Helgame.exe OEP

[jingjangjoe]

Hi anyone knows what is the OEP of helgame 3.62?
if read few tutorials on unpacking ASprotect but i just cant seem to find the OEP. Kinda blur...

Any help would be great

[choketokill]

thats becuase its not packed with that any more thay used Armadillo

[KLKS]

i wish i could bitch slap choketokill for being such a dumbass. hb still uses aspr but its a new strain

i looked into the client with a few friends and found it uses multiple SEH tricks to do stuff, and to find the OEP is easy, for all u non technical ppl, u can stop reading and continue with other shit

get one hb client (3.51 pref) and see its OEP, now loadup 3.62 and go trough aspr, pass the stolen bytes, and when u reach ingame, dump the executable, load the dumped executable up in IDA and load 3.51 in IDA, now u gotta remember where ingame ASPR resumed the code so u can do a code compre, simentech dont change their base code so the initial startup code will be the same, now look for a sequence of code in the function (dumped code) and look for the same in 3.51, from there slowly backtrace till u find OEP, when u find it, it wont be 00's like aspr usually does, it will be filled with some messed up code.

good luck

[jingjangjoe]

hahah thanks dude...ill give it a wack =)

[jingjangjoe]

i checked out helgame.exe V 3.51
correct me if im wrong..is the oep for 3.51 = 004A88D7 ?

[powermage]

noour not wrong if i am correct

[KLKS]

the helgame i have (3.51 has an OEP of 4A8947

[powermage]

my OEP is 004A88D7

[jingjangjoe]

I Tried rebuilding it in IMprec....it says that OEP does not match Memory..

[powermage]

LOL
same here.... anyone know how to matcn it properly??

[jelly1]

u need to search iat manually

[jingjangjoe]

so we put iat value instead of OEP value at imprec?

[powermage]

i tried that

[jelly1]

u need to put oep, iat address and size, all searched manually.

[powermage]

lol no wonder la