|
You last visited: Today at 08:54
Advertisement
[Release] Unpack GlobalDekaron dekaron.exe [Tutorial]
Discussion on [Release] Unpack GlobalDekaron dekaron.exe [Tutorial] within the Dekaron Exploits, Hacks, Bots, Tools & Macros forum part of the Dekaron category.
10/04/2009, 13:36
|
#31
|
elite*gold: 20 
Join Date: Jan 2008
Posts: 699
Received Thanks: 46
|
oh that explains a lot more...
thanks
|
|
|
|
10/05/2009, 03:22
|
#32
|
elite*gold: 0
Join Date: Sep 2009
Posts: 8
Received Thanks: 1
|
The 4.8.1 seems to know ollydbg is onto it. It crashes immediately after hitting run to find the first ZwContinue BP.
|
|
|
|
|
10/05/2009, 09:34
|
#33
|
elite*gold: 20
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
|
Quote:
Originally Posted by GurdyMan
The 4.8.1 seems to know ollydbg is onto it. It crashes immediately after hitting run to find the first ZwContinue BP.
|
Well it has debugger checks but those are just regular so the PhantOm plugin will bypass them with the PEB (ProcessEnvironmentBlock) option enabled.
I will post the unpacked dekaron.exe today because some people have some issues getting it unpacked correctly.
|
|
|
|
|
10/05/2009, 21:01
|
#34
|
elite*gold: 0
Join Date: Sep 2009
Posts: 8
Received Thanks: 1
|
Quote:
Originally Posted by InstantDeath
Well it has debugger checks but those are just regular so the PhantOm plugin will bypass them with the PEB (ProcessEnvironmentBlock) option enabled.
I will post the unpacked dekaron.exe today because some people have some issues getting it unpacked correctly.
|
Well, it seems it just doesn't like my computer. Could it be the phantom driver file is 32-bit only and so it's not actually running on my 64-bit?
It's a good tut. I'm learning either way. Just not by doing. 
Edit: Eh, yup it's the 64-bit. I can't open any program on my computer with ollydbg1.1 even 32bit apps. LordPE shows about 30 of over 100 running processes on my computer. It doesn't even see notepad which is 64 bit. I'm gonna do some more searching, but this looks like one of those things that I'm just going to have to let others do for me.
|
|
|
|
|
10/05/2009, 22:27
|
#35
|
elite*gold: 0
Join Date: Oct 2009
Posts: 107
Received Thanks: 28
|
Hehe, i figured it out after a while, couldnt use the video, didnt have shockwave =_=. thanks! 
|
|
|
|
|
10/05/2009, 22:45
|
#36
|
elite*gold: 20
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
|
Quote:
Originally Posted by GurdyMan
Well, it seems it just doesn't like my computer. Could it be the phantom driver file is 32-bit only and so it's not actually running on my 64-bit?
It's a good tut. I'm learning either way. Just not by doing.
Edit: Eh, yup it's the 64-bit. I can't open any program on my computer with ollydbg1.1 even 32bit apps. LordPE shows about 30 of over 100 running processes on my computer. It doesn't even see notepad which is 64 bit. I'm gonna do some more searching, but this looks like one of those things that I'm just going to have to let others do for me. |
If I remember right, Olly doesn't support 64-bit.
|
|
|
|
|
10/07/2009, 18:22
|
#37
|
elite*gold: 0
Join Date: Dec 2007
Posts: 111
Received Thanks: 3
|
We are waiting for your tutorial..!
Give us the fishing rod...
I love you and your amazing job
|
|
|
|
|
10/07/2009, 21:20
|
#38
|
elite*gold: 20
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
|
Quote:
Originally Posted by aligabo
We are waiting for your tutorial..!
Give us the fishing rod...
I love you and your amazing job
|
Why are you waiting? Just download the tutorial from the first post  .
|
|
|
|
|
10/07/2009, 23:38
|
#39
|
elite*gold: 0
Join Date: Jan 2009
Posts: 614
Received Thanks: 151
|
Fishing rod?
|
|
|
|
|
10/08/2009, 01:25
|
#40
|
elite*gold: 0
Join Date: Sep 2009
Posts: 8
Received Thanks: 1
|
Quote:
Originally Posted by InstantDeath
If I remember right, Olly doesn't support 64-bit.
|
Yeah, so far Ollydbg2.0 does, and PE Tools is an amazing substitute for LordPE.
|
|
|
|
|
10/08/2009, 04:04
|
#41
|
elite*gold: 0
Join Date: Jan 2009
Posts: 614
Received Thanks: 151
|
PE Explorer is my favorite. PM me if you dont wanna spend 200$ on it.
But yes, PE Tools will work just fine too
|
|
|
|
|
10/17/2009, 19:37
|
#42
|
elite*gold: 0
Join Date: Jul 2009
Posts: 700
Received Thanks: 228
|
mm i got question
when i make a break point on ZwContinue and i run it
its send me to other line and its gime Teminated
oh can you post the ollybg vitutral look? i liked it xD
|
|
|
|
|
10/18/2009, 15:40
|
#43
|
elite*gold: 20
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
|
I need to remake the tutorial. They changed the packer a bit after I made the tutorial.
|
|
|
|
|
10/31/2009, 22:24
|
#44
|
elite*gold: 0
Join Date: Oct 2009
Posts: 9
Received Thanks: 0
|
I need to know when the tutorial will be available again. And where do I download the tools needed to use along with OllyDbg. And what they are.
|
|
|
|
|
10/31/2009, 22:34
|
#45
|
elite*gold: 35
Join Date: Aug 2009
Posts: 5,822
Received Thanks: 1,958
|
you download those programs from 
|
|
|
|
Similar Threads
|
[Release] Unpack dekaron.exe [Flash-Tutorial]
01/23/2010 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 12 Replies
Hi.
A lot of people have lately been asking on how to unpack dekaron.exe . Some found my written mini-tutorial but didn't understand it and some didn't even find it. So I decided to make a Flash-tutorial on how to unpack the dekaron.exe of 2moons with OllyDbg 1.10 .
Tools needed:
- OllyDbg 1.10
- ImpREC
- LordPE or some other process memory dumper
|
All times are GMT +1. The time now is 08:55.
|
|
![[Release] Unpack GlobalDekaron dekaron.exe [Tutorial]](https://www.elitepvpers.com/forum/iconimages/dekaron-exploits-hacks-bots-tools-macros/release-unpack-globaldekaron-dekaron-exe-tutorial_ltr.gif){kind=small}
