Hey guys, I think I have a little problem... I tried to dump CShell using Loadlibrary and Olly (like I did every time) and I got "Access violation when reading [00000128]"
I never had this problem before, I really want to dump this sh**
The dump is wrong with weird strings etc...
There is a new protection, or someting like this ?
I'm lost and some help will be kind
I'm using Windows 10 64 bits, OllyDbg 1.10 32 bits, trying to dump CShell of CrossFire ARX.
Thanks,
SKYNET
SKYNETGIGN (05-17-2016)
try to dump it from crossfire.dat ? use lordpe
SKYNETGIGN (05-17-2016)
Or just use the one loaded into memory by your loadlib
SKYNETGIGN (05-17-2016)
Hey,
I tried PETools and same problem, I don't know why
Loaded CShell in Loadlib, did a Full Dump in PETools and the dump was wrong...(same as OllyDbg)
Maybe try to dump CShell while CrossFire is started (with PETools) ?
- - - Updated - - -
I hope that CShell is completly loaded into Loadlib... I don't know why it's not working anymore :/
- - - Updated - - -
OMG !! I finally found how to dump that sh** !
I downloaded a plugin for OllyDbg 1.10, and I activated "x64 Compatibility-mode" and now it's working
Simply loaded CShell in Loadlib and dumped with Olly...
Thanks for your help guys
Happy hacking
//Close Request