OldSchoolHack

Register / Login English

OverwatchDumpFix v5.0.0

not available
  • Category: Tools
  • Developer:
  • Uploaded by: System
  • Uploaded at:
  • System: Windows
Download (58.21 KB)

VirusTotal Result: 0/60

virustotal

Description

Release v5.0.0
  • Updated for Overwatch version 1.11.1.2.36859.
  • The import address table is no longer terminated by two null pointers. The second null has been replaced with a pointer to a 'ret 0' instruction.

Download OverwatchDumpFix v5.0.0
post
Kategorie: Tools
Entwickler: changeofpace

Beschreibung:
Release v5.0.0
  • Updated for Overwatch version 1.11.1.2.36859.
  • The import address table is no longer terminated by two null pointers. The second null has been replaced with a pointer to a 'ret 0' instruction.




Download:
OverwatchDumpFix v5.0.0
post
Kategorie: Tools
Entwickler: changeofpace

Beschreibung:
Release v4.0.1
  • Updated for new protection tech in Overwatch version 1.10.1.2.36268.
  • The 'secret' pe header is no longer stored in memory (or it's now obfuscated). The plugin now uses the pe header from the file on disk as a base when patching Overwatch's invalid pe header.
  • Plugin now uses WinAPI instead of C++ file streams to get the pe header. This should fix a bug involving unicode paths.


Source:
Only registered and activated users can see links.



Download:
OverwatchDumpFix v4.0.1
post
Kategorie: Tools
Entwickler: changeofpace

Beschreibung:
Release v4.0.0

  • Updated for new protection tech in Overwatch version 1.10.0.2.36031.
  • The 'secret' pe header is no longer stored in memory (or it's now obfuscated). The plugin now uses the pe header from the file on disk as a base when patching Overwatch's invalid pe header.




Download:
OverwatchDumpFix v4.0.0
post
Kategorie: Tools
Entwickler: changeofpace

Beschreibung:
Release v3.0
  • Updated for new protection tech in Overwatch version 1.8.0.2.34978.
  • Import thunks are now spread across several memory regions. Each thunk has multiple blocks combined with relative jumps.
  • Now using capstone disassembler to unpack import thunks.
  • The .rdata view contains 0x1000 bytes of code (not sure if this is new). The plugin will separate this page from .rdata. IDA will automatically combine the two .text sections.


Summary:
This x64dbg plugin removes anti-dumping and obfuscation techniques from Overwatch.exe to make the game able to be dumped using Scylla

How to use:

x64dbg
  1. Attach x64dbg to Overwatch.exe then execute the OverwatchDumpFix command.
  2. Open Scylla in x64dbg's "Plugins" menu then select Overwatch.exe in the "Attach to an active process" drop-down list.
  3. Click "IAT Autosearch".
  4. Click "Get Imports".
  5. Click "Dump" to create a dump file.
  6. Click "Fix Dump" and select the dump file from (5) to reconstruct imports.
  7. The Scylla output view should say "Import Rebuild success [FILE PATH]".
  8. Click "PE Rebuild" and select the fixed dump file.

IDA Pro
  1. Open the dump file in IDA. Check the "Manual load" and "Load resources" (optional) boxes. Click "OK" / "Yes" for every prompt.
  2. Run the "Universal Unpacker Manual Reconstruct" plugin for the IAT to set imports to the correct color.
  3. Happy reversing




Download:
OverwatchDumpFix v3.0