unpack l2walker

[Only registered and activated users can see links. Click Here To Register...] 1.99 US
[Only registered and activated users can see links. Click Here To Register...] 2.00 uS
[Only registered and activated users can see links. Click Here To Register...] 2.01 US
[Only registered and activated users can see links. Click Here To Register...] 2.02 US

[Only registered and activated users can see links. Click Here To Register...] 2.03f CH
[Only registered and activated users can see links. Click Here To Register...] 2.03g CH
[Only registered and activated users can see links. Click Here To Register...] 2.04 CH
[Only registered and activated users can see links. Click Here To Register...] 2.05 CH

[Only registered and activated users can see links. Click Here To Register...] 10.8.8 US
[Only registered and activated users can see links. Click Here To Register...] 10.8.9 US
[Only registered and activated users can see links. Click Here To Register...] 10.9.0 US
[Only registered and activated users can see links. Click Here To Register...] 10.9.1 US

so what are ppl supposed to do with those dlls?

are those the official ones or modified?

its official dll, but now is unpack you can modified it.

It`s not　working for me. Ｉｔ doesn`s hunt automatically.

benjamin how you unpack them?

ollydbg + ImpREC 1.7 + Script "Aspr2.XX_unpacker_v1.14E" for ollydbgscript plugin

ok but this packs are only the basic ones that views not the whole source

So these are the unpacked ones not cracked,so someone thats knows what to do must get them and crack the one we want

benjamin plz write a tutorial .. "how to unpack walker dll`s" with screen shots :)

tools: [Only registered and activated users can see links. Click Here To Register...]

exemple with 2.05 us:

first launch ollydbg.exe and File->Open and select l2walker.dll

[Only registered and activated users can see links. Click Here To Register...]

Clic Oui (yes)

[Only registered and activated users can see links. Click Here To Register...]

Clic yes too

after go in plugin->Ollydbgscript and launch script

[Only registered and activated users can see links. Click Here To Register...]

after a little time you see a popup

[Only registered and activated users can see links. Click Here To Register...]

clic ok

after clic alt+L and you see the log

[Only registered and activated users can see links. Click Here To Register...]

RVA of OEP is OEP = 73736 (for 2.05)
RVA of IAT is RVA = F2000
Size of IAT is Size = 750

Now launch ImpREC 1.7 and in Attack to an active process select loaddll.exe

and clic on "Pick DLL" and you see this:

[Only registered and activated users can see links. Click Here To Register...]

select L2walker.dll and clic OK

at the right enter the value in case OEP, RVA and size and clic on "AutoSearch" and "Get Imports"

[Only registered and activated users can see links. Click Here To Register...]

after clic on "Fix Dump" and you see popup

[Only registered and activated users can see links. Click Here To Register...]

select the de_l2walker.dll and clic open, the dump file is fixed

now you have in folder de_l2walker_.dll rename it in l2walker.dll and is good.

NICE

can u xplain what you managed to do with that process?

cause at th end i find a L2Walker.dll 1mb more than the original
but still cant read it

why cant you just post the fixed dll for both ig and oog...be so much simpliar

Quote:

Originally Posted by Benjamin tools: [Only registered and activated users can see links. Click Here To Register...] exemple with 2.05 us: first launch ollydbg.exe and File->Open and select l2walker.dll [Only registered and activated users can see links. Click Here To Register...] Clic Oui (yes) [Only registered and activated users can see links. Click Here To Register...] Clic yes too after go in plugin->Ollydbgscript and launch script [Only registered and activated users can see links. Click Here To Register...] after a little time you see a popup [Only registered and activated users can see links. Click Here To Register...] clic ok after clic alt+L and you see the log [Only registered and activated users can see links. Click Here To Register...] RVA of OEP is OEP = 73736 (for 2.05) RVA of IAT is RVA = F2000 Size of IAT is Size = 750 Now launch ImpREC 1.7 and in Attack to an active process select loaddll.exe and clic on "Pick DLL" and you see this: [Only registered and activated users can see links. Click Here To Register...] select L2walker.dll and clic OK at the right enter the value in case OEP, RVA and size and clic on "AutoSearch" and "Get Imports" [Only registered and activated users can see links. Click Here To Register...] after clic on "Fix Dump" and you see popup [Only registered and activated users can see links. Click Here To Register...] select the de_l2walker.dll and clic open, the dump file is fixed now you have in folder de_l2walker_.dll rename it in l2walker.dll and is good.

Scan taken on 14 Aug 2008 00:23:44 (GMT)
A-Squared
Found nothing
AntiVir
Found PCK/Repacked, HEUR/Malware
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found BackDoor.W32.Nuclear.dg
Dr.Web
Found nothing
F-Prot Antivirus
Found W32/SYStroj.N.gen!********
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found Exploit.Win32.DebPloit, Backdoor.Win32.Ginwui.a, Trojan-Downloader.Win32.Agent.aww
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



hmmm......

its not trojan, you can download ollydbg in official website and plugin if you want...