Page 2 of 3
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sat Jun 19, 2010 2:31 pm
by Nerrazzuri
I've tried few plugins but still can't/
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sat Jun 19, 2010 6:36 pm
by zile
what are u going to do after u unpack maple ==
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sat Jun 19, 2010 8:07 pm
by Chance
get a random code and find out what accesses it ?
lol , idk sia .
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 12:15 am
by zile
you can only do that when maple is running, but when maple is running, hshield also runs, so u cant use olly, unless u bypass hackshield
if u got bypass, u can find out what access with just CE, and you dont have to unpack it at all
i dont think if there are tuts out there to bypass crc with just unpacked maple..
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 12:28 am
by Nerrazzuri
zile wrote:you can only do that when maple is running, but when maple is running, hshield also runs, so u cant use olly, unless u bypass hackshield
if u got bypass, u can find out what access with just CE, and you dont have to unpack it at all
i dont think if there are tuts out there to bypass crc with just unpacked maple..
To use CE you need to fully kill Hackshield.
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 10:59 am
by Chance
[ Leeched ]
Prerequisite: Basic skill in debugging/unpacking.
Require Tools: OllyDbg (or any suitable debugger you prefer)
Optional Tools: IDA Pro & any process dumping tools (procdump/lordpe)
1. Find the actual OEP (original entry point) of ms. Don't know how or understand? Go find tutorials on unpacking.
2. Load ms to ollydbg. Set write memory breakpoint on the OEP. Resume the process. You may want to use hide debugger plugins for ollydbg so you no need to bypass the debugger checks manually.
3. The ms process will stop, resume it again & it will stop at the code where it write code at OEP to jump into the new OEP.
4. Remove memory breakpoints. Execute till return. Optionally you may want to set breakpoint on the new OEP & continue run. Nothing more than to ensure everything is unpacked.
5. Nop the following 4 lines & set bp on the code following. Resume run till it hit the bp. Remove the breakpoint & restore back the codes that we just nop (highlight & undo selection).
seg000:005E19C6********nop******mov ecx, esi
seg000:005E19C8********nop******call sub_5E20EE
seg000:005E19CD********nop******mov ecx, esi
seg000:005E19CF********nop******call near ptr dword_5E2AEF
6. Resume ms. If you are using WinXP & using hide debugger plugin, you can detach ollydbg from ms.
As for finding where to nop just trace the functions that referencing "AcGuardianEvent". Then trace back few level of calls prior to that.
I DUNNO WHAT HE TALKING @_@
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 11:11 am
by Nerrazzuri
Where you get that information?
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 11:37 am
by Chance
from Google ! hahah .
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 12:11 pm
by Nerrazzuri
Link us there, we might found something useful.
Re: [REQ]A TuT on Make A Bypass and CRC bypass
Posted: Sun Jun 20, 2010 12:22 pm
by Chance