Ok since I just got a copy of the retail today, I went to load it into IDA Pro and it dont show right. I figure its because its packed. Anyone know what it was packed with?

I am guessing it is packed with Armadillo. If I am correct, is it Armadillo v3.x or v4.x? I havent really done stuff with Armadillo before, tho I do have tuts of working on both v3 and v4 unpacking.

You try PEiD?
http://peid.has.it/

Actually I havent tried anything yet. Its just something I threw out there for right now. I didnt have any time to really do anything today. All I did today was try loading the exe into IDA Pro. I didnt get much farther then that. I was going to check PEiD out tomarrow. I have a 3 day weekend this weekend and should really dig in to it all tomarrow. Right now I am heading to bed as I got work tonight.

Edit: Ok I checked it out with PEiD before going to bed here. It says
SafeDisc 4.00.001 -> Macrovision [Overlay]

Now the thing is I heard a few other names thrown out there about it being packed. I heard Armadillo and securerom v4. So which is it? I am guessing but SafeDisc and SecureROM should be copy protections. Now PEiD dont list SecureROM or Armadillo for bf2.exe.

Another side note, using PEiD, bf1942 is listed as VC++ 7.0 Method2(debug) and bfvietnam is listed as VC++ 7.0.

You try PEiD?
http://peid.has.it/

thanx, my old version said it is armadillo(unknown?)...
thats what it says now: SafeDisc 4.00.001 -> Macrovision [Overlay]
had to be, cause in the nfo of rld it was said, sefedisc is used. but thanx to faldo for his new(old) tut against the debugger trick!
BTW i accidently copied the reail executable of the demo dir, and tried to load it with olly - > it works! :) but after loading the menu it crashes :-p

so give us the steps to decompile both the .exe and .dll using ida pro. what do we do to remove the packing or code scrambling? steps and tools would be good for all to learn here.

thanks to both of you for this discussion so far.

best,
cal

can ida be used on a program or dll to decompile it while running? also, still would like to get the steps to do this, even if it is the reloaded version.

best,
cal

use the ****** .exe/.dll instead

its alot of work to remove *******
Dont eaven GO THERE MAN! as you only have 1 post you probably did not read our rules, I sugest you do that before you post again OK!

I did some searching yesterday and I couldn't find anything relating to safedisc 4, but I did find some info on earlier versions. It looks like you do the standard procedure for dumping packed stuff, find where the packer jumps to the actual program, BP there, dump from memory, fix IAT. Of course, this could be totally wrong for this version. And I wouldn't know how exactly to do that...

well asking how to crack a cdprotection is far more worse than dling a cracked exe if you ask me..cracked exes that you can find on perfectly legit websites...

NO warez TALK Period, thats how it is, I did not write the rules but that how it is. NUFF SAID.
I think nobody here is trying to crack anything, the discussion is about how to circomvent the cd check and / or the "debugger" running from within the EXE to attach a hack thats all

talking about decompiling an exe do not go against forum rules then?

talking about decompiling an exe do not go against forum rules then?

no that not against the rules, but when it comes to cracks/warez permanent edeting of the files, then its not allowed.

Decompiling Copyrighted program's is illegal?

Ok this is getting out of hand here. The rules states as follows.

Warez including but not limited to-
No-CD Cracks
Program cracks
CD-Keys/Serials
CD-Rips/Images
Non-promotional software downloads

THIS IS MPCs RULES!!! ok
Normaly you should read them before eaven signing up at MPC!

This has nothing to do with Decompiling or what have you. THEESE ARE THE RULES.
Nuff Said.
Back to topic or I close this thread.

PS Decompiling is not mentioned once in theese rules or is it just me getting old ;)

ok. i think everyone is clear on the rules. however, i still would like to know the steps on decompiling this .exe and the .dll. p3n1 posted some of the fog code from the .dll and i was wondering how he got it. anyways, didn't mean for this to get into bad waters here, just want to be able to unpack and decompile and so i am looking for tools and steps to do this for these specific two files. not trying to do warez or anything, i bought the game. i think cox knows this-

xollox did some preliminary work on this, but apparently doesn't know for sure and also i am looking for "cookbook" type directions and answers where you say "open file in tool, select this, wait for this to happen, then save, move file to tool 2, decompile," etc,.

best,
cal

What this thread is about, is unpacking the exe so we can analize it in IDA Pro, not to get around any kind of Copy Protection. Granted it is the Copy Protection that is stopping IDA Pro in the first place, but this is not about bypassing the copy protection for warez means, but for analizing the code means. There is a big difference here.

Caliber, the dll is not packed. You can load the dll into IDA Pro no problem. Its only the retails exe that is packed. On a side note tho, the demos exe is not packed so you can load retails dll and demos exe to get a nice handle on most of the code. Still there were changes from the demos exe to retails and I would like to find out the code in the retail.

I am too looking for a tut on how to unpack it, but the first step was to make sure I was tryying to unpack the right thing. This is why I started this thread, to find out exactly what was used so I could search for a tut on how to unpack it.

so is it okay to post simple pointers how to unpack safedisc?
mods?

yes. As long as you do not post any cracked exes from it.