compress or encrypted exe files.

[pikachu5501]

First, happy new years to everyone, second, my nick sucks, i know.

Ok, simple question: I want to train/modify a game but when i open it with olydbg, it said that it might be compress or encrypted and all i see is mostly "db (some number)" so i can't work like that. Also, in cheat engine, the process show twice in the process list (wierd, i just start-it once). Probally some kind of embeded thing wrapper drm sh@# .

so what i would need to know is how if there is tools that uncompress or can extract from memory the uncompressed content of a executable files or a at least, be able to work with a compressed/encrypted file with a debugger such as oly.


Thanx in advance.

[DABhand]

Olly is a debugger, and most protected wrapped executables will notice it running and either give your debugger a hard time by crashing the game or give you scrambled assembly.

I know its nice for breakpoints etc and tracing, but ideally you would need an unwrapped executable or somehow remote debug it.

Still Cheat Engine has a handy debugger of sorts, not good like olly but at least you can get somewhere with it.

[pikachu5501]

thank you for you answer. I will look around about unwrapping and remote debugging.

[pikachu5501]

But one more thing: When the code data is in memory then, it not compressed or encrypted but it is the prog itselft that detect a debugger and screws-up everything so it can't be read, right? . If then someone can find what call that function and "nop" the call for example... anyway.. just some thought a have about all this.

[TippeX]

code runs-> hits entrypoint
code is then decrypted/decompressed
import table probably then 'filled'
normal code is then executed

thats the normal steps the system takes when the exe is packed/compressed/crypted

you're sort of asking for a generic method, and there isn't one, while packers and cryptors follow a common 'theme', their methods can be vastly different, and debugger detection (and getting around it) relies entirely on your own skill level... try using some anti-anti debug plugins to avoid detection, or spend some time, trace the code and see how its detecting your debugger... there are no quick, short answers sadly

[pikachu5501]

thanx for replying so fast . i though so that it wouldn't be that easy but i will keep trying and i appreciated all the info i got here since; it helped me a lot.

[Alchemist256]

Try some regular unwrappers, most of the games nowadays use standard tools to protect from copying\modifying code.