[Release] Unpack GlobalDekaron dekaron.exe [Tutorial]

Hi. Many people asked how to unpack the new dekaron.exe.

This tutorial works for the current 2moons, GlobalDekaron and Korean official dekaron.exe.

The tutorial is a flash movie so you shouldn't have any difficulties to hang along. The tutorial is extra beginner friendly and I'm explaining things too (so you could learn something).

------------------------------------------------

Update 8.11.2009 !

- New tutorial made
- New API redirect fix script made
- New tool added to the package
- New plugin added to the package

------------------------------------------------

Tools needed:

- OllyDbg 1.10

All other tools are included in the package.

The password of the archive is (without the spaces):

alright thanks for that, now go and fix the bypass :P

you rock instantdeath now only the bypass left...

You can do it!!! lol

this is absolutely great. thanks alot man.

Instant
talk to me man
you said that the noXincode was all MASM and I think that since it is.. is can be a simple CE script
I had experience with this on another game (were the CRC Bypass was one of the scripts, and an extra program wasn't needed)

Quote:

Originally Posted by InstantDeath Hi. Many people asked how to unpack the new dekaron.exe. This tutorial works for the current 2moons, GlobalDekaron and Korean official dekaron.exe. The tutorial is a flash movie so you shouldn't have any difficulties to hang along. The tutorial is extra beginner friendly and I'm explaining things too (so you could learn something useful too). Tools needed: - OllyDbg 1.10 - LordPE - ImpREC - PhantOm (OllyDbg plugin) All of these can be found at: [Only registered and activated users can see links. Click Here To Register...] (Notice to all picky forum guards: I'm not advertising anything. The link is just to help people find the vital tools.) Thanks to any watchers :).

i have the follow problem sir i hope u can helpme...:
[Only registered and activated users can see links. Click Here To Register...]

If your going to make a tutorial... Atleast use the same programs you told us to download. When running through the steps on a virgin install of everything I found myself compltly lost. The windows didnt even match up once you began running the program to find that first address. There is no ESI+0 in the bottom right corner, all I have is hexadecimal.

Idk.. You said it was for the complete beginner. I know my way around asm and olly and I still was hard pressed to find what you showed. I want to learn to do this. But... Well yeah, if I was you... I would make another tutorial that actually used OllyDBG 1.10....

Quote:

Originally Posted by croswaity i have the follow problem sir i hope u can helpme...: [Only registered and activated users can see links. Click Here To Register...]

That is probably just a plugin issue. Didn't write in a popup message that if you didn't thave that menu just press Ctrl+G and type the address in the box and press OK? The address is 00C720D0.

Quote:

Originally Posted by -8gX If your going to make a tutorial... Atleast use the same programs you told us to download. When running through the steps on a virgin install of everything I found myself compltly lost. The windows didnt even match up once you began running the program to find that first address. There is no ESI+0 in the bottom right corner, all I have is hexadecimal. Idk.. You said it was for the complete beginner. I know my way around asm and olly and I still was hard pressed to find what you showed. I want to learn to do this. But... Well yeah, if I was you... I would make another tutorial that actually used OllyDBG 1.10....

Where is ESI+0 supposed to be? And I used the OllyDbg 1.10 just with different visual looks. Well I suppose I need to remake the flash then...

Quote:

Originally Posted by InstantDeath Where is ESI+0 supposed to be? And I used the OllyDbg 1.10 just with different visual looks. Well I suppose I need to remake the flash then...

Well all im saying is that you made this for the beginner. Someone looking at this, just like I am, is just a little bit confused about the arrangement of things
[Only registered and activated users can see links. Click Here To Register...]

That is my screen, as you can see, it doesn't have the buttons along the top that you do, the graphics are obviously not the same, etc. I love your work, dont get me wrong. I just wish it was easier to understand and you having the same software as the students your teaching would defiantly help.

Dont take this as criticism. Because it isnt. I think it would be just genuinely helpful to the people you are teaching your methods too.

Will it work for the Action 6 private servers ?Cuz when i tried it didn't work,i mean i didn't get the same addresses as in the tutorial

Here is the address that i get after "ZwContinue"

[Only registered and activated users can see links. Click Here To Register...]

And i always get an error at some point "debugger detected" where it tells me to restart ollydbg...

Quote:

Originally Posted by -8gX Well all im saying is that you made this for the beginner. Someone looking at this, just like I am, is just a little bit confused about the arrangement of things [Only registered and activated users can see links. Click Here To Register...] That is my screen, as you can see, it doesn't have the buttons along the top that you do, the graphics are obviously not the same, etc. I love your work, dont get me wrong. I just wish it was easier to understand and you having the same software as the students your teaching would defiantly help. Dont take this as criticism. Because it isnt. I think it would be just genuinely helpful to the people you are teaching your methods too.

Well I guess I should make everything more clear...

Quote:

Originally Posted by Ra1dom Will it work for the Action 6 private servers ?Cuz when i tried it didn't work,i mean i didn't get the same addresses as in the tutorial Here is the address that i get after "ZwContinue" [Only registered and activated users can see links. Click Here To Register...] And i always get an error at some point "debugger detected" where it tells me to restart ollydbg...

There isn't any private servers using this protector. If the private servers are protected they use often something better than this.

This tutorial works only for the 2moons, Korean (official) and GlobalDekaron clients.

Oh,I see,thanks,now it all makes sense xD

Quote:

Originally Posted by InstantDeath That is probably just a plugin issue. Didn't write in a popup message that if you didn't thave that menu just press Ctrl+G and type the address in the box and press OK? The address is 00C720D0. Where is ESI+0 supposed to be? And I used the OllyDbg 1.10 just with different visual looks. Well I suppose I need to remake the flash then...

thank u...

What's the packer for this .exe ?,there are a bunch of scripts to find OEP/Fix IAT for olly,which I could share to help the ppl here ;p