Cannot unpacker .EXE

[nikonekoni]

I move a EXE to cetrainer-unpacker.exe But it returns an empty folder

[dumbasPL]

1. Are you sure it's actually a CE trainer?
2. Are you sure it's not packed with another packer on top?
3. Do you know what version of CE it was made with?

Please run the unpacker from the command line and post the log here.

If you want me to debug the problem you would need to share the sample with me. Preferably put it in a ZIP archive with the password infected and post it here. If not you can also email it to me nezu [at] nezu [dot] cc

[nikonekoni]

1. Are you sure it's actually a CE trainer?
2. Are you sure it's not packed with another packer on top?
3. Do you know what version of CE it was made with?

Please run the unpacker from the command line and post the log here.

If you want me to debug the problem you would need to share the sample with me. Preferably put it in a ZIP archive with the password infected and post it here. If not you can also email it to me nezu [at] nezu [dot] cc

I can confirm this is made by CheatEngine But it seems to be repackaged or encrypted I tried making a trainer using CheatEngine and it was successfully unpacked Here's the trainer,thanku Test.zip

[dumbasPL]

But it seems to be repackaged or encrypted

Doesn't look like it to me.

It's CE 7.5.0.7626

log

Extracting: CET_TRAINER.CETRAINER
Error: Failed to decrypt CETRAINER file

Seems like an actual bug, will have to investigate later.

[nikonekoni]

But it seems to be repackaged or encrypted但好像被重新打包或者加密了

Doesn't look like it to me.对我来说看起来不像。

It's CE 7.5.0.7626 这是CE 7.5.0.7626

log 日志

Extracting: CET_TRAINER.CETRAINER
Error: Failed to decrypt CETRAINER file

Seems like an actual bug, will have to investigate later.看起来像是一个真正的错误，稍后必须进行调查。

hh, this trainer has a Pro version and is even verified online(it's name is the key,and the trainer cannot be used at the same time). I want to know how this is achieved I can use e language and QT to make trainers, but I never thought that CE can also do this kind of program Anyway, thanks for your contribution Core_Keeper_adv_v6.4.zip

[dumbasPL]

Did some more digging. It seems to be a custom build of CE. Doesn't have the digital signatures, version number higher than the latest one from the official website, extracts to a custom location, (ProgramData\yake_trainer\cetrainers as opposed to AppData\Local\Temp\cetrainers), the extracted executable isn't runnable without a trainer (normal ones are), and the unpacked trainer file can't be ran by normal cheat engine.

I can fix the extraction so that it extracts the encrypted version if decryption fails, but that won't get you far since the trainer will still be encrypted. It seems like it's using a different encryption algorithm. I currently do not have any plans to support modified builds of CE, sorry. If I do, they guy will probably just change it a bit and break it again.

I want to know how this is achieved

Most likely in LUA, CE has a pretty nice LUA API where you could script something like this.

If you want to unpack it you will have to reverse engineer the custom build, find the decryption function, put a breakpoint at the end and dump the memory. Good luck.

[nikonekoni]

Did some more digging. It seems to be a custom build of CE. Doesn't have the digital signatures, version number higher than the latest one from the official website, extracts to a custom location, (ProgramData\yake_trainer\cetrainers as opposed to AppData\Local\Temp\cetrainers), the extracted executable isn't runnable without a trainer (normal ones are), and the unpacked trainer file can't be ran by normal cheat engine.

I can fix the extraction so that it extracts the encrypted version if decryption fails, but that won't get you far since the trainer will still be encrypted. It seems like it's using a different encryption algorithm. I currently do not have any plans to support modified builds of CE, sorry. If I do, they guy will probably just change it a bit and break it again.

I want to know how this is achieved

Most likely in LUA, CE has a pretty nice LUA API where you could script something like this.

If you want to unpack it you will have to reverse engineer the custom build, find the decryption function, put a breakpoint at the end and dump the memory. Good luck.

ok,thank you