Hi all,

Erm this is my first post so let me start by saying hi

My prob is this - I tried disassembling Morpheus so I could add functionality (automatically searching for more sources, disabling ads, fix bug of missing files) using W32Dasm. Instead of proceeding to do all its processing it almost immediately came up with a disassembly containing the menu resources and not much else. It ends with the line stating the entry point. Obviously I cant do much with it.

Now I dunno if this is a common problem (but hey I'm in the newbie forum ) any help would be greatly appreciated.

AYB

Hi AllYourBase,

Welcome to the board. In order for WDasm to recognize a section as code, the Code Characteristics need to be set as Executable/Readable (60000020) or Executable/Readable/Writeable (E0000020). Look at the start of the WDasm disassembly and the Flags entry will list it, i.e.

Object01: .text RVA: 00001000 Offset: 00001000 Size: 00004000 Flags: 60000020
Object02: .data RVA: 00005000 Offset: 00005000 Size: 00001000 Flags: C0000040
..
..

It sounds like you may have a packed or otherwise protected file. If the 1st section isn't one of the executable types, try changing the Code Characteristics of it with a PE Editor (E0000020 if you want to add functionality). Missing the Import Module details as well?

Kayaker

Kayaker,

Thanx for the info. As a followup here is the object listing from the disassembly:

Number of Objects = 0005 (dec), Imagebase = 00400000h

Object01: RVA: 00001000 Offset: 00001000 Size: 00000000 Flags: C0000040
Object02: RVA: 000F1000 Offset: 00001000 Size: 00000000 Flags: C0000040
Object03: RVA: 0011E000 Offset: 00001000 Size: 00000000 Flags: C0000040
Object04: RVA: 00132000 Offset: 00001000 Size: 00113A00 Flags: C0000040
Object05: RVA: 00246000 Offset: 00114A00 Size: 00090000 Flags: C0000040

edit: yes its also missing the import details

I'm going to have a play about with a PE Editor but if there's anything you can add with this new info? Thanx a lot,

AYB

Hi AYB,

Try running a file identifier such as FileInfo or GetTyp on it, it may tell you the packer/protection used. The size info has also been suppressed. You should be able to get a disassembly on it by changing the code char. of the 1st section from C0000040 to E0000020, but it'll probably be useless anyway from all indications.

You'll likely need to dump an unpacked version of it and rebuild the Import table. You've got some fun ahead ;-)

Kayaker

Hi AllYourBase,

This is just a little guess because i don't have Morpheus
But if i'm correct Morpheus is a little "bigger" version of KaZaA right?
KaZaA was Packed with "PeX" so maybe Morpheus is too
So uhm do what Kayaker said and use a File Identifier

Cya...

CoDe_InSiDe

P.S. actually it doesn't matter with what it's Packed just Unpack it manually

Hey AllYourBase,

FileInfo says its packed with PEX 0.99b. Its not hard to unpack at all, only took me a minute and the rebuilding of the import table was easy. There were a couple of API that wouldn't resolve, (using ImpREC, I'll be a Revirgin man soon +tsehp) so I just took a shot in the dark and chose which API looked like it might fit because I don't really like to play around with unpacking.

The dump runs fine though, so maybe I was right. Lets just pretend anyway.

If you need any help unpacking or want my dump, just let me know.

Regards,
bl00dbath

Hey guys,

Thanx for the help!

However I'm new to this whole unpacking thing... do I have to do it manually? If someone could point me in the direction of some tutorials or such like I'd be most grateful (particularly pex ones )

Thanx again,

AYB

update: just unpacked it using a prog called DeX it now disassembles ok.

Hi.. I had fun unpacking, removing all ads and popups for morpheus 1.33

It also starts with google.com instead of the *useless* musiccity.com

Here a link if you want to download it:

Link removed because it pointed to a crack

It will only be there for 14 days so hurry up if you want it

If you improve it further more please let me know at
cdump50@yahoo.com