First, happy new years to everyone, second, my nick sucks, i know.

Ok, simple question: I want to train/modify a game but when i open it with olydbg, it said that it might be compress or encrypted and all i see is mostly "db (some number)" so i can't work like that. Also, in cheat engine, the process show twice in the process list (wierd, i just start-it once). Probally some kind of embeded thing wrapper drm sh@# .

so what i would need to know is how if there is tools that uncompress or can extract from memory the uncompressed content of a executable files or a at least, be able to work with a compressed/encrypted file with a debugger such as oly.


Thanx in advance.

Olly is a debugger, and most protected wrapped executables will notice it running and either give your debugger a hard time by crashing the game or give you scrambled assembly.

I know its nice for breakpoints etc and tracing, but ideally you would need an unwrapped executable or somehow remote debug it.

Still Cheat Engine has a handy debugger of sorts, not good like olly but at least you can get somewhere with it.

thank you for you answer. :) I will look around about unwrapping and remote debugging.

But one more thing: When the code data is in memory then, it not compressed or encrypted but it is the prog itselft that detect a debugger and screws-up everything so it can't be read, right? . If then someone can find what call that function and "nop" the call for example... anyway.. just some thought a have about all this.

code runs-> hits entrypoint
code is then decrypted/decompressed
import table probably then 'filled'
normal code is then executed

thats the normal steps the system takes when the exe is packed/compressed/crypted

you're sort of asking for a generic method, and there isn't one, while packers and cryptors follow a common 'theme', their methods can be vastly different, and debugger detection (and getting around it) relies entirely on your own skill level... try using some anti-anti debug plugins to avoid detection, or spend some time, trace the code and see how its detecting your debugger... there are no quick, short answers sadly

thanx for replying so fast :) . i though so that it wouldn't be that easy but i will keep trying and i appreciated all the info i got here since; it helped me a lot.

Try some regular unwrappers, most of the games nowadays use standard tools to protect from copying\modifying code.