Unpack CShell.DLL and finding Addyes

**SteamAss** · 05-22-2011

We are going to unpack cshell.dll

First of al we need to load cshell.dll in to an other proces.
We do this becouse the we don't need to unpack it manualy, and this is an easy way.

So we need to make a script that loads cshell.dll we can do that easy with c++:

Code:

#include "windows.h"
#include <iostream>

int main()
{
	DWORD err;
	HINSTANCE hDLL = LoadLibrary("CShell.dll");               // Handle to DLL
	if(hDLL != NULL) {
		printf("Library has been loaded\n");
        }
	else 	{
        err = GetLastError();
		printf("Couldn't load dll\n");
	}
	system("pause");
	return 0;
}

Complire and put it in your crossfire map.

Add OllyDbg PE Dumper to Ollydbg (Or download ollydbg below (in the file.rar))

Open the script.
If you see that it is loaded open ollydbg.

Klik on file, attach. Go to the procces from the program you made.

Go to plugin and click on Olly PE Dumper, make a Dump of proces.

In the drop down menu click on cshell.
Click on Dump.

Save it as a .dll
Close your program to load cshell.dll
open the .dll you dumpt. And that is your unpackt dll

If you don't know how to do this, watch the video.

How to Get The "Plugins" Tab in OllyDbg:
Go to Options> Appereance.
Then in the Directories Tab Select in the 1st box the /.../.../OllyDbg/UDD and in the Second box
put the OllyDbg Folder

Video:

Lawly:

Mine:

(Watch in HD please)

VirusScanns: (Not necessary but...) -.-
[x]
[x]

All False Positive...

Credits:
- (for all other)
-Me (for second video)

I did this video.. casue lots of ppl are asking now... and the lawlys tut was quite old so I made a video showing well and with 1 Addy so Have Fun. Press Thanks

**Arii** · 05-22-2011

1st post i guess works let me try and go us some more source code

**[MPGH]Ghost** · 05-22-2011

Approved .

**SteamAss** · 05-22-2011

Thanks @Gayrab

**GForce-Cody** · 05-22-2011

@Gayrab it was a repost -.-

**SteamAss** · 05-22-2011

I know Cody but so many ppl saying and they no using Search.... so I jsut post it and made a video... then I added somehting to thread... =D

**NoJustice** · 05-22-2011

Do you really understand the concepts you're teaching? Or are you just taking a previous post and making it mainstream with a video. You can't teach if you don't know the material yourself.

Just saying.

**SteamAss** · 05-22-2011

lol @headshotz22 ur not only one that knows how...

**Arii** · 05-22-2011

i thanked u because it works going to do my own

**NoJustice** · 05-22-2011

Originally Posted by Doctor

lol @headshotz22 ur not only one that knows how...

I never said anything that you just said. I asked you if you really knew the concepts enough to teach? You seem to be asking me a lot on msn on how to do it.

**Arthur Ace** · 05-22-2011

@Doctor
Dude, I needed like 5 more steps to get addy but I couldnt cuz the oddy doesnt have "Plugin" how does urs have plugin?

Edit: Gives this erro when opening program