[RIP] Error while reading CShell | Can't dump with OllyDbg

[SKYNETGIGN]

Hey guys, I think I have a little problem... I tried to dump CShell using Loadlibrary and Olly (like I did every time) and I got "Access violation when reading [00000128]"
I never had this problem before, I really want to dump this sh**
The dump is wrong with weird strings etc...
There is a new protection, or someting like this ?
I'm lost and some help will be kind


I'm using Windows 10 64 bits, OllyDbg 1.10 32 bits, trying to dump CShell of CrossFire ARX.


Thanks,

SKYNET

[dreek1]

Hey guys, I think I have a little problem... I tried to dump CShell using Loadlibrary and Olly (like I did every time) and I got "Access violation when reading [00000128]"
I never had this problem before, I really want to dump this sh**
The dump is wrong with weird strings etc...
There is a new protection, or someting like this ?
I'm lost and some help will be kind


I'm using Windows 10 64 bits, OllyDbg 1.10 32 bits, trying to dump CShell of CrossFire ARX.


Thanks,

SKYNET

try using PETools

[thanhhan31]

try to dump it from crossfire.dat ? use lordpe

[Biesi]

Or just use the one loaded into memory by your loadlib

[SKYNETGIGN]

try using PETools

Hey,

I tried PETools and same problem, I don't know why

Loaded CShell in Loadlib, did a Full Dump in PETools and the dump was wrong...(same as OllyDbg)
Maybe try to dump CShell while CrossFire is started (with PETools) ?

- - - Updated - - -

Or just use the one loaded into memory by your loadlib

I hope that CShell is completly loaded into Loadlib... I don't know why it's not working anymore :/

- - - Updated - - -

OMG !! I finally found how to dump that sh** !

I downloaded a plugin for OllyDbg 1.10, and I activated "x64 Compatibility-mode" and now it's working
Simply loaded CShell in Loadlib and dumped with Olly...

Thanks for your help guys
Happy hacking

//Close Request