OldSchoolHack

Register / Login English
deutschDeutsch
englishEnglish
New Posts Advanced Search

Overwatch Dump Fix

icon Thread: [Release] Overwatch Dump Fix

Join Date: Aug 2007

Posts: 8643

User-Rating:

199 positive
33 negative
 Kategorie: Other FPS Games
Entwickler: changeofpace

Beschreibung:
Release v2.1
  • Simplified FixOverwatch() by only remapping the views representing .text and .rdata instead of every view.
  • Added verbose logging option.


Summary:

This x64dbg plugin removes anti-dumping and obfuscation techniques from Overwatch.exe to make the game able to be dumped using Scylla.

Syntax:

TEXT Code:
  1. OverwatchDumpFix [verbose]

Invoking the command with an argument that evaluates to true, e.g. 1, will enable verbose output.

How to use:
x64dbg
  1. Attach x64dbg to Overwatch.exe then execute the OverwatchDumpFix command.
  2. Open Scylla in x64dbg's "Plugins" menu then select Overwatch.exe in the "Attach to an active process" drop-down list.
  3. Click "IAT Autosearch".
  4. Click "Get Imports".
  5. Click "Dump" to create a dump file.
  6. Click "Fix Dump" and select the dump file from (5) to reconstruct imports.
  7. The Scylla output view should say "Import Rebuild success [FILE PATH]".
  8. Click "PE Rebuild" and select the fixed dump file.

IDA Pro
  1. Open the dump file in IDA. Check the "Manual load" and "Load resources" (optional) boxes. Click "OK" / "Yes" for every prompt.
  2. Run the "Universal Unpacker Manual Reconstruct" plugin for the IAT to set imports to the correct color.
  3. Happy reversing


Source: Only registered and activated users can see links.



Download:
Overwatch Dump Fix

__________________

Hallo
KN4CK3R is offline