|
You last visited: Today at 06:28
Advertisement
Reverse engeneering problem
Discussion on Reverse engeneering problem within the General Coding forum part of the Coders Den category.
05/27/2010, 15:07
|
#1
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
Reverse engeneering problem
Hello there, I am trying to hack a MMORPG with OllyDbg but I get an error that says there was detected a debugger... Can someone tell me how to delete the error?
|
|
|
05/27/2010, 15:50
|
#2
|
elite*gold: 0
Join Date: Apr 2008
Posts: 495
Received Thanks: 817
|
You must learn Assembler, too delete this message.
You can watch Lena151 Assembler tutorials (Language: English)
It's very difficult, but in Step 1-8 you will learn to "delete" this message.
But don't use the string search method, it's not a good way .
|
|
|
05/27/2010, 15:55
|
#3
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
thank you I will try it
|
|
|
05/27/2010, 16:07
|
#4
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
I watched the tutorial from 1 to 8 and I cant do the same things as lena... When I press the "Step over" button or "F8" it doesn't happen anything... And if I search for the text nothing is found
|
|
|
05/27/2010, 16:19
|
#5
|
elite*gold: 7110
Join Date: Jun 2009
Posts: 28,904
Received Thanks: 25,394
|
Quote:
Originally Posted by schnewin
You must learn Assembler, too delete this message.
You can watch Lena151 Assembler tutorials (Language: English)
It's very difficult, but in Step 1-8 you will learn to "delete" this message.
But don't use the string search method, it's not a good way .
|
thats totally wrong
if the debugger is detected, it means that there is a copy protection like Themida or any other one.
and you can't simply delete it, to get access to the client.
search for PEid, run it and choose the client, look after a public unpacker for the detected copy protection
|
|
|
05/27/2010, 16:28
|
#6
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
Quote:
Originally Posted by MrSm!th
thats totally wrong
if the debugger is detected, it means that there is a copy protection like Themida or any other one.
and you can't simply delete it, to get access to the client.
search for PEid, run it and choose the client, look after a public unpacker for the detected copy protection
|
Ok I have PEiD and opened the client with it, now what I need to do?
Unpack the client?
P.S. When I opened the client in PEiD in the box above "Multi Scan" is written: "Nothing found *"
|
|
|
05/27/2010, 16:32
|
#7
|
elite*gold: 7110
Join Date: Jun 2009
Posts: 28,904
Received Thanks: 25,394
|
hm than you could google what packer is used
if you know it, download an unpacker und unpack it
|
|
|
05/27/2010, 16:34
|
#8
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
But why should I unpack the client?
|
|
|
05/27/2010, 16:42
|
#9
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
I tought that I should add more info... So I made some ss:
The first error I got before editing anything was this :
after this error I get other 2:
and
(this error only says that it's impossible to run the application)
so, the first one I removed it and doesn't bother me anymore but I can't solve/repair/delete/remove the other 2
|
|
|
05/27/2010, 16:47
|
#10
|
elite*gold: 20
Join Date: Sep 2006
Posts: 1,100
Received Thanks: 184
|
@MrSm!th
well, that would be the worst case scenario, but it's possible that the game does just a call to IsDebuggerPresent, something like that would be very trivial to patch.
And if it's infact a recent version of themida or something similar, he won't find public unpackers and I've also experienced that unpackers often don't work well on themida because it's costomizable.
If he really is dealing with Themida he'll probably have to manually unpack it, and I doubt his knowlegde on reversing is sufficent for a rough task like that.
Removing Themida properly and complete is a pain in the *** btw :-)
|
|
|
05/27/2010, 17:04
|
#11
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
Ok I searched if there is any "IsDebuggerPresent" in the client and I found a row that I can't access the row number is: 76011F8F and I start from row: 77D11000... what can I do?
|
|
|
05/27/2010, 17:20
|
#12
|
elite*gold: 20
Join Date: Sep 2006
Posts: 1,100
Received Thanks: 184
|
smbogdan, IsDebuggerPresent is a windows api, if your target programm is actually using it just do this:
press ctrl+g in olly and enter 'IsDebuggerPresent' now hit return, hit F2 to place a breakpoint, hit F9 to execute the programm, it should now break at your breakpoint, press F2 again to remove the breakpoint, now press ctrl+F9 to execute till return, modify the value of eax to 0 and press F9.
ofc you could also just patch the call to is debugger present and set eax to 0, or you could patch the actual check of the return value.
Lena's Reversing Tutorial for newbies does explain how to do this btw.
|
|
|
05/28/2010, 14:16
|
#13
|
elite*gold: 0
Join Date: Nov 2008
Posts: 25
Received Thanks: 0
|
I have a problem after I replace the EAX to 0 and hit F9 nothing happens...
Question... the EAX that I have to make 0 is the one on the right ?
|
|
|
05/28/2010, 15:46
|
#14
|
elite*gold: 20
Join Date: Sep 2006
Posts: 1,100
Received Thanks: 184
|
I've just seen the pix you posted and I'm sorry but you're dealing with Themida, if you want to reverse anything in that client you'll have to remove themida first, try using PeID or similar to find out which themida version you're dealing with and look for some tutorials or even unpack scripts on tuts4you.com.
But judging from your questions you simply lack the knowlegde to unpack themida, so you'll probably fail if you don't find a public unpacker, but be careful there are a lot of trojans out there...
|
|
|
05/28/2010, 16:06
|
#15
|
elite*gold: 7110
Join Date: Jun 2009
Posts: 28,904
Received Thanks: 25,394
|
Quote:
Originally Posted by smbogdan
Hello there, I am trying to hack a MMORPG with OllyDbg but I get an error that says there was detected a debugger... Can someone tell me how to delete the error?
|
Quote:
Originally Posted by smbogdan
But why should I unpack the client?
|
because you want to attach with olly
btw. I dunno why, but I knew it It is Themida... and Bot_interessierter:
I don't think that even a simple protection (like a selfmade one) would not really be that trivial to patch.
I think, nobody uses only IsDebuggerPresent
|
|
|
|
|
Similar Threads
|
[FUN]Cam reverse =D
08/31/2010 - S4 League Hacks, Bots, Cheats & Exploits - 14 Replies
Hello everybody I is again = D here with another hack using CE let go then = D
1-Open suspend HGWC, S4Client.exe and Xtrap
2-Open s4 league and start
3-Suspend...
4-Open CE and Search:
4/1-value between 60 e 60
4/2-Value type float
5-take the values
6-put 6000000
|
Problem Regarding Reverse Scroll on DB Bot
08/28/2010 - SRO Private Server - 1 Replies
im wondering now, does Reverse Scroll Work when your Using DB Bot?
cuz im currently using v1.0 right now, and just bought Reverse scrolls since my grind spot is way too far to repeatedly go back and forth.. but the weird thing is, it doesnt work
Reverse Scroll says it can be used on.. Last Place you used a Return Scroll and last place you have died..
one thing i noticed on my bot is that, whenever i Die.. it automatically respawns back to town, like i dont even see the Part where it...
|
db bot 8.0 reverse problem
06/18/2010 - SRO Private Server - 1 Replies
i can;t use reverse with db bot 8.0 ...when i try to use it says the target is not selected or something like that....someone have the same problem??
|
plz help i have problem with reverse return scroll
04/20/2009 - Silkroad Online - 2 Replies
i play with agbot and loader
when i want to use one of reverse return scroll say to me "can't find the target" all the time
plz help me
|
problem with reverse return scroll
04/20/2009 - World of Warcraft - 0 Replies
i play with agbot and loader
when i want to use one of reverse return scroll say to me "can't find the target" all the time
plz help me
|
All times are GMT +2. The time now is 06:28.
|
|