First you have to unpack the EXE using a DOS unpacker and then load the unpacked EXE into IDA.

Here you can find several unpackers for DOS (search for unpack):
https://www.sac.sk/files.php?d=7&l=

You have to try differents unpackers until you find one that works with this EXE.

Some of the unpackers will run in DOSBox but it's recommended to use PCem or 86Box or even real hardware to run them. Some of them will not be able to unpack the file or will crash trying to do it. Even if the unpacker says that the unpack was successful, you should try to load the file in IDA to see if everything it's ok.

ntalaec wrote on 2025-08-29, 01:19:

https://www.sac.sk/files.php?d=7&l=

Good list here. If you have suggestions for this file (death.exe) in the archive lmk. I tried analyzing it with DiE and it didnt see much. F-PROT AV claims its pk but all the pkunpackers deny its pk. Ill keep looking through these unpackers, going to take a bit.

upc111.zip seems to work, but I'm not completely sure.

If you load the unpacked EXE in IDA and open String window in menu View->Open subviews->Strings, you can see some text lines of the program but also some garbled text.

In order to know if an unpacked works with an EXE you should analize the code in IDA.

ntalaec wrote on 2025-08-29, 01:43:

upc111.zip seems to work, but I'm not completely sure.

upc111 worked. the death.exe works. i did notice that when i was debugging the original exe and then dumping ram there are a lot more strings in memory than strings in the upc111 unpacked death.exe, but the size seems right around 256k. ill compare the memory of the original expanded into the 1mb and the upc111 death.exe unpacked and see if the same strings are in memory.
ill also test the up111 unpacked death.exe for proper function.

ntalaec wrote on 2025-08-29, 01:43:

upc111.zip seems to work, but I'm not completely sure.

the unpacked exe looks legit, but the menu "(L)evel Master" fails. It wont even enter. Thats where the registration check fails. Interesting data point. In the regular packed version, the (L)evel Master menu works, but the level up to level 7 fails even though the door is registered.
Seems there is some protection in the system to detect if the exe was unpacked or something.

mickrussom wrote on 2025-08-29, 05:34:

upc111 worked. the death.exe works. i did notice that when i was debugging the original exe and then dumping ram there are a lot more strings in memory than strings in the upc111 unpacked death.exe, but the size seems right around 256k.

If there are strings missing, upc111 doesn't work for this EXE.

CUP386 (also on that page) is worth trying. Pretty sophisticated, and has worked on most things I've thrown at it (there are always exceptions).

VileR wrote on Yesterday, 00:58:

CUP386 (also on that page) is worth trying. Pretty sophisticated, and has worked on most things I've thrown at it (there are always exceptions).

Thanks, I have it a try, but only one of the three modes produced output. Im thinking this might be one of those that has to be run on real hardware or a DOS VM rather than Dosbox?