A small tutorial - unpacking GMO main.exe

[mauka]

On request

Download contains:
- Unpack script v 0.1( my first olly script )
- Ollydbg
- Scylla import reconstructor
- Video tutorial

Download link:

Code:

http://failiem.lv/u/ybfvvns

GMO unpacker v0.2.txt
GMO unpacker v0.3.txt

[MentaL]

[ggragonss]

Thanks. It so helpful .

[R3jectZ]

On request

Download contains:
- Unpack script ( my first olly script )
- Ollydbg
- Scylla import reconstructor
- Video tutorial

Download link:

Code:

http://failiem.lv/u/ybfvvns

bro its a HTML only .. not video tutorial .. make a Video tutorial bro :D

[mauka]

swf <> avi, who cares.. If u like download 200mb AVI tutorial instead of 10mb swf.. im feel sory about u xD

[hateroc22]

Mauka u have Offset Edit FONT main 1.4D ?

[R3jectZ]

swf <> avi, who cares.. If u like download 200mb AVI tutorial instead of 10mb swf.. im feel sory about u xD

do you have 200MB Tutorial ? if you have please pm to me :D i need it bro :D

[lstngl]

Real i just curious is there complety guıide what is the all offset story yea i know i googled i research i got this at teaory, but how can u abble to find whats offests what for what kind research u got there. i been here such a long time i saw so many coders they are all leave community, but then came new ones :D okay i don have that much time but i wanna do somthing on olly now mauka can complainant about my post he is right but i try to understand your guide :D if i could i would post about to your guide.

But thanks anyway seems like good guide to someone.

[mauka]

Reversing <> Cracking ;)

crack is like 500% easy then reverse from low to high lang.. so thouse who u think are "pro: are gays for me :F
This script is very simply - macro

[lstngl]

yea i did watch your script its understandable :D anyhow i want to know more than this.
by thy way i know whats low programing and Reverse engeniring but its not good enough to do someting for myself so still im making my own projects on C# its not strong Language as i wnated to be anyway i keep searching your Topics here i hope i ll get more info from you and others.

[SmallHabit]

hey mauka, have some error's when search for IAT, there are some missing functions? how to deal with them? :)

Something like this - Screenshot by Lightshot

[lstngl]

wehats that program u are using? :D

[phit666]

hey mauka, have some error's when search for IAT, there are some missing functions? how to deal with them? :)

Something like this - Screenshot by Lightshot

Use win7 x64

[mauka]

Restore IT copy/paste it from any of old no-protected main.exe vers or give a try to another IT reconstructor @ http://www.manhunter.ru/underground/...pe_faylov.html

PS. i stop dev this script ^__^ use 0.3v at your own risk
- on process of unpacking main.exe its will create file "MAINPATCHES.txt" with offsets of Mu.exe, GG so u dont bother later to search it manualy..

Code:

 MSG "GMO main.exe unpack script v0.3 by Mauka"  
 var Poffset
 var pos
 var mu1
 var mu2
 var sj    
 VAR addr
 mov mu1, 1 //Wip Patch close mu.exe? 1=yes 0=no
 mov mu2, 1 //Wip Patch start mu.exe? 1=yes 0=no

 LCLR
 BC
 BPHWC
 Estep  
 Estep 
 BPHWS esp,"r"
 ERUN
 Estep  
 Esti 
 Estep 
 Esti
 Cmt eip,"The (near) OEP, by mauka"
 
 mov pos, eip
 Loop: 
 Find pos, #6A02E8????????59C3# //Fix float error at run time
 cmp $RESULT, 0
 Jz EndLoop
 mov Poffset, $RESULT
 Log Poffset, "Float fix  Poffset = "
 Cmt Poffset,"This is the FLOAT ERROR!"
 Asm Poffset, "RETN"
 mov pos, Poffset 
 Jmp Loop

 EndLoop: 
 cmp mu1, 1
 jne startmu
 Mov pos, 00401000 //start offset
 Find pos, #74??????????????????????????E8????????????????????EB??????????????00??????????????????????????????????????????????E8??????????????????????????68????????68????????E8????????5959E8????????????????????0074??#
 cmp $RESULT, 0
 Jz GG0
 mov Poffset, $RESULT 
 ITOA Poffset
 MOV addr, $RESULT
 OPCODE Poffset  
 WRTA "MAINPATCHES.txt", "Start GG: "+ addr+" "+$RESULT+"  "+$RESULT_1 
 JMP GG1:
 GG0:
 Msg "U nee find and fix GG start manualy" 
 GG1:  
 cmp mu1, 1
 jne startmu
 Mov pos, 00401000 //start offset
 Find pos, #68????????68????????E8????????5959E8????????????????????0074??#
 cmp $RESULT, 0
 Jz GGSucess  
 PREOP $RESULT 
 mov Poffset, $RESULT  
 ITOA Poffset
 MOV addr, $RESULT
 OPCODE Poffset  
 WRTA "MAINPATCHES.txt", "GG Sucess: "+ addr+" "+$RESULT+"  "+$RESULT_1 
 JMP MUExecC
 GGSucess:
 Msg "U nee find and fix GG sucess manualy"  
 MUExecC:
 cmp mu1, 1
 jne startmu
 Mov pos, 00401000 //start offset
 Find pos, #74??6A006A006A10FF??????????FF??????????FF????E8????????59#
 cmp $RESULT, 0
 Jz MuClose
 mov Poffset, $RESULT 
 ITOA Poffset
 MOV addr, $RESULT
 OPCODE Poffset  
 WRTA "MAINPATCHES.txt", "Close MU.exe: "+ addr+" "+$RESULT+"  "+$RESULT_1 
 JMP MUExe
 MuClose:
 Msg "U nee find and fix 'Close' Mu.exe manualy"
 MUExe:
 cmp mu1, 1
 jne startmu
 Mov pos, 00401000 //start offset
 Find pos, #75??68????????68????????E8????????595968????????8D??????????50E8????????59596A058D??????????50FF15#
 cmp $RESULT, 0
 Jz MuErr
 mov Poffset, $RESULT 
 ITOA Poffset
 MOV addr, $RESULT
 OPCODE Poffset  
 WRTA "MAINPATCHES.txt", "Start MU.exe: "+ addr+" "+$RESULT+"  "+$RESULT_1 
 JMP End
 MuErr:
 Msg "U nee find and fix execute Mu.exe manualy"


 End:
 BC
 BPHWC
 Msg "Script finished! Dump process and fix IAT"

[ashlay]

any1 can reupload the video?

[rejor]

Has somebody got all of things from this topic?
Please upload them again. Thanks so much!

[amye0611]

Seem to hard to unpacking GMO right. and noone consider this topic.
So sad.....where are developer.....?

[FeeHMandyson]

@mauka, please post the video tutorial..! thanks!

[huythao229]

Dear All! Reload link tutorial by mauka : http://www.mediafire.com/download/ms...p3hi/GmoTut.7z