Reverse Engineering Games
Reverse Engineering Games
Hi guys,
I am googling around and around and find some pretty usefull info on how to crack stuff like permissions and stuff in programms..
now i want to take it to the next step..
I would like to be able to crack games and stuff but the question is how would I begin and what if i want to crack like MW2 or anything or BlackOPS..
Im not asking for tuts or anything since i can google like a pro I just need some pointers in the right direction..
thanks in advance
greetings
I am googling around and around and find some pretty usefull info on how to crack stuff like permissions and stuff in programms..
now i want to take it to the next step..
I would like to be able to crack games and stuff but the question is how would I begin and what if i want to crack like MW2 or anything or BlackOPS..
Im not asking for tuts or anything since i can google like a pro I just need some pointers in the right direction..
thanks in advance
greetings
Originally Posted by whit
Originally Posted by aanthonyz
I am currently on Lesson 2. Lol. I started a week ago.
It is actually making sense to me too. Its not just something that I will remember for a bit then forget.
Originally Posted by aanthonyz
It is actually making sense to me too. Its not just something that I will remember for a bit then forget.
I just cant get that damn ollydbg.ini file to work for me...
Originally Posted by aanthonyz
I am currently on Lesson 2. Lol. I started a week ago.
Originally Posted by why06
Just finished 37.
Originally Posted by whit
How long did it take you to get that far ?
At the point I'm at now, I can dump, rebuild Imports, and find OEP of quite a lot of packers, but I need more experience in protectors, which is why this last tut threw me for a loop.
Also just as a note. Watch out for Shimming in some of the Dumping tutorials. If you come across shimeng.dll, that's not some packer detouring library, that's Windows Application Compatibility Framework kicking in. Took me a while to figure that out.
Originally Posted by why06
About a year, but I quit at the 5th tutorial, because it quickly got over my head, then I came back to it about 3-5 months ago and have been consistently working on 2-3 per week. Once you get past ten its easy to keep going. Ofcourse where I'm at now, its really hard, but most of the stuff I know, now it seems like its a lot more about researching on your own to crack stuff. #36 was relatively easy, but this last one, #37, daum, a combination packer protector, with a false signature. It would take too much time to do on my own so I kinda skipped doing it on my own, due to technical problems, with the way older code performs in a different environment and just tried to pay close attention to the tutorial, I still learned some thing so that's good.
At the point I'm at now, I can dump, rebuild Imports, and find OEP of quite a lot of packers, but I need more experience in protectors, which is why this last tut threw me for a loop.
Also just as a note. Watch out for Shimming in some of the Dumping tutorials. If you come across shimeng.dll, that's not some packer detouring library, that's Windows Application Compatibility Framework kicking in. Took me a while to figure that out.
inc
....
xor/add/inc/xchge/sub/etc
....
any conditional jump (jna, jne, ja, je, etc. etc)
The nice thing about olly's trace is that olly logs the address and the number of times the instruction is ran. Also if the decryption routine is improperly obfuscated, olly can show you the loops in the trace results.
Just a tip, I found that using olly's trace was very useful for finding decryption stubs. However I've never dealt with packers before, I assume they are encrypted and obfuscated. I learned decrypting from virus analysis.
@mesoldierboy
Just as the rest in this thread, I also recommend Lenas tutorials. I haven't finished them all. But they are good.
Not packers, protectors.
I haven't used trace much, though I hear that's very popular now. It eats up a lot of memory too, not that it particularly matters, in modern computers, but I usually find decryption stubs simply by HWBP the OEP, and find the OEP by setting a HWBP on esp, then tracking when its accesed, or either counting exceptions triggered by the packer and setting a BP on the main module. There's a lot of other ways too, the packer specific ones I forget, but the more general concepts I remember, but in any case I wasn't talking about packers, as I said I have no problem with those. Not even with inlining packers with self-extracting, self-modifying, polymorphic code. As I said, my trouble is protectors, whoms primary purpose is not to encrypt code, but protect it from debugging and dumping.
There is a difference between the two, that's my point. This is why I say these tuts will teach unpacking very well, but not unprotecting code nearly as much. my advice is whenever you come across protector code take a good bit of extra time to understand it. Especially breakpoint detection, Lena will say higher up in tutorials to remove breakpoints to prevent detection. I say keep them there for a bit and find out what exactly is detecting them.
I haven't used trace much, though I hear that's very popular now. It eats up a lot of memory too, not that it particularly matters, in modern computers, but I usually find decryption stubs simply by HWBP the OEP, and find the OEP by setting a HWBP on esp, then tracking when its accesed, or either counting exceptions triggered by the packer and setting a BP on the main module. There's a lot of other ways too, the packer specific ones I forget, but the more general concepts I remember, but in any case I wasn't talking about packers, as I said I have no problem with those. Not even with inlining packers with self-extracting, self-modifying, polymorphic code. As I said, my trouble is protectors, whoms primary purpose is not to encrypt code, but protect it from debugging and dumping.
There is a difference between the two, that's my point. This is why I say these tuts will teach unpacking very well, but not unprotecting code nearly as much. my advice is whenever you come across protector code take a good bit of extra time to understand it. Especially breakpoint detection, Lena will say higher up in tutorials to remove breakpoints to prevent detection. I say keep them there for a bit and find out what exactly is detecting them.
thanks for the info guys! I will do it
PS when i download files NOD32 Pops up says its a virus..LOL?
PS when i download files NOD32 Pops up says its a virus..LOL?
INFORMATION OVERLOAD
-picks up gun and commits suicide with a taco-
-picks up gun and commits suicide with a taco-
Originally Posted by aanthonyz
INFORMATION OVERLOAD
-picks up gun and commits suicide with a taco-
-picks up gun and commits suicide with a taco-