[Release] Unpack GlobalDekaron dekaron.exe [Tutorial]

oh that explains a lot more...
thanks

The 4.8.1 seems to know ollydbg is onto it. It crashes immediately after hitting run to find the first ZwContinue BP.

Quote:

Originally Posted by GurdyMan The 4.8.1 seems to know ollydbg is onto it. It crashes immediately after hitting run to find the first ZwContinue BP.

Well it has debugger checks but those are just regular so the PhantOm plugin will bypass them with the PEB (ProcessEnvironmentBlock) option enabled.

I will post the unpacked dekaron.exe today because some people have some issues getting it unpacked correctly.

Quote:

Originally Posted by InstantDeath Well it has debugger checks but those are just regular so the PhantOm plugin will bypass them with the PEB (ProcessEnvironmentBlock) option enabled. I will post the unpacked dekaron.exe today because some people have some issues getting it unpacked correctly.

Well, it seems it just doesn't like my computer. Could it be the phantom driver file is 32-bit only and so it's not actually running on my 64-bit?

It's a good tut. I'm learning either way. Just not by doing. ;)

Edit: Eh, yup it's the 64-bit. I can't open any program on my computer with ollydbg1.1 even 32bit apps. LordPE shows about 30 of over 100 running processes on my computer. It doesn't even see notepad which is 64 bit. I'm gonna do some more searching, but this looks like one of those things that I'm just going to have to let others do for me.

Hehe, i figured it out after a while, couldnt use the video, didnt have shockwave =_=. thanks! :D

Quote:

Originally Posted by GurdyMan Well, it seems it just doesn't like my computer. Could it be the phantom driver file is 32-bit only and so it's not actually running on my 64-bit? It's a good tut. I'm learning either way. Just not by doing. ;) Edit: Eh, yup it's the 64-bit. I can't open any program on my computer with ollydbg1.1 even 32bit apps. LordPE shows about 30 of over 100 running processes on my computer. It doesn't even see notepad which is 64 bit. I'm gonna do some more searching, but this looks like one of those things that I'm just going to have to let others do for me.

If I remember right, Olly doesn't support 64-bit.

We are waiting for your tutorial..!
Give us the fishing rod...
I love you and your amazing job

Quote:

Originally Posted by aligabo We are waiting for your tutorial..! Give us the fishing rod... I love you and your amazing job

Why are you waiting? Just download the tutorial from the first post :).

Fishing rod?

Quote:

Originally Posted by InstantDeath If I remember right, Olly doesn't support 64-bit.

Yeah, so far Ollydbg2.0 does, and PE Tools is an amazing substitute for LordPE.

PE Explorer is my favorite. PM me if you dont wanna spend 200$ on it. :)

But yes, PE Tools will work just fine too :)

mm i got question
when i make a break point on ZwContinue and i run it
its send me to other line and its gime Teminated
oh can you post the ollybg vitutral look? i liked it xD

I need to remake the tutorial. They changed the packer a bit after I made the tutorial.

I need to know when the tutorial will be available again. And where do I download the tools needed to use along with OllyDbg. And what they are.

you download those programs from [Only registered and activated users can see links. Click Here To Register...]