Unpack or decompile .exe / .bin

[Zireseth 55]

So I came in here because I wanted to know how to unpack or decompile .exe and .bin files of metin2 ( private server ) I want to get some code that one guy put in .exe file but i can't get it. It works like x1000 damage of horse sword hits.

Here is the file: 

This is the hidden content, please

• Sign In
• or
• Sign Up

If u don't want download it bsc of viruses, don't do it. Just tell me how to get it. Guy who has made it told it shows like that because of packing... but I need this code which is putted inside. Guy wants to sell it out for 50$ each person but this cheat code was somewhere on the net ( unable to find it by myself - i've tried for one day ^^ )

VirusTotal (49/55):  

This is the hidden content, please

• Sign In
• or
• Sign Up

 

It works like here.

My Eng isn't perfect but u should understand me.

 

 

Edited August 20, 2022 by Metin2 Dev
Core X - External 2 Internal

[tierrilopes 449]

Its virtualized.

So, devirtualize it. Cant tell you how because its against m2d rules.

[tierrilopes 449]

Insulting someone isnt nice.

_

Re-check pm i sent you.

[Narvikz 50]

What an executable packer does is running a compression algorithm on the original executable and generate a new executable which will uncompress it on runtime and setup the process environment so you'll run it, depending on how large and how optimized this algorithm is your mileage may vary but it might very well decrease the total size. This is what software like UPX does and to counter this you might either reverse engineer how the compressed payload is uncompressed and do it yourself, intercept the process procedures at runtime right after it is uncompressed but before the process environment is all changed and dump it from memory or dump the final state of the process and rebuild some of its (potentially) damaged sections.

Now, probably you're also up to code virtualisation on top of that, which will allow you to store the actual instructions in a byte array as data and run it through a VM that will interpret it, to counter this you'll have to try a little harder.

You can't simply decompile a portable executable file, that doesn't make sense, code is interpreted and turned into assembly by a compiler and there's no real reliable way to go back from that, it's just not how it works.

 

Additionally, you should be specifically careful since there's red flags on the executable pointing towards a Ramnit malicious payload, this is a PE Infector virus that once on a machine will search for portable executable files, append a new malicious section and replace their Entry Point to run that malicious section. This will effectively ruin all your programs and there's no coming back from that, so I suggest you do not open that ever.

 

Also, fuck off for bashing an upcoming reverse engineer, you guys are cancer and a shame to the free Internet.

[holygram 0]

It's a bit ironic how a forum dedicated to reverse engineering a game made by a different company to have rules against reverse engineering their own creation.