Breaking the world, one application at a time
Thanks to my reader Max I have fixed another bug in the Molebox unpacker.
I hope you find this unpacker useful. But if it doesn't work for you, please send me an error report with all the details you can and I'll try to fix it. Have fun!
Thanks to my readers I have fixed few more bugs in the Molebox unpacker.
I hope you find this unpacker useful. But if it doesn't work for you, please send me an error report with all the details you can and I'll try to fix it. Have fun!
During last year, the most common complaint on this blog was "your Molebox unpacker cannot unpack this crazy big EXE of MMORPG game X, Y or Z."
Sounds like an easy problem to fix, right? Well, that's not true - but I finally did it!
TL;DR:
In the rest of the post I'll describe the obstacles I had to overcome while solving this seemingly simple problem.
First, unpacker is written using classic (non-.NET) Delphi and compiled as x86 executable. And standard Delphi streams are retarded. TMemoryStream uses GetMem - which ends up somewhere in Delphi memory manager and VirtualAlloc. That doesn't work well with 800+MB files.
I ended up with implementing custom stream backed by temporary file (CreateFile with FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE).
Since the original unpacker was using TMemoryStream, the whole file was loaded in memory as a continuous memory block and I could easily read/write each byte of file using pointers. Something like this:
function Decode_Stage2(p: pdword; size: dword; key: dword): dword;
var
d: dword;
begin
result := 0;
d := 0;
while d < size do begin
key := key * $19660D + $3C6EF35F;
p^ := p^ xor key;
inc(p);
inc(d, 4);
end;
end;
...
Decode_Stage2(pointer(dword(f.fImage.Memory) + f.RVAToOffset(startAddress - f.NtHeader.OptionalHeader.ImageBase)), endAddress - startAddress, decryptionKey);
Guess what? Files don't work that way.. 🙁 I had to do a full and complete rewrite of all those methods.
Original unpacker was compiled with Delphi 3. Delphi 3 didn't have Zlib library, so you had to supply your own Zlib implementation. But it won't compile with new versions of Delphi, giving error message
Unit Graphutil was compiled with a different version of zlib.TZDecompressionStream.
The solution was to get rid of my Zlib implementation and rewrite all methods that deal with decompression.
In Delphi 3 all strings were ANSI. Starting from Delphi 20072009, strings are Unicode. Since Molebox internally uses ANSI, it required changing quite a few structure definitions and rewriting several string manipulation routines. It's a lot of fun (and source of the most obscure bugs), trust me!
I hope you find this unpacker useful. But if it doesn't work for you, please send me an error report with all the details you can and I'll try to fix it. Have fun!
MoleBox 2 was released in year 2003 and it was one of the first file virtualization solutions in the market. It bundled executable with the DLL and data files into a single EXE file. At that time that was something new and innovative.
They had quite a success and released another product (MoleBox Ultra, later renamed to MoleBox Virtualization Solution) in year 2009. Apparently it was very hard to fight in the increasingly more competitive market of application virtualization solutions and the last version of MoleBox Virtualization Solution was released in 2013.
In February 2016 domain molebox.com was sold for $1526. Yesterday their web server started serving generic WordPress page with dating-related spam. And that is just sad. 🙁
However, both editions of MoleBox are still very popular with private game server owners, as they allow to bundle patched EXE files together with their custom data files. It's not a bullet-proof security but stops newbies from stealing their valuable data.
Since the MoleBox company is officially out of business now, I have no more reasons to keep my static Molebox unpacker private. It supports most versions of MoleBox 2.x including the external box files.
Have fun guys!
Download link: see October update to Molebox unpacker for an updated version.
P.S. This post was made just because I noticed changes in MoleBox web, I wasn't planning to release the unpacker today. So, please keep in mind this code was written in year 2009 and has had only one small fix applied in 2015. It's likely that you'll encounter some bugs and quirks - please send me the problematic file and I'll fix the bug. 🙂
P.P.S. I have static unpacker for MoleBox Virtualization Solution as well. But it doesn't have a nice UI yet, so it will be released on a later day.