Unpacked dekaron.exe [4.6.21]

[WarMasterRealOne]

Quote:

Originally Posted by InstantDeath

Master , ever heard of Google?

ImpREC is but you'll find the Olly by yourself...


No problem but I and many other people prefer the Thanks button. Just to keep the forum clean I recommend to use that .

i even use gmail and other services from google ^^ (that's a "yea")

i hope that i will finde the version that u recomanded

Tnx for ImpREC
-------------------------

EDITED: O.O ouch i hunrted my eyes lol

-.-'' if u can make a pic or vid tut will be good

[HealxYourself]

Quote:

Originally Posted by InstantDeath

Well there used to be a script for this but it wont work anymore because the packer has changed. Actually it was much harder to unpack before. Everything gets easier all the time .

Ok, this is in text version. No need to record it because it's so short.

- Tools needed: OllyDbg (prefer ver 1.10), ImpREC
1. Ignore all exceptions in OllyDbg.

2. Load the dekaron.exe in Olly.

3. The entrypoint will look like this:



4. Step over/into the first pushad command.

5. Put a hardware breakpoint on the esp register --> Word/Dword on Access.

6. Execute shift+F9.

7. Now you should find yourself at a routine before the OriginalEntryPoint:


8. Disable the hardware breakpoint put earlier (Debug --> Hardware breakpoints --> Delete 1).

9. Put a breakpoint (press F2) on the unconditional jump.



9. Execute Shift+F9 then remove the breakpoint (press F2 again).

10. Step over/into the unconditional jump.

11. You should land here:



12. Now launch ImpREC, dump the target with ImpREC. Put the OriginalEntryPoint in the OEP grid and press Auto Search. Then press Get Imports.

13. After that choose Fix dump and choose your dumped file and you're done .

now do we have to follow this TUT if we downloaded that automatic unpacker on this site? If so this is a great TUT but i don't want to do something if i have already done that. Also, where do i put the file 4.6.21 at after unpacking and such?

[HellSpider]

Quote:

Originally Posted by HealxYourself

now do we have to follow this TUT if we downloaded that automatic unpacker on this site? If so this is a great TUT but i don't want to do something if i have already done that. Also, where do i put the file 4.6.21 at after unpacking and such?

The file I posted in the first post is already unpacked. So you can edit the file as you wish.

If you mean the script posted here for unpacking dekaron.exe, it wont work anymore.

This is just a fast tutorial on how to unpack dekaron.exe when it gets updated, in case they don't change the packer .

[lex22]

Job well done as always instant.