|
Any Ideas? (Debugging Cabalmain.exe)
Well I managed to get a TwinR to be able to Live Debug Cabalmain.exe I even managed to get the proper asm codes in olly so I load up TwinR to attempt to use it as a bypass to be able to Live Debug but it ends up that TwinR detects my olly and it shuts down! I've already tried to run it sandboxed but it doesn't work.... any other ideas?
|
y dont u run twinr first to bypass, close twinr (make sure the process has been terminated in the task manager), then attach olly to cabalmain?
|
will try... and lol it's hard to explain but I don't really have TwinR someone who wants the hack aswell is offering to let me use their's but they don't wana give it to me until they can do the hack themselves so I wusn;t able to fool around and see my options much but ty! I will try this!
edit: dusnt work ... cabal simply closes wen u run olly |
I'm having this same issue. I need a bypass but there isn't one around for NA. So what I tried was running Cabalmain.exe and at the update screen opening Ollydbg. Then I try to attach to cabalmain.exe and select Start Game at the Update Window. I was hoping that the instant Shut down might show in Olly but after analyzing anything Olly freezes and shuts down. I get nowhere I get nothing. Without a proper X-Trap bypass, removing the Flag, or even finding the possible address/value is next to impossible. I've tried using Hideolly and Phantom. Both of which X-Trap can still find instantly...:mad:
|
well heres something I can share with you and maybe you can help me back O.O ... if you use StrongOD instead of phantOm (don't use phantOm at all it has to be uninstalled) then you can bypass TwinR's security but the thing is you can't unpack and livedebug cabalmain.exe without using the phantOm .dll sooooooo you must open up cabalmain.exe(using phantOm) dump it, fix it then close olly and take out the phantOm and install StrongOD than you might be able to open the unpacked cabalmain.exe without using phantOm but the thing is I'm having various issues with getting the cabalmain.exe fixed I get it dumped and it's 11701 kb but after that I'm unable to fix it properly using imprec, what happens is that the unpacked and dumped and supposedly fixed cabalmain.exe doesn't run like norm cabalmain... infact it doesnt run at all >.>
|
This is a file that you uploaded on forum few weeks ago. I've tried to unpack it, i'm not so sure this will work or not since i don't have Cabal NA install on my PC.
[Only registered and activated users can see links. Click Here To Register...] |
Quote:
[Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] And a olly folder with plugins and scripts that work with Xtrap : [Only registered and activated users can see links. Click Here To Register...] |
what phantOm are you using .... mine has slightly more options but even with those options ticked it still doesn't work >.> maybe it could be the phantOm i'm using?
|
Im just wondering , what u can get if u unpack cabalmain rufl ? ._. sry for offtop but im interested.
|
Use dmg hack,all methods,and alz drop rate hacks.
Use a bug/exploit to never spend CC on Cash Shop items( you need the CC but it wont go down) Name hack to "[GM]XXXXXX" server sided. Class hack /with beeing able to buy skills. More smaller things. |
Everything Nova provided was more than amazing. Unfortunately enough for me I'm still at block one. I try to run Cabal through Cabal Rider. Should I make an attempt to use TwinR. Because the attempts I've made fail because it either wont load or it says there's a corrupt cabal.enc file. I configured PhantOm like Nova suggested. And then also tried what cow suggested. I think I'm stuck with a POS cabalmain.exe. So, might I be lacking in resources? I have relative knowledge, just this X-Trap is a true Hell.
|
O____________O Punk u should try to debug q,q <gimme>
|
Pft,If I was able to run the unpacked exe. till' now i would've given you et alrdy nubie >:,still stuck,but there are some new imortant tips , will try again later since im overloaded with school /etc.
|
dam punk >.> I know I'm doing something wrong while I'm either unpacking or dumping and I'm pretty sure it has to do with the OEP that I think I found lol... because once it's dumped and supposedly fixed my unpacked.exe doesn't run lawl it tells me that somethings wrong and hacking has been detected or something like that >.>
as for debugging punk... can you debug w/o getting detected? |
Err,cabal EU sux,so I have no problem doing it ;d,and same goes for me,can't run the unpacked file yet.
[Only registered and activated users can see links. Click Here To Register...] You can find another flash-type tut on unpacking an exe,this time that exe is packed with UPX. |
trying ur tut atm but again ... just like you busy w/ school etc etc so this is second priority... ALSO the Sienna Queen patch is scheduled for Euro and NA pretty soon soooooo what if they find another way to make us not able to do this whole unpack bussiness >.> or maybe we''ll just have to redo our work? (if we successfully get it dun by then)
|
what'cha dreaming about ? took em months to fix that even though they knew it existed,they probably fell in denial,but I don't think they'll add extra protection to the cabalmain.exe,like Themida etc.
|
lol... according to bindie CabalNA is packed with themida >.> ALSO I followed the dekaron thing it works perfectly till I have to fix in imprec ... it doesn't have the right OEP which means that I'm missing something from the step before(after I set the BP at the cabalmain jmp and run it, it doesn't take me anywhere) >.> ... well atleast it's good news to here estsoft is slow !
|
SEA is also packed with Themida, 1.9.9.0 specifically. tried unpacking it but i too end up Themida detecting the exe being debugged; gives some oreans error message. I believe the oep is correct as i tried finding it manually and using scripts, both gives the same oep. I think the problem im facing now is fixing the IAT.
|
btw, if cabalridre bypasses your security system (xtrap,gg) no need for twinR..
if u already bypass ur security protection theres no reason why cabal detects olly... asfaik |
Quote:
|
I never dlded it :P.Will do now,as I said,im overloaded,I usually post from my phone while in classes xD
Never said Themida was un-removable,it just takes more for ppl to remove it by meerely reading guides. EDIT:Holy shot ,the folder u posted pwns,all in 1 folder >;,epic. |
Nova provided some really great stuff. Just wondering, Nova did you work on Debug of NA Cabal or others? Or maybe all of them? If so, did you ever get errors while using Olly that some Memory Adresses were un-readable? I like the tools you provided, I just wish that it would all come together smoothly. Is there a specific setup I should use to each plugin for it to actually run and not be detected and fail? I've been racking my brain for this accursed .exe. I can attach to other games no problem and run debugger succesfully...I swear once I figure this out, I will dedicate my life to killing X-Trap :bandit:
|
Quote:
of all the scripts i tried, only one script successfully finished till the end. [Only registered and activated users can see links. Click Here To Register...] tried the manual way following joker_italy guide on tmd 1.9.1.0 gives the same result as this script (although SEA is packed with 1990, that's why im sceptical whether its real oep). well, there are still many things i'm going to try, and i'm back to basics. :p |
@ oren that's the only script that works for me as well but when I try to rebuild IAT using imprec using the OEP I found there and subtracting image base .... it doesn't work :S
@punk... that post about dekaron ... Cabalmain seems a little more complex? I'm trying dif things but can't find the correct way to find the proper OEP =( |
Upon further research. Could you use MHS to actually Debug? and Would it also work if you inject a code where the flag is triggered? Or would that still require repetitive procedures after Cabal is closed? I've read MHS can read kernal memory without actually attaching to the process. It's odd, something that should be so simple is made complicated by a simple thing. Unless of course I'm looking in the wrong places. But then I'm just thinking about it too hard. :pimp:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
well sure enough I used chimprec in place of imprec and it worked...........................
well... now when i try to open the supposedly fixed dump it gives me [Only registered and activated users can see links. Click Here To Register...] this also happens when i try to open it in olly |
i think i did it finally, removed themida completely. ran it normally, and peid didn't detect any protection. so happy!
on to the tracing part next! weeeeeeeeeeeeeeeeeeee! :p:p:p:p |
how!!!!! pm me !!!.... and wait so you can run your unpacked.exe by itself?
|
Quote:
|
pmed you back :P and also you just used one script?
|
LOL GUYS :D SEND ME UR UNPACKD CABALMAIN O_O
|
ill do it if i can find it out AND you mail me cookies
|
lol i will , giimme adress
|
Quote:
|
Quote:
P.S I'll give you some of the cookies that Vegi is gunna send me but yea hopefully oren could point me in the right direction I've spent a while just trying many dif combinations and retsarting my comp soooooooo many times over and over and over Btw is there a way to edit upgrade success through cabalmain.exe aswell? I am absolutely hating my upgrading luck atm >.> |
| All times are GMT +2. The time now is 12:41. |
Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.