YouPanic (08-13-2010)
Can some one help me with unpacking cshell.dll?
Befor the patch I could find with what cshell.dll was packt.
Now I can't
Can some one help me to find what software cshell is packt with?
I tryed
RDG
PEID
exeinfo pe
Found:
Themida v2.0.1.0 - v2.1.2.0 (or newer) + Hide PE Scanner Option
Last edited by lauwy; 08-12-2010 at 12:17 AM.
YouPanic (08-13-2010)
isn't that execyptor thingy?
YouPanic (08-13-2010)
you dont need a unpacker, you need make a software that load the libray CShell.dll and then attach this with Ollydbg...
lauwy (08-13-2010),UltraPGNoob (08-13-2010),YouPanic (08-13-2010),[Banned]mark0108 (08-29-2010)
I have loaded cshell.dll.
You can see in the memory that cshell is there.
But how can I dump cshell to a file? becouse I can't select whole cshell
Need some help to get back on track
Find the pointer to the D3D9 Device (Not usefull for Cross)
https://www.mpgh.net/forum/242-crossf...ice-lauwy.html
Fix olly if scanning doesn't work
https://www.mpgh.net/forum/242-crossf...ing-fails.html
Unpack cshell.dll
https://www.mpgh.net/forum/242-crossf...shell-dll.html
YouPanic (08-13-2010)
Damn looks so complicated lawl.
YouPanic (08-13-2010)
If you open the PE Header, then you see the MZ, but the code after it is so small :S
That can't be good
Need some help to get back on track
Find the pointer to the D3D9 Device (Not usefull for Cross)
https://www.mpgh.net/forum/242-crossf...ice-lauwy.html
Fix olly if scanning doesn't work
https://www.mpgh.net/forum/242-crossf...ing-fails.html
Unpack cshell.dll
https://www.mpgh.net/forum/242-crossf...shell-dll.html
YouPanic (08-13-2010)
You can right click on CShell .text and then dump it into a .mem file but i dont know what to do next.
YouPanic (08-13-2010)
Then the file is 256 KB. That can't be good
Need some help to get back on track
Find the pointer to the D3D9 Device (Not usefull for Cross)
https://www.mpgh.net/forum/242-crossf...ice-lauwy.html
Fix olly if scanning doesn't work
https://www.mpgh.net/forum/242-crossf...ing-fails.html
Unpack cshell.dll
https://www.mpgh.net/forum/242-crossf...shell-dll.html
YouPanic (08-13-2010)
Use that plugins when dumping CShell.dll
VirusTotal - Free Online Virus, Malware and URL Scanner
PEDumper.dll - MD5 : 9acfc9885dab96807593284967ae5e61 - VirSCAN.org 0% Scanner(s) (0/36) found malware!
--------------------------------------------------------------------
P.S.: I already unpacked CShell.
Last edited by UltraPGNoob; 08-13-2010 at 12:57 AM.
Thanks
I dumpt it,
but I still have the protection error :S
Need some help to get back on track
Find the pointer to the D3D9 Device (Not usefull for Cross)
https://www.mpgh.net/forum/242-crossf...ice-lauwy.html
Fix olly if scanning doesn't work
https://www.mpgh.net/forum/242-crossf...ing-fails.html
Unpack cshell.dll
https://www.mpgh.net/forum/242-crossf...shell-dll.html
YouPanic (08-13-2010)
I released the CShell unpacked after patch if you want it.
YouPanic (08-13-2010)
I make a video how I did it.
Maby I do somting wrong :P
Need some help to get back on track
Find the pointer to the D3D9 Device (Not usefull for Cross)
https://www.mpgh.net/forum/242-crossf...ice-lauwy.html
Fix olly if scanning doesn't work
https://www.mpgh.net/forum/242-crossf...ing-fails.html
Unpack cshell.dll
https://www.mpgh.net/forum/242-crossf...shell-dll.html
YouPanic (08-13-2010)
If you need some help with unpacking cshell ask me via pm
YouPanic (08-13-2010)
You can ask Blood about this, he's really pro at it.
@UltraPGNoob, no outside link :/
YouPanic (08-13-2010)
@hahaz sry. i replaced the link by an uploaded file.
Last edited by UltraPGNoob; 08-13-2010 at 12:57 AM.
YouPanic (08-13-2010)