OldSchoolHack

Register / Login English

Overwatch Dump Fix


icon Overwatch Dump Fix #1

Join Date: Aug 2007

Posts: 1957

Kategorie: Other FPS Games
Entwickler: changeofpace

Beschreibung:
Summary:

This x64dbg plugin removes anti-dumping and obfuscation techniques from Overwatch.exe to make the game able to be dumped using Scylla.

How to use:

x64dbg
  1. Attach x64dbg to Overwatch.exe then execute the OverwatchDumpFix command.
  2. Open Scylla, select Overwatch.exe in the "attach to an active process" drop-down list.
  3. Click "IAT Autosearch".
  4. Click "Get Imports".
  5. Click "Dump" and save the file as an .exe.
  6. Click "Fix Dump" and select the dump file (adjust the type filter).
  7. The Scylla output view should say "Import Rebuild success [FILE PATH]".
  8. Click "PE Rebuild" and select the fixed dump file.

IDA Pro
  1. Open the dump file in IDA. Check the "Manual Load" box. Click "OK" / "Yes" for every prompt.
  2. Run the "Universal Unpacker Manual Reconstruct" plugin for the IAT to set imports to the correct color.
  3. Happy reversing


Source:

Only registered and activated users can see links.



Download:
Overwatch Dump Fix

icon #2

Join Date: Aug 2007

Posts: 8643

User-Rating:

199 positive
33 negative
Kategorie: Other FPS Games
Entwickler: changeofpace

Beschreibung:
Release v2.1
  • Simplified FixOverwatch() by only remapping the views representing .text and .rdata instead of every view.
  • Added verbose logging option.


Summary:

This x64dbg plugin removes anti-dumping and obfuscation techniques from Overwatch.exe to make the game able to be dumped using Scylla.

Syntax:

TEXT Code:
  1. OverwatchDumpFix [verbose]

Invoking the command with an argument that evaluates to true, e.g. 1, will enable verbose output.

How to use:
x64dbg
  1. Attach x64dbg to Overwatch.exe then execute the OverwatchDumpFix command.
  2. Open Scylla in x64dbg's "Plugins" menu then select Overwatch.exe in the "Attach to an active process" drop-down list.
  3. Click "IAT Autosearch".
  4. Click "Get Imports".
  5. Click "Dump" to create a dump file.
  6. Click "Fix Dump" and select the dump file from (5) to reconstruct imports.
  7. The Scylla output view should say "Import Rebuild success [FILE PATH]".
  8. Click "PE Rebuild" and select the fixed dump file.

IDA Pro
  1. Open the dump file in IDA. Check the "Manual load" and "Load resources" (optional) boxes. Click "OK" / "Yes" for every prompt.
  2. Run the "Universal Unpacker Manual Reconstruct" plugin for the IAT to set imports to the correct color.
  3. Happy reversing


Source: Only registered and activated users can see links.



Download:
Overwatch Dump Fix

__________________

Hallo