During last year, the most common complaint on this blog was "your Molebox unpacker cannot unpack this crazy big EXE of MMORPG game X, Y or Z."
Sounds like an easy problem to fix, right? Well, that's not true - but I finally did it!
TL;DR:
In the rest of the post I'll describe the obstacles I had to overcome while solving this seemingly simple problem.
Delphi TMemoryStream limitation
First, unpacker is written using classic (non-.NET) Delphi and compiled as x86 executable. And standard Delphi streams are retarded. TMemoryStream uses GetMem - which ends up somewhere in Delphi memory manager and VirtualAlloc. That doesn't work well with 800+MB files.
I ended up with implementing custom stream backed by temporary file (CreateFile with FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE).
Pointer magic
Since the original unpacker was using TMemoryStream, the whole file was loaded in memory as a continuous memory block and I could easily read/write each byte of file using pointers. Something like this:
function Decode_Stage2(p: pdword; size: dword; key: dword): dword;
var
d: dword;
begin
result := 0;
d := 0;
while d < size do begin
key := key * $19660D + $3C6EF35F;
p^ := p^ xor key;
inc(p);
inc(d, 4);
end;
end;
...
Decode_Stage2(pointer(dword(f.fImage.Memory) + f.RVAToOffset(startAddress - f.NtHeader.OptionalHeader.ImageBase)), endAddress - startAddress, decryptionKey);
Guess what? Files don't work that way.. 🙁 I had to do a full and complete rewrite of all those methods.
Zlib conflicts
Original unpacker was compiled with Delphi 3. Delphi 3 didn't have Zlib library, so you had to supply your own Zlib implementation. But it won't compile with new versions of Delphi, giving error message
Unit Graphutil was compiled with a different version of zlib.TZDecompressionStream.
The solution was to get rid of my Zlib implementation and rewrite all methods that deal with decompression.
ANSI strings
In Delphi 3 all strings were ANSI. Starting from Delphi 20072009, strings are Unicode. Since Molebox internally uses ANSI, it required changing quite a few structure definitions and rewriting several string manipulation routines. It's a lot of fun (and source of the most obscure bugs), trust me!
Conclusion
I hope you find this unpacker useful. But if it doesn't work for you, please send me an error report with all the details you can and I'll try to fix it. Have fun!
hello!
this unpacker helps me alot! however, i find that it can't process Japanese and chinese character correctly. it just put out some meaningless lines in logs, and the file name was replaced by underlines("____.jpg",etc.). because of this, some files was overwritten and missing, can you fix this?
here are part of logs:
[i] Extracting Graphics\Maps\Mazes\570_ÎåÖØÊÔÁ¶ËÀÍöÂÝÐý.png
[i] Extracting Graphics\Maps\Mazes\571_ÁùÖØÊÔÁ¶±±·ç±ùÔ.png
[i] Extracting Graphics\Maps\Mazes\572_ÁùÖØÊÔÁ¶±±·ç±ùÔ.png
[i] Extracting Graphics\Maps\Mazes\573_ÁùÖØÊÔÁ¶±±·ç±ùÔ.png
[i] Extracting Graphics\Maps\Mazes\574_ÆßÖØÊÔÁ¶Ä§»ÃÉÁÖ.png
[i] Extracting Graphics\Maps\Mazes\575_ÆßÖØÊÔÁ¶Ä§»ÃÉÁÖ.png
[i] Extracting Graphics\Maps\Mazes\576_°ËÖØÊÔÁ¶¹âÖ®½×ÌÝ.png
Molebox 2.x doesn't support Unicode properly, so the non-English filenames are usually badly damaged anyway.
Could you please upload your files to mega.co.nz or mediafire.com and send me the link? I will try to improve my unpacker and will let you know when it's done.
thank you for you help!
here's link: {link_removed}
I wasn't able to run your file, it keeps giving error messages in some language I don't understand (Chinese?).
Please try the hotfix version: https://www.mediafire.com/?t4acraaxas6pact - it should work "better".
But if it still doesn't work correctly, please help me to get your file running on Windows 7 or Windows XP inside VMWare. I'm specifically interested in regional settings, installed languages, etc.
the hotfix version works! thanks a lot!
Use EnigmaVBUnpacker for unpack this exe but not obtain results Ok
Is possible unpack ?
Thanks for help
EnigmaVBUnpacker v0.41a, compiled on 22-04-2017 20:30
Supports Enigma Virtual Box v4.10..7.70
Latest version always on {hidden link} and {hidden link}
[+] Filename: C:\Program Files (x86)\Offboard_Diagnostic_Information_System_Engineering\Odis_Cracked.exe
[+] MD5: 0523d423788bb17934546c8d5c7dfb80
[+] x86 executable
[x] Expected section name ".enigma2", found ".data"
[x] This file is not protected with Enigma Virtual Box or is hacked.
hi kao this work on molebox virtualization solution?
No, it won't. But unpacker for Molebox Virtualization Studio is next on my todo list. 🙂
Hello, Mr. Kao, thank you for the program, it works for me, it works great! * - * emm if not a lot of hassle .. can you help me with a program I have this packaged with UPX you know of ollbyg can help me thanks 🙂
Dear Roger,
Here is a quote: "UPX has a built-in feature for unpacking unmodified executables packed with itself." from {hidden link} so you can just go to {hidden link} in order to get the latest version of UPX in order to unpack you're executable.
P.S. If you need help finding the correct command to do so - don't forget to ask google.
Amazing 🙂 Great job.
Hey Kao I just wanted to say that I've been spending a bunch of time reading your blog recently and wanted to thank you for all the info you put out there.
Hello can you help me please !! I want to unpack an .exe file but it is packaged with aspacker and searched for programs all over google and not found eh and as you did for molebox I was wondering if you can create a program that will unpack aspack programs please!
There are lots of tutorials about unpacking AsPack. See https://www.google.com/search?q=aspack+tutorial.
It is very easy to do it manually - therefore I am not planning to make any tool for that.
Thanks for answering me quickly look in google but it does not work for me 🙁 thanks for the molebox unpacker works me 100%
please help me molebox virtualization does not work for me {hidden link}
My unpacker works only for Molebox v2.x.
Molebox Virtualization Solution is completely different program. I have an unpacker for it but it is not public yet.
Out of interest, why did you decide to use Delphi at all - is that just what you built v1 in, or is it more suitable for the task than .NET?
Plenty of reasons:
* 10 years ago .NET wasn't that popular. It wasn't preinstalled on WinXP, etc, etc.
* When you're dealing with custom data structures/encryption/compression algorithms, it's much easier to reimplement them in native code.
* To make unpackers, you need some sort of PE file manipulation library. I happened to have written one for Delphi already. 🙂
hey kao You can contact me? {email_removed}
I need unpacker in these files so I can set up my online mu server...
I want you to help me out of unpack this main.exe
I'm new to this cracker area xD
{link_removed}
You can contact me via "email me!" link which is on the bottom of every page.
My standard answer about such files is: "You should be able to use Virtual File System Editor by Extreme Coders (see http://www.cin1team.biz/showthread.php?t=9772 for download links) to extract the files."
HELP ME PLEASE ! nprotect gameguard unpack
{links_removed}
PLEASE!! GAMEGUARD UNPACK!!
No. This blog post has nothing to do with GameGuard.
hi,kao
i send file to your email,please check it,thanks
i think the file is pack with molebox virtualization solution
can you unpack it and give me unpack files?
thanks~
You're right, it is packed with Molebox Virtualization Solution. I don't have time to look at it now, maybe next week..
thanks,i will wait~
Hello, Kao. I have a program now, use your program can unpack data successfully. However, there is a problem, the file name contains "_". I am sure that these underscores are Chinese characters, is there a way to solve this problem?
Thank you
See my response to similar question asked earlier: https://lifeinhex.com/updated-molebox-unpacker/#comment-1224
These work better, thanks!
hi kao
can you take time look my file,thanks~
Then I have a question, whether this program open source? I would like to try to change into C++, and learn about.
It's not open source and I have no plans to change that.
Good work but I need to unpack Mole Box virtulization solution v4.5235 please help me.
Read the comments above - the unpacker for Molebox Virtualization Solution is not public. I am still working on it when I get some free time (which is not a lot).. 🙁
Hi,
your program gets a Out of Memory Exception as soon it hits 1500MB Memory allocated.
Is there a workaround for this?
Help me please i want to unpack that .exe file help!
{link_removed}
No, this post has nothing to do with ASProtect
Please Mr. Kao help me with the asprotect unpacker I beg you
This is not a place for begging.
If you continue this way, I will have no other choice but to ban you from commenting. Please consider this your final warning.
Hello, and thanks for this tool. I can´t unpack moleboxed exe with external data packages, the data is not in the executable, and I can´t scan the data files itself, have you done something with this type of "packaging"? Thanks!
In general, it should work automatically when unpacking main EXE. Something like this:
If it doesn't work for you, please upload EXE + all data files to mega.co.nz or mediafire.com and send me a link. I'll take a look and try to solve the issue.
Help me please unpack this .exe with your program but at the time of using this file in my game I can not log in
Can you help me unpack it at 100% please weigh 2.5mb
{link_removed}
Please don't make 10 comments with the same request. Any comment with a link inside goes to moderation queue and I need to approve it manually.
My unpacker works just fine:
Take all 4 extracted files: Client_unpacked.exe, ACDC.dat, MHPClient.dll and Minifighter.dll, put them in the folder with your game and then your game should work. If it doesn't, it's some problem with the game, not with my unpacker.
You can try renaming file Client_unpacked.exe to Client.exe and see if that helps.
Hello friend can you help me unpack a file packed with Microsoft Visual C ++ v8.0 2005 please help me !!
{removed}
No. This blog post has nothing to do with Microsoft Visual C++.
This is your final warning. If you make another off-topic comment, you will be banned.
Why can only extract the sound file?
If you can't write proper problem description, I can't help you.
Make some screenshots, upload your files to mega.co.nz and then I will try to help.
be a compressed exe how to extract?
Hey Kao, great job
I get a
[+] MD5: 117ce633ceb20f570712d92eabd0c1f5
[i] Molebox Pro v2.2570
[i] Loading control information
[x] Signature seems to be invalid. File is cut? (F8E95781 / B3095878)
Is there a way to extract it?
If you could send me a link to the file, I'll take a look. It might be a broken file or a bug in my unpacker.
I always meet this error
[x] EXCEPTION EWriteError
Send me link to the file that causes error, then I can look at it.
{link_removed}
I have try other pack in above site, all the same result.
if u can not use pan.baidu , u can also use
{link_removed}
Thank you, I will look at it.
BTW, comments with links inside are hidden from public. No need to post the same comment again and again. 🙂
Latest version works fine - but it needs a lot of memory and lots of disk space:
Log from the torrent file: https://pastebin.com/DyE1uqhy
If it doesn't work for you, please make screenshots, explain what exactly you did and send me an email (see bottom of the page). I will try to find and fix your problem.
sorry , it seems that it is ok now. It work on local driver ,
but in remote dirver like samba or virtualbox share folder it reports [x] EXCEPTION EWriteError
I move the exe to local drivers , it works ok.
I'm happy that you have solved it now. 🙂 Later I'll check my unpacker with the network drive and see if I can find and fix the problem.
my environmetn is vmware mac host winxp guest share foler
Hello sir i would like to ask if your program can work on unpack data extension and link to .exe
like for example
Ran.exe
File001.data
File002.data
File003.data
the main files was packed in File 001-File 003.data
the Question is can i able to unpack it?? thank you for your Response..
See my answer to similar question: https://lifeinhex.com/updated-molebox-unpacker/#comment-2166
THANK YOU FOR YOUR RESponse sir Kao you are Great. I will update you sir ..
Sir Kao I already send you the link in Gmail....thanks sir..
Hello sir sorry .. but i send you another link on mediafire...
Hello. Awesome work on Molebox unpacker! However I still can't unpack 1 executable file. Can you, please, check and point what version of Molebox was used? Thanks in advance!
{link removed}
That's not Molebox at all. It's Thinstall v2.501.
EDIT: first layer is Thinstall. When you unpack that, you will get ~200 files. From those files, mugen.exe.exe is packed with Molebox and data are stored in file TWNM895..... My Molebox unpacker will work just fine with those.
Sir hello please read my message in gmail thanks..
Thank you! I'll search for unpacker immediately.
Can you help me open my file ?, I use the software but can not open it, thank you
Link: {removed}
Please upload your file to mega.co.nz and I'll look at it. 🙂
You help me get the default thanhlong.exe no pak, unnecessary files pak, thanks you 🙂
Link: {link_removed}
It is packed by Molebox Virtualization Solution. It is a different software and not supported by my unpacker.
Your files unpacked: {link_removed}
I can not run thanhlong_unpack.exe like thanhlong.exe pak, is there a way to solve the error help me ?, i need to run thanhlong_unpack.exe, thanks you
link img: {hidden link}
You did not give me all game files, so I could not test the unpacked EXE.
If you can upload full game client to MEGA, I will look at it and fix the unpacked EXE.
This is my client game, you help me debug thanhlong_unpacked.exe to be able to enter the game, thanks you
Link: {link_removed}
Your EXE file is multi-packed. First, it was packed with Enigma Protector. Then it was packed by Molebox Virtualization Solution. Such files are very hard to unpack automatically.
Here is the EXE file that should work: {link_removed}
If it doesn't work for you, learn how to unpack Molebox VS and Enigma Protector yourself. 🙂
Thank you very much, it works best, I want to edit some functions in the game, can you get the source code help me?
No, I am only interested in unpacking files. What you do with them afterwards is your decision..
ah, I would like to ask if the files have been unpacked, then when I use myself want to pack such a Can not?, thanks you
Thank you very much, you solved my problem very well, the file I downloaded to the computer, you delete the mega.nz path you upload in the home, thank you
Thank you for this tool. However, half my files I need to decompress are old versions, so this result always comes up:
Is there a way to solve this? In case you need a link to the file just ask me and I'll upload it.
Regards
Sure, just upload the file to mega.co.nz and post a link in comment.
Comments with links are moderated, so only I will be able to see it.
Gracias por la ayuda, aunque serían muchos más archivos que el que voy a subir (por si había algún método general), pero mientras subo aquí este. El ejecutable en concreto es El_Libro.exe.
{link_removed}
Oops, sorry, I answered in spanish. Translation:
"Thanks for your help, though there are many files I have to open instead of just one (just in case there was a general method to apply to everyone), but here I send one. The .exe is El_Libro.exe.
Hi, here are your files unpacked: https://mega.nz/#!slgxnYiD!SESmN_VXMo097iOMxXoQ24HyMTTyusxljD-mwY1d-6A
New version of unpacker will be able to unpack such files automatically. I expect to finish it this week. 🙂
Thank you very much! Looking forward to that update! 🙂
You help me get the default files, it's locked IP and I can not use it.
Locked files include: AccountServer.exe, BackupServer.exe, DBServer.exe, LoginServer.exe, LogServer.exe, MailServer.exe, MapServer.exe, TradeServer.exe, VTServer.exe.
link: {link_removed]
Hope you will look over it once, thank you.
No, this post has nothing to do with VMProtect!
Please help me with this unpacking using Molebox Virtualization any Idea how to unpacked this sir?
Thank you for your response and another how can i donate your work sir for good services?
- RAGE
Already answered here. 🙂
hello sir i have client here, i tried to unpack using your demolition but ive got an error could you please me with this i will send your email..
Gracias
please Check my Email sir
Thanks sir..
Your file is packed with Molebox Virtualization Solution. That is a completely different software than original Molebox and is not supported by this unpacker.
Could you unpack it for me sir?? i will pay for it Please...
Thank You
>> "Starting from Delphi 2007, strings are Unicode."
No. D2007 use ansi. 2009 - Unicode.
Thank you, I updated the article. 🙂
Plase unpack my files 🙂
{link_removed}
It is protected by Enigma VirtualBox, you should use this unpacker to unpack it: https://lifeinhex.com/updated-enigma-virtualbox-unpacker/
Then you will find custom protection (ntowar.dll) - there is no ready-made solution for that.
have any way to open the .cab file?
Can u help me to unpack this? Please ? {link_removed}
Doesn t work it said me it s not probably molebox version, but i scan with rdg it s molebox 4
Charmeine, this unpacker is for Molebox version 2.x.
Molebox version 4.x (also called Molebox Ultra, Molebox Virtualization Studio or Molebox VS) is a totally different product and my unpacker doesn't support it.
hello sir. can you unpack this client. thank you sir. godbless
{hidden link}
See my February post for unpacker of Molebox v4.x. It should work on your file.
8TmQzZY1RG1JLl5OXSuCkdRi9rwMxFxqcZjdNwVu9Cw here is the client sir
{hidden link} here the client sir
hello sir..i can you share unpacker of Molebox v4.x.
i cant unpack the client sir.
{hidden link} i cant unpack this client sir
I just checked, unpacker works just fine. Please try again and read all the messages carefully.
If you still can't make it work, please post a screenshot of unpacker with the error message.
can you share the link of unpacker molebox v4 sir.because i cant unpack the client.
See my earlier comment
i cant download sir.
can you re upload sir?
All links are working for me.
Maybe MEGA is blocked in your country - but that is not my problem. You will need to find a VPN or other solution to bypass it.
Hi Kao,
Good day!
I would like to ask you for best compiler/virtualization as well as PC securities, how I can contact you.
Please reply.
hello sir kao can you unpack this HTLauncher Thank You!
{hidden link}
[x] Not a Molebox or unknown version
I can't help you if you don't provide any additional information.
I have the same problem, it just shows: Not a molebox or unknown version. If you can tell me your e-mail I can send you the file thanks.
My email is at the bottom of every page.
I am having a problem with a Japanese program called SCWU, the program reports that the molebox present in SCWU.exe is modified or unknown I need help to unzip this 2d maker fighte engine...
help me too
Already answered to your comment in another post. 🙂
Hi. I was unpacking a file (.exe). after that when i run the app, i will see this message:
---------------------------
Component 'ImpulseAniLabel.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.
what should i do? please help me.
Most likely you need to register ImpulseAniLabel.ocx using command-line. Something like:
See https://support.microsoft.com/en-us/topic/how-to-use-the-regsvr32-tool-and-troubleshoot-regsvr32-error-messages-a98d960a-7392-e6fe-d90a-3f4e0cb543e5 for more information.
If this doesn't help, please upload your packed file to MEGA.NZ or mediafire.com and post the link. I'll take a look.
Hi dear kao
Thank you for your comment. I had done your suggestion but after that the software says :--------------------------- Component 'FAST2010.ocx' or one of its dependencies not correctly registered: a file is missing or invalid ------------
Again, I try to fix it in your way. It shows --------------
------- DllRegisterServer in FAST2010.ocx succeeded. -----------
But it doesn't work. the software says fast2010.ocx has problem. Would you please give me some solutions? I appreciate.
What's the exact error message?
Without seeing the software, I can only guess what's causing the problem. So, again, could you please upload your software to mega.nz or mediafire.com and post the link?
message:
Component 'FAST2010.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.
I will send it to your email.
Since I haven't received any email from you, I'm guessing you solved your problem already...
I sent it to this address: {removed}
As I said - I haven't received anything. Nothing even in a "Spam" box.
Please post the link in comments here. http/https links posted by visitors are visible only to me, nobody else can see them.
{hidden link}
MediaFire is blocking the download. Are you trying to send me malware?
Come on, are you kidding me? This is a software that we use it in hospital in order to calibrate our equipment. I want to find a way to facilitate the calibration process and crack this software. I can not prove you that this is not a malware. If you want you can download it from
{hidden link}
and run it in virtual machine (windows XP). Thank you in advance.
Sorry, Mediafire is sometimes like that. MEGA is much kinder and tolerates strange files.
My steps in Windows XP virtual machine:
for %F in (*.dll,*.ocx) do regsvr32 /s %F. It will take all DLL and OCX files and try to register them properly. "/s" ensures that no error messages will be shown.Since I don't have a valid license and your hardware, I can't actually verify that every function works. But that's a different story.
Hi again. The problem has been solved. Words are not enough to say thank you. It's kind of you to spend time in order to solve my problem.