The problem is there is another protection, I'll keep you guys updated.
I was able to unpack the file and have it running through CR . However , if I attempt to attached olly to cabalmain.exe and run debug . It is detected by GameGuard , from this point I no longer know what to do hide olly and phantom don't seem to work . Please advise if there is any software I can use to bypass the 2nd protection . ^>> ^ thanks .. guys
Here's what I do, but its not live debug.. my unpacked exe cannot run normally..
1. Unpack cabal main (UnExeStealth + RL_dePacker1.4)
2. Run Ollydbg
3. Open the unpacked cabalmain (not attach since it's not running)
4. From there you can see lots of stuff.. search for all referenced strings
@dlnqt
does antivirus detects RL!dePacker as a virus???
ive DLed one and its full of virus lol =))
and yes
i think im encountering that second protection so
does that means i need to unpack the already unpacked exe by RL!depACKER ?
PLS enlighten me thanks
@logan432, i don't know the OEP, mine is wrong because it won't run normally, tried re-packing it but still doesn't work
@jagd, yeah unexestealth is detected as a virus, not sure with RL!dePacker..1st protection (UnExeStealth) ... you still can't see any useful asm code, 2nd protection (RL!dePacker) after this, you will already see important asm codes, but i think there is still a protection but i'm not sure..
@logan432, i don't know the OEP, mine is wrong because it won't run normally, tried re-packing it but still doesn't work
@jagd, yeah unexestealth is detected as a virus, not sure with RL!dePacker..1st protection (UnExeStealth) ... you still can't see any useful asm code, 2nd protection (RL!dePacker) after this, you will already see important asm codes, but i think there is still a protection but i'm not sure..
mine too.. i cant run my unexestealth.. it has a error or something like this "error while processing memory" or such.. sorry for my bad english..
unexestealth + RL!dePacker
I am under the impression that once unexestealth is applied to the cabalmain.exe this is already the unpacked version . How come we still need to use RL!dePacker ? When I tried to apply RL!dePacker the the unpack cabalmain.exe it won't detect the cabalmain.exe file .
hmmm....it only make sense to give this message "file cannot be unpacked" since it is already unpacked . ^ ^.. thanks..anyways
OK. Even I succeeded with unpacking cabalmain, I did wonder why I cannot see the codes hinted by dlnqt.
You need RL depacker so that you could see codes like the one attached.
I am not a master programmer, but I have a bet
Unexestealth make new header and RVA and new import records (I think it is similar with what ImpRec is doing) - you do not need to find the OEP because it is done automatically. But since it is automatic, you could do it the other way by finding the OEP, manually setting the OEP, importing the tables and all the other stuff.
On the other hand RLdepacker just did another thing.
As you may know to completely unpack the file, the following are the main options of many reversers...
Copying the erased header
Passing the CRC check
Avoiding API redirection
Avoiding Imports erasing
Patching Anti dumping
Patching Anti SoftICE, SmartCheck, IDA., Olly
SO the two tools mentioned above do one or more of the reversing procedures I have stated.
If you cannot understand all of these things, then you are too far behind the race.
OK. Even I succeeded with unpacking cabalmain, I did wonder why I cannot see the codes hinted by dlnqt.
You need RL depacker so that you could see codes like the one attached.
I am not a master programmer, but I have a bet
Unexestealth make new header and RVA and new import records (I think it is similar with what ImpRec is doing) - you do not need to find the OEP because it is done automatically. But since it is automatic, you could do it the other way by finding the OEP, manually setting the OEP, importing the tables and all the other stuff.
On the other hand RLdepacker just did another thing.
As you may know to completely unpack the file, the following are the main options of many reversers...
Copying the erased header
Passing the CRC check
Avoiding API redirection
Avoiding Imports erasing
Patching Anti dumping
Patching Anti SoftICE, SmartCheck, IDA., Olly
SO the two tools mentioned above do one or more of the reversing procedures I have stated.
If you cannot understand all of these things, then you are too far behind the race.
Those are the asm codes I was talking about So.. you can run your unpacked cabalmain.exe normally? RL!depacker is not enough to unpack cabalmain, you also need UnExeStealth..
@brian86
UnExeStealth is not applied.. a new .exe will be formed automaticall named dump.exe, I guess you were running cabalmain.exe at the same time? exit any program that is using cabalmain.exe.. then use UnExeStealth. A new .exe named dump.exe will be formed. Then use RL!depacker on dump.exe.. again a new .exe will be formed named unpacked.exe. You must use the latest RL!depacker for it to work.. Older versions will crash..
Those are the asm codes I was talking about So.. you can run your unpacked cabalmain.exe normally? RL!depacker is not enough to unpack cabalmain, you also need UnExeStealth..
@brian86
UnExeStealth is not applied.. a new .exe will be formed automaticall named dump.exe, I guess you were running cabalmain.exe at the same time? exit any program that is using cabalmain.exe.. then use UnExeStealth. A new .exe named dump.exe will be formed. Then use RL!depacker on dump.exe.. again a new .exe will be formed named unpacked.exe. You must use the latest RL!depacker for it to work.. Older versions will crash..
I may have doing something wrong with my unpacked cabalmain, after I renamed it cabalmain.exe (its the one called by CR), nothing happend when I call it from CR. I launched olly and found out that the OEP pointed to the instructed RTN
Now, I'm currently tracing where the starting code should be....
haha same problem as me.. I'm guessing that we can't really run an unpacked cabalmain.exe, OEP is incorrect, some asm codes were destroyed during unpacking, or we lack the following options as you mentioned:
Copying the erased header
Passing the CRC check
Avoiding API redirection
Avoiding Imports erasing
Patching Anti dumping
Patching Anti SoftICE, SmartCheck, IDA., Olly
haha same problem as me.. I'm guessing that we can't really run an unpacked cabalmain.exe, OEP is incorrect, some asm codes were destroyed during unpacking, or we lack the following options as you mentioned:
Copying the erased header
Passing the CRC check
Avoiding API redirection
Avoiding Imports erasing
Patching Anti dumping
Patching Anti SoftICE, SmartCheck, IDA., Olly
Uhmm I wonder how to produce the log you posted earlier in this thread - WSA logs...
First I didnt say I saw your WSA logs in my cabalmain.
Next is, I was able to "successfully" run unpacked cabalmain after numerous attempts to find the OEP. I didnt claim that I even got dmg hack worked.
And lastly, I wasn't able to see the code you were mentioning in MY cabalmain that is why I tried using RLDe and finally saw what you were saying before.
Now I am wondering how did you get WSA calls from the logs before when you admitted that your current unpacked client doesnt work either...
Just thinking aloud. No ofnc meant...
I am posting what I have learned and somehow collaboratively make clue with those others (better than me) who still working hard to find the solution to this dc problem.
Is this from the screenshot you provided earlier?
If yes, then I think you need to find the "exact" oep.
Why am I telling this? Because you could get the same screenies even if your OEP input is not 384895
Try using 384005 and you can get the same screenie. Did you get what I mean?
[Discussion]Removing Weapon hit(s) limitations. 12/15/2009 - Mabinogi - 20 Replies Was wondering, your thoughts/ideas about removing these restrictions.
Like a short sword "Normal 3 hit weapon"
I'd like to work on this, however. I'm clueless as to where to start or what to try.
DLL edits?
Maybe a PE saying "I've only hit once, let me keep slashing this bears throat s'more"
that sort of thing.
cause N + (figure 8 here) sounds pretty sweet.
Removing Dc Flag guides. 09/26/2009 - Cabal Online - 5 Replies Hey all.
I need a bit help with this ... i was reading all removing dc flag threads but i dont understand much, can someone give me bit of guides that will help me with this ?
ok i have bypass , but i need really good guides bcoz im noob :(
cabal discussion. and program discussion xtrap killer 08/02/2009 - Cabal Online - 1 Replies now alot of people had the chance of trying how to hack and such, google only gave me small hints on bypassing and factors. on my search of learning how to bypass xtrap i came across an interesting pogram... " Xtrap Killer 2279"
a person named of Irius or some sort made the program.
Cheat Engine :: View topic - X-trap Killer 2275
it was at the cheatengine site so i thought maybe the community can take a look at it! since this is trusting enough.
i managed to understand how to...
Binary Discussion Discussion 04/08/2009 - CO2 Private Server - 10 Replies I dont think thats going to work, youve just made yourself a hell of alot of work :rolleyes:
Would be better to ban advertising servers in this section since 90% of people moved over to binarys anyway, theres barely any source code released because everyone either uses LOFT or the binarys, neither of which really need code (LOFT needs a complete rewrite but nothing really specific)
I would release a few things but all i can only really give out is some classes, all of my systems are...
![[Discussion] Removing DC Flag](https://www.elitepvpers.com/forum/iconimages/cabal-online/discussion-removing-dc-flag_ltr.gif){kind=small}
