Gunz Olly Debugger Tutorial

Utilities Needed

The Complete Package
The Complete Package
(This Contains (Olly Debugger w/ OllyDump, OllyHelper, and HideDebugger), (ImportReconstruction), (Signatures File), and (GunzRunnable [09-03-05]).)

Creating A Runnable

Step 1 - Open Olly and change your setting to the following:
http://img150.imageshack.us/img150/7...unnable9hj.jpg

Step 2 - Select Gunz.exe:
http://img249.imageshack.us/img249/4...unnable2ai.jpg

Step 3 - Let Olly find the Original Entry Point (OEP):
http://img355.imageshack.us/img355/5...unnable7xu.jpg

Step 4 - Under Plugin, choose OllyDump, and then Dump Debugged Process:
http://img137.imageshack.us/img137/5...unnable2wu.jpg

Step 5 - Uncheck Rebuild Import and Copy the Modified OEP:
http://img140.imageshack.us/img140/6...unnable6zq.jpg

Step 6 - Press Dump and Save As Dump:
http://img157.imageshack.us/img157/9...unnable5sj.jpg

Step 7 - Minimize Olly and Open ImpRec:
http://img458.imageshack.us/img458/7...unnable9ov.jpg

Step 8 - Select Gunz.exe in the drop-box:
http://img154.imageshack.us/img154/4...unnable5yj.jpg

Step 9 - In the box next to OEP, Paste the number you Copied:
http://img138.imageshack.us/img138/9...unnable8gk.jpg

Step 10 - Press IAT AutoSearch, if you get this result then move to Step 11:
http://img149.imageshack.us/img149/6...unnable8ed.jpg

Step 11 - Press Get Imports, if you get this result then move to Step 12:
http://img455.imageshack.us/img455/3...unnable3nv.jpg

Step 12 - Press Fix Dump and choose Dump:
http://img475.imageshack.us/img475/4...unnable0ak.jpg

Step 13 - If you see this result then you have made a runnable successfully:
http://img250.imageshack.us/img250/6...unnable2os.jpg

Making Your Runnable Run

Step 1 - Move Dump_ to your Gunz folder and open Olly:
http://img149.imageshack.us/img149/7...ablerun9ne.jpg

Step 2 - Select Dump_ in Olly:
http://img409.imageshack.us/img409/9...ablerun8on.jpg

Step 3 - Right-click and - Search For - All Referenced Text Strings:
http://img133.imageshack.us/img133/7...ablerun6fb.jpg

Step 4 - Right-click and - Search For Text - I_hate_hacker or I_love_MAIET:
http://img266.imageshack.us/img266/8...ablerun1wf.jpg

Step 5 - Right-click and - Follow In Disassembler:
http://img148.imageshack.us/img148/1...ablerun8dn.jpg

Step 6 - Scroll to the top of the function, click it, right-click, and Go To Local Call:
http://img403.imageshack.us/img403/3...ablerun9ey.jpg

Step 7 - NOP the CMP two lines under the CALL you arrived at:
http://img133.imageshack.us/img133/1...ablerun6vt.jpg



Name Hack

Step 1 - Right-click and Search For - All Referenced Text Strings - Search For Text - resultbackground.png:
http://img70.imageshack.us/img70/546...amehack5jx.jpg
http://img242.imageshack.us/img242/4...amehack2bz.jpg

Step 2 - Click on FONTa10_O2Wht, right-click, and Follow In Disassembler:
http://img138.imageshack.us/img138/9...amehack8ik.jpg

Step 3 - NOP the Jumps highlighted in red (they won't be highlighted for you):
http://img313.imageshack.us/img313/9...amehack1rk.jpg
http://img343.imageshack.us/img343/2...amehack7wx.jpg

Step 4 - If it looks like this then save it to your runnable and you will have Name Hack:
http://img494.imageshack.us/img494/9...amehack6il.jpg



Disable The Cuss Filter

55 8B 6C 24 0C 56 8B 74 24 0C 3B F5 74 2B 53

Step 1 - Open GunzRunnable [09-03-05], Copy the Binary, go back to Olly, press Ctrl+B, and Paste the Binary:
http://img153.imageshack.us/img153/3...sfilter2fj.jpg

Step 2 - Scroll up as many function as you need to until you see this chunk of code:
http://img272.imageshack.us/img272/5...sfilter4rh.jpg

Step 3 - NOP the JNZ highlighted in red (won't be highlighted for you):
http://img154.imageshack.us/img154/9...sfilter9mr.jpg

Step 4 - If it looks like this then save it to your runnable and you will have Disabled Cuss Filter
http://img364.imageshack.us/img364/3...sfilter3zy.jpg



No Clip

83 EC 30 53 8B 5C 24 38 8B 43 14 85 C0 56 8B

Step 1 - Copy the Binary, press Ctrl+B, and Paste it:
http://img19.imageshack.us/img19/685...1noclip9gy.jpg

Step 2 - Scroll down two functions until you come to this chunk of code:
http://img143.imageshack.us/img143/5...2noclip5lq.jpg

Step 3 - NOP the CALL at the end of the function:
http://img404.imageshack.us/img404/5...3noclip3ip.jpg

Step 4 - If it looks like this then save it to your runnable and you will have No Clip:
http://img142.imageshack.us/img142/5...4noclip3rs.jpg



No Spread

Step 1 - Right-click and Search For - All Referenced Text Strings - Search For Text - iscashitem:
http://img306.imageshack.us/img306/9...ospread4hm.jpg
http://img408.imageshack.us/img408/7...ospread3pf.jpg

Step 2 - Right-click and Follow In Disassembler:
http://img135.imageshack.us/img135/8...ospread3od.jpg

Step 3 - Scroll down until you see ASCII "ctrl_ability":
http://img270.imageshack.us/img270/9...ospread4wq.jpg

Step 4 - NOP both of the CALL's highlighted in red (won't be highlighted fo you):
http://img307.imageshack.us/img307/7...ospread2ji.jpg
http://img311.imageshack.us/img311/2...ospread5nr.jpg

Step 5 - If it looks like this save it to your runnable and you will have No Spread:
http://img132.imageshack.us/img132/3...ospread3as.jpg



God Mode

Step 1 - Right-click and Search For - All Referenced Text Strings - Search For Text - iscashitem:
http://img306.imageshack.us/img306/9...ospread4hm.jpg
http://img408.imageshack.us/img408/7...ospread3pf.jpg

Step 2 - Scroll up until you see ASCII "damage" (it should be right above it...):
http://img404.imageshack.us/img404/7...godmode1mb.jpg

Step 3 - NOP the two CALL's in the function:
http://img285.imageshack.us/img285/4...godmode8eh.jpg
http://img255.imageshack.us/img255/7...godmode6wj.jpg

Step 4 - If it looks like this save it to your runnable and you will have God Mode:
http://img345.imageshack.us/img345/7...godmode2eu.jpg