|
You last visited: Today at 06:59
Advertisement
Any Ideas? (Debugging Cabalmain.exe)
Discussion on Any Ideas? (Debugging Cabalmain.exe) within the Cabal Online forum part of the MMORPGs category.
09/21/2009, 23:22
|
#16
|
elite*gold: 0 
Join Date: Oct 2008
Posts: 177
Received Thanks: 5
|
trying ur tut atm but again ... just like you busy w/ school etc etc so this is second priority... ALSO the Sienna Queen patch is scheduled for Euro and NA pretty soon soooooo what if they find another way to make us not able to do this whole unpack bussiness >.> or maybe we''ll just have to redo our work? (if we successfully get it dun by then)
|
|
|
|
09/22/2009, 05:43
|
#17
|
elite*gold: 30
Join Date: Apr 2008
Posts: 2,956
Received Thanks: 1,771
|
what'cha dreaming about ? took em months to fix that even though they knew it existed,they probably fell in denial,but I don't think they'll add extra protection to the cabalmain.exe,like Themida etc.
|
|
|
|
|
09/22/2009, 05:56
|
#18
|
elite*gold: 0
Join Date: Oct 2008
Posts: 177
Received Thanks: 5
|
lol... according to bindie CabalNA is packed with themida >.> ALSO I followed the dekaron thing it works perfectly till I have to fix in imprec ... it doesn't have the right OEP which means that I'm missing something from the step before(after I set the BP at the cabalmain jmp and run it, it doesn't take me anywhere) >.> ... well atleast it's good news to here estsoft is slow !
|
|
|
|
|
09/22/2009, 11:41
|
#19
|
elite*gold: 0
Join Date: Jul 2008
Posts: 43
Received Thanks: 3
|
SEA is also packed with Themida, 1.9.9.0 specifically. tried unpacking it but i too end up Themida detecting the exe being debugged; gives some oreans error message. I believe the oep is correct as i tried finding it manually and using scripts, both gives the same oep. I think the problem im facing now is fixing the IAT.
|
|
|
|
|
09/22/2009, 14:48
|
#20
|
elite*gold: 0
Join Date: Aug 2009
Posts: 137
Received Thanks: 26
|
btw, if cabalridre bypasses your security system (xtrap,gg) no need for twinR..
if u already bypass ur security protection theres no reason why cabal detects olly...
asfaik
|
|
|
|
|
09/22/2009, 15:41
|
#21
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by PunkS7yle
what'cha dreaming about ? took em months to fix that even though they knew it existed,they probably fell in denial,but I don't think they'll add extra protection to the cabalmain.exe,like Themida etc.
|
Themida is removable... just takes longer, think I should complile a Ollydbg+Cabal toolkit with all the plugins tools people should need? Im very suprised no-one noticed there where scripts for removing the packers on cabal in the last folder I posted!.
|
|
|
|
|
09/22/2009, 15:57
|
#22
|
elite*gold: 30
Join Date: Apr 2008
Posts: 2,956
Received Thanks: 1,771
|
I never dlded it :P.Will do now,as I said,im overloaded,I usually post from my phone while in classes xD
Never said Themida was un-removable,it just takes more for ppl to remove it by meerely reading guides.
EDIT:Holy shot ,the folder u posted pwns,all in 1 folder >;,epic.
|
|
|
|
|
09/22/2009, 17:40
|
#23
|
elite*gold: 0
Join Date: May 2008
Posts: 99
Received Thanks: 35
|
Nova provided some really great stuff. Just wondering, Nova did you work on Debug of NA Cabal or others? Or maybe all of them? If so, did you ever get errors while using Olly that some Memory Adresses were un-readable? I like the tools you provided, I just wish that it would all come together smoothly. Is there a specific setup I should use to each plugin for it to actually run and not be detected and fail? I've been racking my brain for this accursed .exe. I can attach to other games no problem and run debugger succesfully...I swear once I figure this out, I will dedicate my life to killing X-Trap 
|
|
|
|
|
09/22/2009, 20:22
|
#24
|
elite*gold: 0
Join Date: Jul 2008
Posts: 43
Received Thanks: 3
|
Quote:
Originally Posted by NovaCygni
Themida is removable... just takes longer, think I should complile a Ollydbg+Cabal toolkit with all the plugins tools people should need? Im very suprised no-one noticed there where scripts for removing the packers on cabal in the last folder I posted!.
|
tried with all themida script included in your folder, but still couldn't find oep. most script gives oreans internal exception error, some straighaway terminated.
of all the scripts i tried, only one script successfully finished till the end.
tried the manual way following joker_italy guide on tmd 1.9.1.0 gives the same result as this script (although SEA is packed with 1990, that's why im sceptical whether its real oep).
well, there are still many things i'm going to try, and i'm back to basics. 
|
|
|
|
|
09/22/2009, 21:44
|
#25
|
elite*gold: 0
Join Date: Oct 2008
Posts: 177
Received Thanks: 5
|
@ oren that's the only script that works for me as well but when I try to rebuild IAT using imprec using the OEP I found there and subtracting image base .... it doesn't work :S
@punk... that post about dekaron ... Cabalmain seems a little more complex? I'm trying dif things but can't find the correct way to find the proper OEP =(
|
|
|
|
|
09/23/2009, 06:54
|
#26
|
elite*gold: 0
Join Date: May 2008
Posts: 99
Received Thanks: 35
|
Upon further research. Could you use MHS to actually Debug? and Would it also work if you inject a code where the flag is triggered? Or would that still require repetitive procedures after Cabal is closed? I've read MHS can read kernal memory without actually attaching to the process. It's odd, something that should be so simple is made complicated by a simple thing. Unless of course I'm looking in the wrong places. But then I'm just thinking about it too hard. 
|
|
|
|
|
09/23/2009, 10:34
|
#27
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by howcow95
@ oren that's the only script that works for me as well but when I try to rebuild IAT using imprec using the OEP I found there and subtracting image base .... it doesn't work :S
@punk... that post about dekaron ... Cabalmain seems a little more complex? I'm trying dif things but can't find the correct way to find the proper OEP =(
|
You need to remove the Protection in the correct order, also if you run the script for say Yoda and it gives a "Maybe its not Yoda" message, you havnt removed the other security...
|
|
|
|
|
09/23/2009, 13:15
|
#28
|
elite*gold: 30
Join Date: Apr 2008
Posts: 2,956
Received Thanks: 1,771
|
Quote:
Originally Posted by howcow95
@ oren that's the only script that works for me as well but when I try to rebuild IAT using imprec using the OEP I found there and subtracting image base .... it doesn't work :S
@punk... that post about dekaron ... Cabalmain seems a little more complex? I'm trying dif things but can't find the correct way to find the proper OEP =(
|
Dekaron.exe is packed with UPX,no dumping protection,that vid only serves the purpose of showing you an example.
|
|
|
|
|
09/23/2009, 13:42
|
#29
|
elite*gold: 0
Join Date: Jul 2008
Posts: 43
Received Thanks: 3
|
Quote:
Originally Posted by NovaCygni
You need to remove the Protection in the correct order, also if you run the script for say Yoda and it gives a "Maybe its not Yoda" message, you havnt removed the other security...
|
So you're saying that it has other protection other than Themida?
|
|
|
|
|
09/23/2009, 15:37
|
#30
|
elite*gold: 0
Join Date: May 2009
Posts: 72
Received Thanks: 3
|
Quote:
Originally Posted by NovaCygni
You need to remove the Protection in the correct order, also if you run the script for say Yoda and it gives a "Maybe its not Yoda" message, you havnt removed the other security...
|
what do you mean by removing the protection in order? whats the correct order? im stock in finding the correct OEP.. always failing in IAT part!
|
|
|
|
 |
|
Similar Threads
|
Debugging
07/16/2010 - Grand Chase - 0 Replies
D quote above is quoted from 745896321. As stated, it is possible to run d GCHAX (by makim) on a 64bit-running OS ... but does any1 care to explain how ?
|
debugging
01/28/2010 - Last Chaos - 4 Replies
hi.. hab probleme mit ollydbg und last chaos
also: was ich bisher mache .. lc starten, einloggen, olly starten, attachen
nach dem attachen funktioniert manchmal alles, meistens jedoch bleibt olly bei einer exception hängen und das spiel stürzt ab.
hat LC eine anti debug methode, oder mache ich etwas anderes falsch^^?
wenn ja: wie kann ich die bypassen =) ?
mfg d0m
|
Debugging Aion
09/19/2009 - Aion - 8 Replies
I am trying desperatly to debug/hook functions in Aion.
I have run the GG Killer, and that lets me get very close, but as soon as I set a breakpoint in CE or olly, it terminates.
Guessing there is a seperate thread that is constantly checking for breakpoints?
Any suggestions on how to proceed. I dont want a tutorial or somebody to do it for me, just some pointers so I can try to do it myself.
|
[Ideas?] Need Some Ideas For My Public Source
09/23/2008 - CO2 Private Server - 11 Replies
hey i need some ideas for the source that im coding (lotf) and when it is done i go public it, so someone got some great ideas? (Serious answers only please:p)
Examples:
Quests
Events
NPCs
|
Archlord and debugging....
07/29/2008 - Archlord - 3 Replies
hi just want to talk about archlord and debugging.
anyone here that made some expierence with debugging archlord ?
atm iam trying to do some cooldown hack/cheat with ollydbg instead of using wpe.
the problem with wpe ist that it take always some time to setup all filters.
sometimes filter need to setup again when porting etc.
the first thing i found out with ollydbg is the first timecheck for sending the
first 64 byte packet.
i was able to simply bypass this so that the first 64 byte...
|
All times are GMT +1. The time now is 06:59.
|
|
