- Joined
- Jan 9, 2008
- Messages
- 818
- Reaction score
- 847
Suspend the process using an application like Process Hacker, then open up an undetected olly, attach to process, and use OllyDump to dump process. The imports will be fucked up, but you can read the binary fine.how can i make a memory dumps? i tried with soft then it show me something like "access denied" or "cannot postpone this process" ....
Btw to clarify the v40b one, it has an extreme amount of names for developers who want to do that version.
Also, v147.1 .idb is added.
Here is my GMS v138.1 .idb. :You must be registered to see links
Already named some important addresses
Anyone know how to show up all named addresses in IDA? What's the shortcut key to do it?
Does there exist one for v62 that someone would be willing to share?
So how do I convert these given functions to opcodes?
For example, trying to find things like
'LOGIN_PASSWORD'
'CLIENT_START'
etc.
I have my v28 odin source practically ready, I just need to change the opcodes that v55 uses to be able to log in.
if ( header == 1 )
return CLogin::OnCheckPasswordResult(a2, v6, a3, a4, a6);
look in the v28 idb.... it's a login opcode your non gms name "LOGIN_PASSWORD",. Now I know it's 0x01 in v28 cuz i know.
In CLogin::OnPacket you can clearly see
PHP:if ( header == 1 ) return CLogin::OnCheckPasswordResult(a2, v6, a3, a4, a6);
your "LOGIN_PASSWORD" for v28 is 0x01. The name up there is a gms name.
what can i use the dll inside?You must be registered to see links
A couple of unpacked and memdumped EXE's + DLLs:
CMS: 111
EMS: 90, 95
GMS: 123, 125, 127, 132, 134, 137, 140 - 142, 146
TWMS: 166