Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Unpacking Main season 13

P

Pinkof

Newbie :)
500 Posts Got A Reaction 10 Happy Years
Joined
Mar 13, 2008
Messages
758
Reaction score
1,002
hi!!
i am trying unpacking main season 13 from mu legend

here have all desobfuscate functions, iat, entry point
maybe somebody can help?

IAT
0A230614
SIZE B20

entry pointoffset -00E06856

later of load entry point change for it
E8 FF EF 28 00 E9 DD 24 27 00 //desobfuscate EntryPoint

getstartupinfo //later decrypt this section chage to it
offset -- 01078D3D

6A 58 68 90 70 5B 01 E8 6F AB 00 00 33 F6

offset - 00506F53

55 8B EC B8 14 24 00 00 E8 D0 4E B6 00

offset - 00CEB3F3

55 8B EC 6A FF 68 07 8C 3A 01 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 EC FC 00 00 00 89 8D08 FF FF FF FF 75 0C 8B 8D 08 FF FF FF 83 C1 04

offset -- 00CEB428
8B 85 08 FF FF FF 8A 4D 10 88 48 3C FF 75 0C B9 98 85 1D 0A E8 80 71 00 00 0F B6 C0 83 F8 01 0F85 34 01 00 00 8D 4D D4 E8 63 35 83 FF 83 65 FC 00 8B 4D 08 E8 7D 71 00 00 50 8D 8D 60 FF FF FFE8 63 BB 71 FF C6 45 FC 01 8D 85 60 FF FF FF 50 8D 85 44 FF FF FF 50 E8 FC 9A 07 00 59 59 89 8504 FF FF FF 8B 85 04 FF FF FF 89 85 00 FF FF FF C6 45 FC 02 FF B5 00 FF FF FF 8D 4D D4 E8 37 3583 FF C6 45 FC 01 8D 8D 44 FF FF FF E8 5A E4 81 FF C6 45 FC 00 8D 8D 60 FF FF FF E8 58 C6 71 FF

offset-00CEB4C8
6A FF 68 60 DB 43 01 8D 4D D4 E8 E4 B2 E6 FF 89 45 F0 FF 75 F0 6A 00 8D 45 B8 50 8D 4D D4 E8 F3B2 E6 FF C6 45 FC 03 8D 45 B8 50 8B 8D 08 FF FF FF 83 C1 20 E8 E0 34 83 FF 68 64 DB 43 01 8D 4DB8 E8 B0 D0 81 FF FF 75 0C 8D 4D B8 E8 A5 D0 81 FF 68 68 DB 43 01 8D 4D B8 E8 98 D0 81 FF 0F B645 10 85 C0 74 1C 8D 4D B8 E8 F2 E3 81 FF 50 8B 85 08 FF FF FF 8B 00 8B 8D 08 FF FF FF FF 50 14

offset-00CEB548
EB 1A 8D 4D B8 E8 D6 E3 81 FF 50 8B 85 08 FF FF FF 8B 00 8B 8D 08 FF FF FF FF 50 10 C6 45 FC 008D 4D B8 E8 A3 E3 81 FF 83 4D FC FF 8D 4D D4 E8 97 E3 81 FF E9 22 01 00 00 FF 75 0C 8D 8D 7C FFFF FF E8 4E E3 81 FF C7 45 FC 04 00 00 00 68 74 DB 43 01 8D 8D 7C FF FF FF E8 18 D0 81 FF 8B 4D08 E8 30 70 00 00 50 8D 8D 28 FF FF FF E8 16 BA 71 FFoffset-00CEB5BA
C6 45 FC 05 8D 85 28 FF FF FF 50 8D 45 98 50 E8 B2 99 07 00 59 59 C6 45 FC 07 8D 8D 28 FF FF FFE8 41 C5 71 FF 6A FF 68 80 DB 43 01 8D 4D 98 E8 CD B1 E6 FF 89 45 B4 FF 75 B4 6A 00 8D 85 0C FFFF FF 50 8D 4D 98 E8 D9 B1 E6 FF 89 85 FC FE FF FF 8B 85 FC FE FF FF 89 85 F8 FE FF FF C6 45 FC08 FF B5 F8 FE FF FF 8B 8D 08 FF FF FF 83 C1 20 E8 B2 33 83 FF C6 45 FC 07 8D 8D 0C FF FF FF E8D5 E2 81 FF 0F B6 45 10 85 C0 74 22 8D 8D 7C FF FF FF E8 D7 E2 81 FF

offset-00CEB651
50 FF 75 08 8B 85 08 FF FF FF 8B 00 8B 8D 08 FF FF FF FF 50 1C EB 20 8D 8D 7C FF FF FF E8 B5 E281 FF 50 FF 75 08 8B 85 08 FF FF FF 8B 00 8B 8D 08 FF FF FF FF 50 18 C6 45 FC 04 8D 4D 98 E8 7FE2 81 FF 83 4D FC FF 8D 8D 7C FF FF FF E8 70 E2 81 FF 8B 4D F4 64 89 0D 00 00 00 00 C9 C2 0C 00

OFFSET 00CDA52155

8B EC 6A FF 68 A5 80 3A 01 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 81 EC 84 00 00 00 89 8D70 FF FF FF 68 0C D9 43 01 8D 4D 80
CALL 00406FD0 //CHANGE CALL FOR THIS..
83 65 FC 00 FF 75 08 8D 4D 80 E8 4F C5 72 FF 6A 00 8D 4D 80 E8 85 CE 72 FF 50 8B 85 70 FF FF FFFF 30 E8 F7 6A 35 00 83 C4 0C 85 C0 74 1E 83 A5 7C FF FF FF 00 83 4D FC FF 8D 4D 80 E8 8D D5 72FF 8B 85 7C FF FF FF E9 A4 00 00 00 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 8D 45 9C 50 8B 85 70 FFFF FF FF 30 E8 F5 67 35 00 83 C4 20 FF 75 B8 E8 D8 E7 37 00 59 89 85 78 FF FF FF 8B 45 0C 8B 8D78 FF FF FF 89 08 FF 75 B8 6A 00 8B 45 0C FF 30 E8 59 0F 39 00 83 C4 0C 68 10 D9 43 01 8B 85 70FF FF FF FF 30 E8 C4 76 35 00 59 59 FF 75 B8 8B 45 0C FF 30 8B 85 70 FF FF FF FF 30 E8 4D 77 3500 83 C4 0C 89 45 F0 8B 85 70 FF FF FF FF 30 E8 9A 7E 35 00 59 8B 45 F0 89 85 74 FF FF FF 83 4DFC FF 8D 4D 80 E8 E4 D4 72 FF 8B 85 74 FF FF FF 8B 4D F4 64 89 0D 00 00 00 00 C9 C2 08 00

OFFSET -0x0D7AABA
55 8B EC 51 83 3D 80 9E 62 01 00 75 04 32 C0 EB 34 8B 0D 80 9E 62 01 E8 03 0A 00 00 89 45 FC 817D FC 55 07 00 00 74 10 FF 75 FC 6A 00 E8 A3 00 00 00 59 59 32 C0 EB 0D 68 AC B1 D7 00 E8 04 0504 00 59 B0 01 C9 C3
Click to expand...
 
The Best DDoS Protected Servers
mauka

mauka

NN - Nord & Noob
Loyal Member
1000 Posts 10 Happy Years
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
well.. its easy to unpack hit 2xF8 set HWBP at ESP -> F9 and ur`e at OEP, dump process fix IAT

i was released script for this at RZ
LOL :D have nice day
 
mauka

mauka

NN - Nord & Noob
Loyal Member
1000 Posts 10 Happy Years
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
with hands, write sript and deobfuscate each function manually. Though its uses (GMO) a simply VM, where its calls func A to restore stolen bytes of func B at runtime.. so unpacking to OEP and dumping, fixing iat wont help u alot, cuz its checks self :)

Call funcA -> Check -> restore stolenbytes of funcB -> Call funcA
Call funcB -> Check -> restore stolenbytes of funcC -> Call funcB
 
P

Pinkof

Newbie :)
500 Posts Got A Reaction 10 Happy Years
Joined
Mar 13, 2008
Messages
758
Reaction score
1,002
mauka said:
with hands, write sript and deobfuscate each function manually. Though its uses (GMO) a simply VM, where its calls func A to restore stolen bytes of func B at runtime.. so unpacking to OEP and dumping, fixing iat wont help u alot, cuz its checks self :)

Call funcA -> Check -> restore stolenbytes of funcB -> Call funcA
Call funcB -> Check -> restore stolenbytes of funcC -> Call funcB
Click to expand...

just unpack oep with this.. not work with all obfuscate functions..
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
230
Guests online
1,361
Total visitors
1,591
Totals may include hidden visitors.

Forum statistics

Threads
428,822
Messages
4,588,818
Members
279,032
Latest member
browntein
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top