[Release] Unpack GlobalDekaron dekaron.exe [Tutorial]

Quote:

Originally Posted by PunkS7yle What's the packer for this .exe ?,there are a bunch of scripts to find OEP/Fix IAT for olly,which I could share to help the ppl here ;p

Some custom packer probably. Looks like a hard modified UPX stub. Didn't find any signature for this.

+ Updated!! See main post for more info...

Tried a UPX script on it to see if it works ;o ?
Edit;I want your olly ;o .

Quote:

Originally Posted by PunkS7yle Tried a UPX script on it to see if it works ;o ? Edit;I want your olly ;o .

UPX doesn't have API redirection, anti-debug or SEH exceptions :p. So it's just the basic stub probably.

My Olly is kinda private so I don't really wish to share it, sorry :)...

Tsk...so I guess i'll stick to QueenOfEvil's one ._.

Quote:

Originally Posted by InstantDeath ------------------------------------------------ Update!! I remade the tutorial to be more clear and informative + I included my API redirection fix script (forgot it last time, sorry) :). ------------------------------------------------

Thats so much better!! i did it so this new tutorial helped!! thank you instant

please help ! i cant find the return to ntdl bla bla bla and i did everything and still nothing :mad::mad::mad:. why cant you just simple put the unpacked dekaron here ? i dont understand a thing from that video and my program is white yours is black , when i search for the ntdl the up bar doesnt changes the name like yours. :mad: :mad: im so nervous

N0ob btw the unpacked is allready in his other post lol just go download from there it's dekaron global unpacked but it works perfect anyway

Quote:

Originally Posted by geoboy please help ! i cant find the return to ntdl bla bla bla and i did everything and still nothing :mad::mad::mad:. why cant you just simple put the unpacked dekaron here ? i dont understand a thing from that video and my program is white yours is black , when i search for the ntdl the up bar doesnt changes the name like yours. :mad: :mad: im so nervous

I will continue releasing unpacked dekaron.exes but this tutorial is just for those who want to "expand the limits" meaning, for those who doesn't want to wait or want to unpack the dekaron.exe form Korean (official) for example, because I wont be posting that one...

Just as a note, remember that the packer may change the ImageSize so you should press the "Correct ImageSize" button in LordPE. Just to be sure it dumps the whole memory :).

delete the post or i shall report lol

Instant I got a problem. I unpacked everything no issues except when I actually run the program. I can open it in olly and see all of the addresses, so its unpacked, but when I actually run the .exe it crashes with a windows error. Idk what happened. Help would be very nice :D

although hacks work just fine with normal dekaron exe ill try to unpack it myself and see what happens

Quote:

Originally Posted by -8gX Instant I got a problem. I unpacked everything no issues except when I actually run the program. I can open it in olly and see all of the addresses, so its unpacked, but when I actually run the .exe it crashes with a windows error. Idk what happened. Help would be very nice :D

Upload the dekaron.exe somewhere and PM me the link, I'll have a look at it. I'm guessing that the Import table is built only by ordinals or that the .code section has not access to write to other sections.

Sorry, I'm not really good into these programming and all, I don't understand it at all, even with your flash movie...

Is there a way we could simply get the unpacked file? I looked in the folder you had to download and it isn't in there... Thanks

can you please upoad it somewhere else?

i can't download it, it keeps saying error at readin in firefox and server conection reset on IE ...-.-

when downloading, make sure you turn your antivirus off, since my NOD also stops the download beacuse he thinks its a virus