAPI

PathAddBackslashA = 0x000000014121CFF8
PathAddExtensionA = 0x000000014121D45B
PathAppendA = 0x000000014121DE2B
PathCanonicalizeA = 0x000000014121E701
PathIsDirectoryA = 0x000000014121EB9E
PathIsRelativeA = 0x000000014121EFEF
PathUnquoteSpacesW = 0x000000014122CA1A
PathQuoteSpacesW = 0x000000014122C199
PathCommonPrefixW = 0x000000014122BCB6
PathGetDriveNumberW = 0x000000014122B8B9
PathStripPathW = 0x000000014122B2F5
PathRemoveExtensionW = 0x000000014122AE42
PathStripToRootW = 0x000000014122A95E
PathRenameExtensionW = 0x000000014122A464
PathRemoveFileSpecW = 0x0000000141229AEC
PathRemoveBlanksW = 0x0000000141229B02
PathRemoveArgsW = 0x000000014122963D
PathRemoveBackslashW = 0x00000001412291CC
PathFindFileNameW = 0x0000000141228D94
PathFindExtensionW = 0x000000014122881F
PathFileExistsW = 0x00000001412283FE
PathIsPrefixW = 0x0000000141227EB1
PathIsUNCW = 0x00000001412279B4
PathIsSameRootW = 0x0000000141227443
PathIsRootW = 0x000000014122763A
PathIsRelativeW = 0x0000000141226B8D
PathIsDirectoryW = 0x00000001412266BA
PathCanonicalizeW = 0x0000000141225F63
PathAppendW = 0x0000000141225BAB
PathAddExtensionW = 0x0000000141225A12
PathUnquoteSpacesA = 0x0000000141224E56
PathQuoteSpacesA = 0x0000000141224A21
PathCommonPrefixA = 0x0000000141224514
PathGetDriveNumberA = 0x00000001412240BB
PathStripPathA = 0x0000000141223D1D
PathRemoveExtensionA = 0x00000001412235FC
PathStripToRootA = 0x0000000141222E94
PathRenameExtensionA = 0x0000000141222991
PathRemoveFileSpecA = 0x0000000141222512
PathRemoveBlanksA = 0x000000014122201D
PathRemoveArgsA = 0x00000001412217E4
PathRemoveBackslashA = 0x00000001412213DA
PathFindFileNameA = 0x0000000141220F9C
PathFindExtensionA = 0x0000000141220AF1
PathFileExistsA = 0x00000001412209B9
PathIsPrefixA = 0x0000000141220200
PathIsUNCA = 0x000000014121FDA6
PathIsSameRootA = 0x000000014121F947
PathIsRootA = 0x000000014121F449
PathAddBackslashW = 0x00000001412252A7

USER32

GetForegroundWindow = 0x00000001411E17B3
IsIconic = 0x00000001411E1C2D
PostQuitMessage = 0x00000001411E26B4
DefWindowProcW = 0x00000001411E2A84
LoadIconW = 0x00000001411D94A5
LoadCursorW = 0x00000001411D98CB
RegisterClassW = 0x00000001411DA61F
GetSystemMetrics = 0x00000001411DA78E
CreateWindowExW = 0x00000001411DAC52
UpdateWindow = 0x00000001411DB0C1
GetSystemMenu = 0x00000001411DB9F5
EnableMenuItem = 0x00000001411DBE52
DestroyWindow = 0x00000001411DC28A
LoadAcceleratorsW = 0x00000001411DC2CA
PeekMessageW = 0x00000001411DCB4C
TranslateAcceleratorW = 0x00000001411DD07D
TranslateMessage = 0x00000001411DD49A
DispatchMessageW = 0x00000001411DD978
ReleaseDC = 0x00000001411E05E7
GetDC = 0x00000001411E05D3
SendDlgItemMessageW = 0x00000001411E5F03
MessageBoxA = 0x00000001411E8BEF
SendMessageW = 0x00000001411ED66A
GetDlgItem = 0x00000001411ECD04
MoveWindow = 0x00000001411EB11C
CreateDialogParamW = 0x00000001411EAD04
SendDlgItemMessageA = 0x00000001411E9034
EnableWindow = 0x00000001411EEC95
IsWindow = 0x00000001411EA8FA
GetWindowRect = 0x00000001411EB532
GetDlgItemTextW = 0x00000001411EC8A7
KillTimer = 0x00000001411EC3DB
SetTimer = 0x00000001411EBDBE
ShowWindow = 0x00000001411D544A
MessageBoxW = 0x00000001411D2F70
UnregisterClassA = 0x000000014126C279
MapVirtualKeyW = 0x00000001411E0F10
PostMessageW = 0x000000014120546C
IsDialogMessageW = 0x00000001412028A5
CharNextW = 0x00000001411FC06F
DestroyCursor = 0x00000001411F6A4D
PtInRect = 0x00000001411F2F95
GetDlgItemTextA = 0x00000001411F0786
CheckRadioButton = 0x00000001411EF0F4
SetDlgItemTextW = 0x00000001411EE826
IsDlgButtonChecked = 0x00000001411EE334
SetWindowTextW = 0x00000001411ED162

WINMM

timeBeginPeriod = 0x0000000141201FFC
timeEndPeriod = 0x0000000141201B7E
timeGetTime = 0x00000001411DDD76


WS2_32

WSACleanup = 0x0000000141216C69
inet_addr = 0x00000001411E6FB4
WSARecv = 0x000000014121CBD7
WSASend = 0x000000014121C6C7
send = 0x000000014121C1C5
recv = 0x000000014121BABD
ntohs = 0x0000000141211AD5 (14121104F) (call) (5) (100% ntohs)
htons = 0x00000001412125DC (14121109D) (call) (7) (100% htons)
ntohl = 0x00000001412120C5 (141211095) (call) (6) (100% htonl)
gethostbyname = 0x0000000141212E54
inet_ntoa = 0x000000014121328C
WSAGetLastError = 0x0000000141213FE2
ioctlsocket = 0x0000000141213F8E
WSASocketA = 0x0000000141213276
closesocket = 0x00000001412143D8
WSAStartup = 0x0000000141216396
WSACloseEvent = 0x0000000141219ED6
accept = 0x0000000141219492
WSAEnumNetworkEvents = 0x0000000141219057
WSAResetEvent = 0x0000000141218B16
listen = 0x000000014121870F
WSAEventSelect = 0x000000014121820D
bind = 0x0000000141217DD5
setsockopt = 0x00000001412179D2
WSAWaitForMultipleEvents = 0x0000000141217555
WSACreateEvent = 0x0000000141217028
htonl = 0x00000001412120C5 (141211095) (same as ntohl)
connect = 0x000000014121B636


d3dx10_39 and d3dx9_39

D3DX10CompileFromMemory = 0x0000000140930E36
D3DXAssembleShader = 0x000000014126BBF4
D3DXAssembleShaderFromFileA 0x000000014126B71B
D3DXMatrixTranspose = 0x0000000141269717
D3DXGetPixelShaderProfile = 0x00000001412696C7
D3DXGetVertexShaderProfile = 0x0000000141269FF9
D3DXGetShaderConstantTable = 0x000000014126A486
D3DXCompileShader = 0x000000014126B21F
D3DXCompileShaderFromFileA = 0x000000014126AE1F

OLE32

CoInitialize = 0x0000000141200D66
CoTaskMemRealloc = 0x00000001411FCD4F
CoTaskMemFree = 0x00000001411FB71B
CoTaskMemAlloc = 0x00000001411FC467
CoCreateInstance = 0x00000001411F9609
CoUninitialize = 0x00000001411E2139
Here is a Scylla Tree load up xml file
Attached Files
File Type: rar Atlantica_dump_64_FullyLoaded.rar (5.09 MB, 1 views)



HighGamer. is offline  
Thanks
1 User
Old 07/04/2020, 18:56   #2
 
elite*gold: 0
Join Date: May 2009
Posts: 82
Received Thanks: 29
(Some of my work, I have not had time to continue but it is good to be able to help us.)
IAT Offset Función
----------- --------
1412672A9 GetSystemTimeAsFileTime
1411DF04A GetCurrentProcessId
1411CB015 GetCurrentThreadId
1411E51AC GetTickCount
1411CB242 QueryPerformanceCounter
14125D14D GetStartupInfow
1412672C7 __crt_debugger_hook
1412672C1 _initterm_e
141267271 _initterm
1411FF0E4 malloc
14124107C realloc
1411E3123 free
1408E3C58 memset jmp básico
1408E3DB2 memcmp jmp básico
1408E3BEA memmove jmp básico
1411D11FC GetLocalTime
141245238 __iob_func
1411D30EE GetCommandLineW
1411D4FF5 wcscmp
1411D7068 _set_purecall_handler
1411D70A5 setlocale
1411D30B2 GetSystemDefaultLangID
1411D10CD _wfopen
1411D11D0 fclose
1411D30D5 Sleep
1411D303E CopyFileW
141253037 _exit
14125D1D5 _amsg_exit
1411DB117 _vswprintf_c_l
1411DB10F OutputDebugStringW
1411F503F std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator
1411F501D std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator
14126501D ??no existe
1412072B2 ??no existe
14125F000 __set_app_type
141255175 _encode_pointer
1411C7214 _vsnwprintf
1412250D0 PathIsRelativeW
141227011 PathIsRootW
141226FFE desconocido
14122906E PathRemoveFileSpecW
1411D3079 wsclen
141225026 PathAddBackslashW
14122502E ??no existe Desconocido
141225058 PathAppendW
141225058 PathAppendW
14122702E PathFileExistsW
1411DF01E CreateFileW
1411F109F WriteFile
141255235 operator new
1408E3A4C operator delete jmp básico
1411D10F3 fgetws
1411E112F swscanf
1411D3071 DeleteFileW
141253134 _decode_pointer
14125502F _onexit
14125520D operator delete[]
14122B139 SetUnhandledExceptionFilter
1411E9029 RtlInitializeCriticalSection
14120106E FindFirstFileW
14123105C SetFileAttributesW
141211010 FindNextFileW
141201076 FindClose
141231064 RemoveDirectoryW
1411CB22B RtlEnterCriticalSection
1411E9057 wprintf
1411CB066 RtlLeaveCriticalSection
141203027 _wstrdate
141203055 _wstrtime
1411E50C7 fwprintf
1411D70C4 OpenMuteW
1411E3098 SetFilePointer
1411D70E9 CreateMuteW
1411D711E LoadIconW
1411D71DB LoadCursorW
1411D7214 GetStockObject
1411D721C RegisterClassW
1411D7242 GetSystemMetrics
1411D7285 CresteWindowExW
1411CF119 Closehandle
1411D501C ShowWindow
1411DAFF7 UpdateWindow
1411DAFFF LoadLibraryW
1411D7002 CreateDirectoruW
1411D700A SHFileOperationW
1411DB019 GetSystemmenu
1411DB021 EnableMenuItem
1411FF180 CoinInitialize
1411F7087 GetCurrentDirectoryw
141201044 SetCurrentDirectoryW
1411E7180 _wcslwr
1411EB060 SetTimer
1411CF0EB GetFileSize
1411CF111 ReadFile
14120503A _wcsnicmp
1411E3253 _wcsicmp
1412690AA ?? no existe ??
1412690D5 ?? no existe ??
141269108 ?? no existe ??
141269160 ?? no existe ??
14126917E ?? no existe ??
141269256 ?? no existe ??
14126B03B ?? no existe ??
14126B07D ?? no existe ??
14126B0B7 ?? no existe ??
1411CB210 RtlDeleteCriticalSection
1411E3123 free
1412530AF ?? no existe ??
14125701C abs
1411C9086 ?? no existe ??
141257106 ?? no existe ??
1411C500B wscchr
1411C5003 wcsstr
14126501D RtlCaptureContex [Reparado y creado por mi]
141271061 RtlLookupFuntionEntry [Reparado y creado por mi]
14126F24B RtlVirttualUnwind
141265117 IsDebuggerPreset
14126686B UnhandleExceptionFilter
1411DF052 GetCurrentProcess
141265266 TerminateProcess
1411D30D5 Sleep
14125F059 _exit
1411D1204 MessageBoxW
141225060 PathCanonicalizeW
1411F70F6 _wscnicoll
1411E70DD _wtol
1411E1108 NtdllDefwindowProc_W
1411DF070 GetDC
1411DF078 ReleaseDC
1411E1010 GetForegroundWindow
141213073 ioctlsocket
1412130BC Closesocket
14121307B WSAGetLastError
1412130F1 printf
141211095 ntohl
14121109D htons
1411C7142 lstrlenW
1411E10A0 CoUninitialize
1411E1100 PostQuitMessage
14123F1EF _vswprintf
1411C7187 WideCharToMultiByte
1411E5025 rand
1411DB03B DestroyWindow
1411DF0A6 MapVirtualKeyW
1411E1008 InitCommonControls
1411E1077 IsIconic
1411F2FFE fopen
1411E3090 fprintf
14120501F StrCmpW
141205017 sprintf
14122D12E UnmapViewOfFile
1412350B6 CreateMutexA
141235226 CreateFileMappingA
14122D116 MapViewOfFile
14121506C WaitForSingleObject
1408E3D7C strcmp jmp básico
1408E3D82 strlen jmp básico
1411E3123 free jmp básico
1412590A8 sqrt jmp básico
1408E3D9A strcpy jmp básico
1408E3DA6 ceilf jmp básico
1408E3DAC floorf jmp básico
1408E3DBE sqrtf jmp básico
1408E3DC4 cosf jmp básico
1408E3DCA sinf jmp básico
1411D504F ReleaseMute
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
IAT de la pila debajo del EP
14125F13F fmod
141261060 _setjpm
14126107F acosf
1412610C7 asinf
14126111E atanf
1412611A3 atan2f
1412611AB expf
141263048 logf
141263050 log10f
1412630D6 powf
141263175 tanf
1412632DE fmodf
141265015 terminate
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
0000000140EC3380 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC64CC tenía un bit con un 1 y debería estár seteado en 0
0000000140EC655C tenía un bit con un 1 y debería estár seteado en 0
0000000140EC661C tenía un bit con un 1 y debería estár seteado en 0
0000000140EC66A0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC46D8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4780 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC48D0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC49E8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4B48 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4D08 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4E10 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4EE8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5108 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5274 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5314 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4AA0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4AA0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4828 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC2C88 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5E08 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5EB0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5B80 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5CBC tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5A98 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3728 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3C18 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3D48 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3FA8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC40D8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3E78 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4208 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC39B8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3AE8 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4338 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4468 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3888 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC4598 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC55E0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC680C tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5A7C tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5974 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5828 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5698 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5538 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5C28 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC6434 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC5F58 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC60C0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC6168 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC63A4 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC58D0 tenía un bit con un 1 y debería estár seteado en 0
0000000140EC3278 tenía un bit con un 1 y debería estár seteado en 0
-----------------------------------------------------------------------
-----------------------------------------------------------------------
My suspicions about this is that the packer intentionally sets these offsets to 1 to avoid skipping their security of detecting debuggers and being forced to follow the path that the packer traced, therefore what I did was skip all that security and go directly to the offset of the true entry point and set those offsets to 0 so that there is no error when executing the clean code, my recommendation is that you use this entry point, since I did tests and it works perfectly to the point The window appears already running, but I could not continue building due to lack of time.
(00000001408E41A8 <- True Entry Point)


Triacman is offline  
Thanks
2 Users
Old 07/05/2020, 10:11   #3
 
elite*gold: 0
Join Date: May 2014
Posts: 1,043
Received Thanks: 233
Wow thanks for all your hard work Traicman that will help me solve it faster.. yeah that's the same OEP i use as well.. although my game doesn't load to the window how you are able too but its okay I did start messing with the imports trying to import them incorrectly so thats understandable why it doesn't work.

Ya I also found the same OEP doing a xref references scan and found the exact sub rsp, 0x28 which is the same in the old server..

I'll start combining your imports into my list to see how far I can get.

You got the window running meaning you got it all working great but its still better to clean the imports completely so you can see in IDA all the calls correctly and stuff.. and lots of code is not disassembled correctly because of the invalid opcodes being read after the modified CALL instructions.

I'll see how far I can get tomorrow on this

also looks like your imports addresses are for after the pushfq
cmp qword ptr ds:[0x000000014125D14D], 0x0

thats where the are decrypted I guess ya.. but I plan to just replacing the pushfq area's with the new addresses for the imports when I'm done all that crap after it will just stay there.

I was trying to figure out a pattern for all the import address offsets to see if I could just generate them from finding the ones above it or below it etc.. but it looks like they swap them all around in random order before applying it so its pointless.

Quote:
141253037 _exit is wrong it suppose to be 14125F059,
which you also got
14125F059 _exit

141253037 is actually exit without the _ symbol
Quote:
14125D1D5 _amsg_exit is wrong i think its suppose to be 141267171

14125D1D5 is actually unknown.. but also a import from jmp[0x14125D169]

in the unpack dump the code looks like this


in the original server it also has a _amsg_exit but it's close.. but i dont think its the right one
Contributed to your work a little.. and added some of your imports to my list.
Quote:
(Some of my work, I have not had time to continue but it is good to be able to help us.)
IAT Offset Funci?n
----------- --------
1412672A9 GetSystemTimeAsFileTime got perfect
1411DF04A GetCurrentProcessId got perfect
1411CB015 GetCurrentThreadId got perfect
1411E51AC GetTickCount got perfect
1411CB242 QueryPerformanceCounter got perfect
14125D14D GetStartupInfow got perfect
1412672C7 __crt_debugger_hook got perfect
1412672C1 _initterm_e ?
141267271 _initterm ?
1411FF0E4 malloc got perfect
14124107C realloc got perfect
1411E3123 free got perfect
1408E3C58 memset jmp b?sico ?
1408E3DB2 memcmp jmp b?sico ?
1408E3BEA memmove jmp b?sico ?
1411D11FC GetLocalTime got perfect
141245238 __iob_func got perfect
1411D30EE GetCommandLineW got perfect
1411D4FF5 wcscmp got perfect
1411D7068 _set_purecall_handler got perfect
1411D70A5 setlocale got perfect
1411D30B2 GetSystemDefaultLangID got perfect
1411D10CD _wfopen got perfect
1411D11D0 fclose got perfect
1411D30D5 Sleep got perfect
1411D303E CopyFileW got perfect
141253037 exit got perfect
14125F059 _exit got perfect
14125D1D5 _amsg_exit unknown but its not _amsg_exit
1411F503F std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator found perfect
1411F503F [email protected][email protected]@[email protected]@V?$alloca [email protected]@[email protected]@[email protected]@[email protected]@@Z (same as below)
1411F503F [email protected][email protected][email protected]@@V?$allo [email protected][email protected]@@[email protected]@[email protected]@@Z (same as above)
1411F501D std::basic_string<unsigned short,std::char_traits<unsigned short>,std::allocator got perfect
1411F5003 &[email protected][email protected][email protected][email protected]@@V? [email protected][email protected]@@[email protected]@QEBAPEB_WXZ found this for you
141209010 &[email protected][email protected]@[email protected]@V? [email protected]@[email protected]@[email protected]@[email protected]@Z found this for you
141209018 &[email protected][email protected]@[email protected]@@[email protected]@Q [email protected]@Z found this for you
14120903A &[email protected][email protected][email protected]@[email protected]@ [email protected]@[email protected]@[email protected]@[email protected]?$c [email protected]@[email protected]@[email protected]@[email protected]@[email protected] found this for you
14120905B &[email protected][email protected]@[email protected]@V [email protected]@[email protected]@[email protected]@QEAAXXZ (my style import not your format won't work with your style)
141209074 &[email protected][email protected]@[email protected]@[email protected]
14120B4DF &[email protected][email protected]@@QEBA_JXZ (my style import not your format won't work with your style)
14120B045 &[email protected][email protected]@@QEBAHXZ found this for you
14120B06B &[email protected][email protected][email protected]@[email protected]@@[email protected]@QE BAGXZ found this for you
0x000000014120BD9D &[email protected][email protected][email protected]@[email protected]@@[email protected]@Q [email protected][email protected]@[email protected]@@2 @XZ (my style import not your format won't work with your style)
14120B0A0 &[email protected][email protected][email protected]@[email protected]@@ [email protected]@[email protected] found this for you
14120B0DB &[email protected][email protected][email protected]@std @@@[email protected]@[email protected] found this for you
14120CFFE &[email protected][email protected][email protected]@@[email protected] found this for you
14120D02B &[email protected][email protected][email protected]@[email protected]@@ [email protected]@[email protected] found this for you
14120D04A &[email protected][email protected]@@[email protected] found this for you
14120D052 &[email protected][email protected][email protected][email protected]@@@s [email protected]@[email protected] found this for you
14120F002 &[email protected]@@YA_NXZ found this for you
14120F046 &[email protected][email protected][email protected][email protected]@@@ [email protected]@QEAAXXZ found this for you
14120F082 &[email protected][email protected][email protected]@[email protected] @@[email protected]@QEAAXXZ found this for you
14123115F &[email protected][email protected]@[email protected]@V?$alloc [email protected]@[email protected]@[email protected]@[email protected][email protected]@[email protected]@Z found this for you
141233025 &[email protected][email protected][email protected][email protected]@@V? [email protected][email protected]@@[email protected]@QEBA_NXZ found this for you
14123302D &[email protected][email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@[email protected]@Z found this for you
14123304C &[email protected][email protected][email protected]@[email protected]@V?$ [email protected]@[email protected]@[email protected]@IEAAPEADXZ found this for you
1411C919D &[email protected][email protected]@[email protected]@V?$alloc [email protected]@[email protected]@[email protected]@[email protected] found this for you

1411C908E &[email protected][email protected]@[email protected]@V?$alloc [email protected]@[email protected]@[email protected]@[email protected]@@Z found this for you
1412030B6 &[email protected][email protected][email protected][email protected]@@V [email protected][email protected]@@[email protected]@QEBA_KXZ found this for you
1412030B6 &[email protected][email protected][email protected]@[email protected]@V?$al [email protected]@[email protected]@[email protected]@QEBA_KXZ (same as above)

1411F321F &[email protected][email protected][email protected]@@V?$all [email protected][email protected]@@[email protected]@[email protected][email protected] found this for you

14120D067 &[email protected][email protected]@@QEBA_NXZ found this for you
14120D086 &[email protected][email protected][email protected]@[email protected]@@[email protected]@QEB [email protected][email protected]@[email protected]@@[email protected] found this for you
14120D099 &[email protected][email protected][email protected]@[email protected]@@st [email protected]@[email protected] found this for you

1411CB1BA &[email protected][email protected]@[email protected]@V?$alloc [email protected]@[email protected]@[email protected]@[email protected]@Z found this for you

14124D000 &[email protected]@[email protected]@[email protected]@[email protected]@std @@[email protected][email protected]@[email protected]@V? [email protected]@[email protected]@[email protected]@Z found this for you

14120F0E6 &[email protected][email protected]@[email protected]@V?$alloc [email protected]@[email protected]@[email protected]@[email protected]@Z

1411F500B &[email protected]@[email protected]@[email protected]@[email protected]@std @@[email protected][email protected]@[email protected]@V? [email protected]@[email protected]@[email protected]@Z
1411F500B &[email protected][email protected]@@[email protected][email protected]@@ [email protected]@[email protected][email protected][email protected] [email protected]@[email protected][email protected]@@[email protected]@Z (same as above)

1411F3024 strncpy
141205042 fgets (long jmps)
1411E9006 feof
141203084 ldiv
1412073CD div (not same as ldiv i guess?)
1411C91E4 &[email protected]@@[email protected]
1411CF018 &[email protected]@@[email protected]@Z
14126501D ??no existe
1412072B2 ??no existe
14125F000 __set_app_type got perfect
141255175 _encode_pointer got perfect
1411C7214 _vsnwprintf ?
1411C512E _vsnprintf_s found this for you
1411C4F76 _vsnwprintf_s found this for you (guess not sure 100%)
1411C7214 _vsnwprintf_s found this for you 100% good.
1411DB117 _vswprintf_c_l got perfect
1411DB10F OutputDebugStringW got perfect
1412250D0 PathIsRelativeW got perfect
141227011 PathIsRootW got perfect
141226FFE desconocido ?? found this it's PathIsSameRootW
14122906E PathRemoveFileSpecW thanks added to mine perfect
14122B005 PathStripPathW (lots of jmps)
141226FFE PathIsSameRootW (lots of jmps) (100% guess.. no xrefs)
141227006 PathIsUNCW (100% guess, no xrefs, also lots of jmps).
141227019 PathIsPrefixW (100% guess, no xrefs)
1411D3079 wcslen got perfect
14121D005 PathAddExtensionA
14121CFFD PathAddBackslashA
14121F007 PathIsRelativeA
14122704F PathFindExtensionW (lots of jmps)
141227057 PathFindFileNameW
141229026 PathRemoveBackslashW
141225026 PathAddBackslashW
141229041 PathRemoveArgsW (100% guess, no xrefs)
141229066 PathRemoveBlanksW (100% guess, no xrefs)
141229091 PathRenameExtensionW
141229099 PathStripToRootW
1412290BE PathRemoveExtensionW
14122B03A PathGetDriveNumberW
14122B0DE PathCommonPrefixW
14122B114 PathQuoteSpacesW (lots of jmps)
141223198 PathQuoteSpacesA
1412231AE PathUnquoteSpacesA
14121D10E PathIsDirectoryA
14122B11C PathUnquoteSpacesW (100% guess, no xrefs)
14121EFF6 PathIsRootA
14121EFFE PathIsSameRootA
14121F02D PathIsUNCA
14121F0B1 PathIsPrefixA
14121F0DE PathFindExtensionA
14121F0F4 PathFindFileNameA
14122100B PathRemoveBackslashA
141221030 PathRemoveArgsA (lots of jmps)
141221038 PathRemoveBlanksA
14122104B PathRemoveFileSpecA
141221088 PathRenameExtensionA
141223067 PathStripToRootA
14122310A PathRemoveExtensionA
141223112 PathStripPathA
14122317D PathGetDriveNumberA
14122502E ??no existe Desconocido
14122508D PathIsDirectoryW
14121D030 PathAppendA
141225058 PathAppendW got perfect
14122502E PathAddExtensionW
141223185 PathCommonPrefixA
14122702E PathFileExistsW got perfect
14121F0D6 PathFileExistsA
1411DF01E CreateFileW ?
1411F109F WriteFile
141255235 operator new
1408E3A4C operator delete jmp b?sico
1411D10F3 fgetws got perfect
1411E112F swscanf
1411D3071 DeleteFileW got perfect
141253134 _decode_pointer
14125502F _onexit
14125520D operator delete[]
14122B139 SetUnhandledExceptionFilter got perfect
1411E9029 RtlInitializeCriticalSection got perfect
14120106E FindFirstFileW
14123105C SetFileAttributesW
141211010 FindNextFileW got perfect
141201076 FindClose got perfect
141231064 RemoveDirectoryW
1411CB22B RtlEnterCriticalSection got perfect
1411E9057 wprintf got perfect
1411CB066 RtlLeaveCriticalSection got perfect
141203027 _wstrdate got perfect
141203055 _wstrtime got perfect
1411E50C7 fwprintf got perfect
1411D70C4 OpenMutexW got perfect
1411E3098 SetFilePointer got perfect
1411D70E9 CreateMutexW got perfect
1411D711E LoadIconW got perfect
1411D71DB LoadCursorW ?
1411D7214 GetStockObject got perfect
1411D721C RegisterClassW got perfect
1411D7242 GetSystemMetrics got perfect
1411D7285 CreateWindowExW got perfect
1411CF119 Closehandle ?
1411D501C ShowWindow got perfect
1411DAFF7 UpdateWindow got perfect
1411DAFFF LoadLibraryW got perfect
1411D7002 CreateDirectoryW ?
1411D700A SHFileOperationW ?
1411DB019 GetSystemMenu got perfect
1411DB021 EnableMenuItem got perfect
1411FF180 CoinInitialize
14121D038 GetCurrentDirectoryA got this for you.. your format
1411F7087 GetCurrentDirectoryW ?
141201044 SetCurrentDirectoryW got perfect
1411E7180 _wcslwr got perfect, thanks for thsi
1411EB060 SetTimer
1411CF0EB GetFileSize got perfect
1411CF111 ReadFile got perfect (lots of jmps)
14120503A _wcsnicmp got perfect, thanks new one
1411E3253 _wcsicmp got perfect, thanks new one
1412310F9 GetModuleFileNameA got this for you, your format
141231101 SetCurrentDirectoryA got this for you, your format
1412690AA ?? no existe ??
1412690D5 ?? no existe ??
141269108 ?? no existe ??
141269160 ?? no existe ??
14126917E ?? no existe ??
141269256 ?? no existe ??
14126B03B ?? no existe ??
14126B07D ?? no existe ??
14126B0B7 ?? no existe ??
1411CB210 RtlDeleteCriticalSection got perfect
1411E3123 free
1412530AF ?? no existe ??
14125701C abs
1411C9086 ?? no existe ??
141257106 ?? no existe ??
1411C500B wcschr got perfect
1411C5003 wcsstr got perfect
14126501D RtlCaptureContex [Reparado y creado por mi] got perfect
141271061 RtlLookupFuntionEntry [Reparado y creado por mi] got perfect (long time jumps)
14126F24B RtlVirtualUnwind got perfect
141265117 IsDebuggerPresent got perfect
14126686B UnhandledExceptionFilter (I get 1412651DE)? bad..?? (need checking)
1411DF052 GetCurrentProcess got perfect
141265266 TerminateProcess got perfect
1411D30D5 Sleep got perfect
1411D1204 MessageBoxW got perfect
141225060 PathCanonicalizeW got perfect
14121D074 PathCanonicalizeA
1411F70F6 _wscnicoll got perfect
1411E70DD _wtol same as _wtoi
1411E1108 NtdllDefwindowProc_W
1411DF070 GetDC got perfect
1411DF078 ReleaseDC got perfect
1411E1010 GetForegroundWindow got perfect
141213073 ioctlsocket got perfect
1412130BC Closesocket got perfect
14121307B WSAGetLastError got perfect
1412130F1 printf got perfect
141211095 ntohl
14121109D htons
1411C7142 lstrlenW got perfect
1411FF180 CoInitialize got this for you, your format
1411E10A0 CoUninitialize got perfect
1411FB0D2 CoTaskMemAlloc got this for you, your format
1411FB10C CoTaskMemRealloc got this for you, your format
1411FB038 CoTaskMemFree got this for you, your format
1411F9004 CoCreateInstance got this for you, your format (long jmps)
1411E1100 PostQuitMessage got perfect
14123F1EF _vswprintf
1411C7187 WideCharToMultiByte got perfect
1411E5025 rand got perfect
1411DB03B DestroyWindow got perfect
1411DF0A6 MapVirtualKeyW got perfect
1411E1008 InitCommonControls got perfect
1411E1077 IsIconic got perfect
1411F2FFE fopen thanks added to mine.
1411E3090 fprintf
14120501F StrCmpW
141205017 sprintf
14122D12E UnmapViewOfFile
1412350B6 CreateMutexA ?
141235226 CreateFileMappingA got perfect
14122D116 MapViewOfFile got perfect
14121506C WaitForSingleObject got perfect
1408E3D7C strcmp jmp b?sico suppose to be 0x14125715F i guess? bad
1408E3D82 strlen jmp b?sico
1411E3123 free jmp b?sico
1412590A8 sqrt jmp b?sico
1408E3D9A strcpy jmp b?sico
1408E3DA6 ceilf jmp b?sico (whats this?? can't find it)
1408E3DAC floorf jmp b?sico (whats this?? can't find it)
1411F7010 ceilf jmp (mines..)
1411F703F floorf jmp (mines..)
1408E3DBE sqrtf jmp b?sico
1408E3DC4 cosf jmp b?sico
1408E3DCA sinf jmp b?sico
1411D504F ReleaseMutex got perfect
14124B0C1 VirtualFree (lots of jmps)
1411F3160 srand
1411CF155 atol
141237093 strtoul (lots of jmps)
14123708B atof
141237030 _atoi64
14126D032 qsort
141241115 wcstod
141241157 wcstol
1412490F7 isalnum
1412110B4 isalpha
14124906E isdigit
141243061 isxdigit (lots of jmps)
141249121 iscntrl
14124B02E ispunct
14124B036 islower
14124B05D isupper
141211047 _localtime64
14124900B _gmtime64
1411F3168 _time64
1412051E6 _mktime64
14120109C timeBeginPeriod
141201094 timeEndPeriod
1411EB02A GetWindowRect
1411EB060 SetTimer (lots of jmps)
1411EB084 KillTimer
1411EB022 MoveWindow (lots of jmps)
1411E916C CreateDialogParamW
1411E908A IsWindow
141201108 IsDialogMessageW (lots of jmps)
1411DB043 LoadAcceleratorsW
1411E8FFE SendDlgItemMessageA
1411ED11A EnableWindow
1411F5074 DestroyCursor
1411F114F PtInRect
141204FF9 PostMessageW
1411EF071 GetDlgItemTextA (lots of jmps)
1411ED09A IsDlgButtonChecked
1411ED02A SetWindowTextW
1411F1097 ShellExecuteW (lots of jmps)
14127112E TlsFree (lots of jmps)
14123F1BE GetFileTime
14123F1E7 SetFileTime
1411F1118 _wcsupr
1411E517D _snprintf
14124537A _wremove
141245320 clock
14124528F _wsystem
14124524C _wgetenv
141245019 ftell
14124517E fflush
1411EF04F fseek
1411EEFFD fwrite
1411E502D fread
141243035 iswdigit
141243089 iswalnum
14124303D iswxdigit
14124124A toupper
14123903A ????unknown [0x0000000141239E20]
14123F14D ????unknown [0x000000014123FCE0]
141239001 ????unknown [0x00000001412394D7]
1411C9086 ????unknown [0x00000001411C92C8]
1411C91A5 ????unknown [0x00000001411CAD54]
1411C91A5 ????unknown [0x00000001411CA317] (duplicate)
1411C50A5 ????unknown [0x00000001411C5C6C]
1411CB0EB memmove_s
14126D064 memchr
1411C7052 strchr
1411FB0A9 wcsncpy_s
1412050CC sscanf
14123711B _strdup
141237123 _wcsdup
14122D020 wcsncpy
14120503A _wcsnicmp
141241196 tolower
1411E7180 _wcslwr
1411F30B0 _strupr
141231141 wcstoul
1412453C7 _wrename
141249037 iswspace
141231139 _wtof
1411E9082 _wtoi64
1411C7089 strstr
1411E9057 wprintf
1411F70F6 _wcsnicoll
1411FF0AE _recalloc
1411CB0A5 _aligned_malloc
1411CB0E3 _aligned_realloc
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
IAT de la pila debajo del EP
14125F13F fmod got perfect
141261060 _setjmp got perfect
1412410E0 longjmp got this for you, your format
14126107F acosf got perfect
1412610C7 asinf got perfect
14126111E atanf got perfect
1412611A3 atan2f got perfect
1412611AB expf ?
141263048 logf
141263050 log10f got perfect
1412630D6 powf ?
141263175 tanf ?
1412632DE fmodf got perfect
141265015 terminate ?
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
0000000140EC3380 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC64CC ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC655C ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC661C ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC66A0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC46D8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4780 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC48D0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC49E8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4B48 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4D08 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4E10 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4EE8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5108 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5274 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5314 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4AA0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4AA0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4828 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC2C88 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5E08 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5EB0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5B80 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5CBC ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5A98 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3728 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3C18 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3D48 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3FA8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC40D8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3E78 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4208 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC39B8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3AE8 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4338 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4468 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3888 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC4598 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC55E0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC680C ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5A7C ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5974 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5828 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5698 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5538 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5C28 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC6434 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC5F58 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC60C0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC6168 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC63A4 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC58D0 ten?a un bit con un 1 y deber?a est?r seteado en 0
0000000140EC3278 ten?a un bit con un 1 y deber?a est?r seteado en 0
-----------------------------------------------------------------------
-----------------------------------------------------------------------
My suspicions about this is that the packer intentionally sets these offsets to 1 to avoid skipping their security of detecting debuggers and being forced to follow the path that the packer traced, therefore what I did was skip all that security and go directly to the offset of the true entry point and set those offsets to 0 so that there is no error when executing the clean code, my recommendation is that you use this entry point, since I did tests and it works perfectly to the point The window appears already running, but I could not continue building due to lack of time.
(00000001408E41A8 <- True Entry Point)
HighGamer. is offline  
Thanks
2 Users
Reply



« Atlantica Groso Xtreme Bilingual Version | any Art gallery/OT bugs? »

Similar Threads Similar Threads
Wants to create a private server atlantica
03/08/2019 - Atlantica Online - 3 Replies
anyone who wants to work together to create a private server? I will provide a website, vps, domain, and hosting supplies, you just run the game only, if anyone wants to work together? :) ------------------------------- Khusus indo : Buat yang indo, yang udah ngerti buat AOPS , kerja sama nya dong :( Thank you
anyone wants to help me!!!
06/24/2009 - General Gaming Discussion - 1 Replies
i need some hacks in speed rose server.. please give me some hack for this server.. thanks guys
Anyone wants a good archer in Virgo server?
05/08/2009 - Dekaron Trading - 2 Replies
if there's someone who wants to play in virgo pls pm me... i got a good proposal for my chars with full info and good stuff on it!
TO ANYONE WHO WANTS TO TRADE A WOW ACCOUNT FOR SWG
12/24/2008 - General Gaming Discussion - 2 Replies
the account is new and has 3 months of gameplay left there are not alot of characters as i did not like the game i think there are like 3 lvl 5's so if anyone would wanna trade me for a swg account there doesn't need to be any toons but at least a month of gameplay Thanks Aaron
Anyone wants a sox drop ??
10/05/2007 - Silkroad Online - 14 Replies
just pick your sox :D http://img518.imageshack.us/img518/2585/sro200708 2315124297cs8mpj9.jpg



All times are GMT +2. The time now is 21:37.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BTC: 33E6kMtxYa7dApCFzrS3Jb7U3NrVvo8nsK
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2020 elitepvpers All Rights Reserved.