We are going to unpack cshell.dll
First of al we need to load cshell.dll in to an other proces.
We do this becouse the we don't need to unpack it manualy, and this is an easy way.
So we need to make a script that loads cshell.dll we can do that easy with c++:
Code:
#include "windows.h"
#include <iostream>
int main()
{
DWORD err;
HINSTANCE hDLL = LoadLibrary("CShell.dll"); // Handle to DLL
if(hDLL != NULL) {
printf("Library has been loaded\n");
}
else {
err = GetLastError();
printf("Couldn't load dll\n");
}
system("pause");
return 0;
}
Complire and put it in your crossfire map.
Add OllyDbg PE Dumper to Ollydbg (Or download ollydbg below (in the file.rar))
Open the script.
If you see that it is loaded open ollydbg.
Klik on file, attach. Go to the procces from the program you made.
Go to plugin and click on Olly PE Dumper, make a Dump of proces.
In the drop down menu click on cshell.
Click on Dump.
Save it as a .dll
Close your program to load cshell.dll
open the .dll you dumpt. And that is your unpackt dll
If you don't know how to do this, watch the video. (online in a few minits)
For ollydbg + PE Dumper
And loadlibarary script: