Jump to content
Tuts 4 You


14 files

  1. Private EXE Protector 3.4.0 (Unpacking)

    Full unpacking and devirtualization of Private Exe Protector v3.3. Deals with oep/import/resource/antidump/.. protections and devirtualization.
    This is a good introduction to modern packers, as PEP implements things in a basic and easy to understand way.
    The tutorial includes dumps for every stage of the unpacking process so the reader can follow along. It also includes all scripts and section dumps used during the unpacking as well as the target.
    by deepzero, 2011




  2. PeSpin x64 1.22 (Unpacking)

    Just another basic x64 unpacking video tutorial, proof of concept for x64_dbg and Scylla.




  3. PeSpin x64 Pre-Alpha (Unpacking)

    A Shockwave Flash movie tutorial showing a method of unpacking PeSpin x64 Pre-Alpha whilst using CHimpREC to repair the IAT.




  4. PeSpin x64 1.22 (All Protections)

    One day I wiped my HDD clean and installed Win7 64bit. Then I remembered that there was an x64 version of PESpin and that I always wanted to try it out, so I downloaded the latest version (1.22 as of today) and started to play with it. It was so much fun I thought about making a tutorial about unpacking it, so I sat down and did it 

    In this 20 minutes long video I talked about:
    the debug blocker the password protection IAT redirection restoring the Relocation Directory (on Win7 64bit ASLR is enabled by default, so why not?) the nanomites, to which I devoted about a third of the tutorial because I really liked them  Besides, I wanted to advertise x64_dbg 

    In the package: tutorial, notes/docs, script, tools, sources and unpackmes.





  5. Themida + WinLicense 2.x (Unpacking)

    I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. So the tutorial [videos + text tutorial] is very long and has a run-time of more than three hours and of course it will be necessary that you also read the text parts I made at the same time if possible but if you are already a advanced user then you will have it easier than a newbie. So I hope that you have enough patience to work through the whole tutorial.

    So the main attention I set on all things which happen after normal unpacking so the unpack process is the simplest part and all what comes after is the most interesting part and how to deal with all problems that happen. It's more or less like a live unpack session.

    I also wrote some small basic little helper scripts which you can also use for other targets to get valuable information if you need.

    Short summation:
    Unpacking Exception analysing VM analysing with UV plugin AntiDump's find & fixing & redirecting "after fix method" Testing on other OS My Special Thanks goes to Lostin who made this unpackme and others + OS's tests. (I want to send a thank you to Deathway again for creating this very handy and helpfully UV plugin). So this is all I have to say about the tutorial so far, just watch and read and then try it by yourself. Oh! and by the way I record ten videos and not only one. If something does not work or you have any problems with this tutorial, etc. then ask in the support topic only. Don't send me tons of PM's, OK! Thank you in advance.

    PS: Oh! and before someone has again something to complain because of my tutorial style [goes to quickly or is bad or whatever] then I just want to say, maybe you're right so normally I don't like to create and write tutorials. This is really not my thing so keep this in your mind.


    1 comment


  6. Enigma Protector 1.90 - 3.xx Alternativ Unpacker v1.1

    Today I release an unpacker script for Enigma Protector. Maybe you know that I created another unpacker script for Enigma in the past which no-longer works for protected Enigma files greater than 3.70+ and this is the reason why I wrote a new script, Enigma Alternativ Unpacker 1.0.

    So what is new in this script? This script will unpack your Enigma protected files and dump the used outer virtual machine. This means you do not need to use the DV / Enigma plugin which is used in my other script. Of course the virtual machine will be still virtualized but your unpacked files will work. It is not the best solution but for the moment it is a good "alternativ" and a working solution.

    Features of the script:

    ( 1.) Unpacking of ENIGMA 1.90 - 3.130+
    ( 2.) RegSheme Bypass & HWID Changer
    ( 3.) Enigma CheckUp Killer
    ( 4.) VirtualMemory Dumper 1.90 - 3.x+ & SC Fixer M1
    ( 5.) UIF Tool Necessary Sometimes!
    ( 6.) Enigma Intern Export & VM Scan + Log
    ( 7.) Improved Import Emulation Fixer
    ( 8.) Supports Exe & Dll Files [dll at EP!]

    This new script again covers almost all the protection features of Enigma Protector like my other script but it has been improved and I have added some extra things that you will see when you get to use it.

    I have created four video tutorials for you where you can see what you have to do in some of the different situations you may experience. Be sure that you "watch the videos" before you use the script to prevent some unnecessary questions where you can already find the answers if you watch them and then read my added text files. I also made an UnpackMe set with six different protected files (watch videos how to unpack all of them).

    If something does not work for you or if you get any trouble or have any questions then just post a reply on the topic (linked above) to get an answer.




  7. Enigma Protector 1.51 (Unpacking)

    Requirement Software: OllyDBG, ImportREC, LordPE
    Level: Intermediate

    With all Protections:
    Control sum checkup File analyzer deception Original file size preservation Extra resource protection Advanced force import protection WinApi Redirection WinApi emulation A file attached to executable File Entrypoint obfuscation Virtual Machine




  8. Enigma Protector 1.xx - 3.xx Vol.1 (Unpacking)

    Today I release - finally - the series of unpacking tutorials about manually unpacking The Enigma Protector. I will discuss all protections of Enigma which are fully detailed as possible.

    I have to say thanks to LCF-AT, she helped me a lot with this.
    Introduction ~ 9:28 Unpacking with patterns ~ 33:03 Finding patch-places without patterns ~ 19:56 Dealing with SDK API's & Custom Emulated API's ~ 28:23 Internal & External VM's (Using Plugin) ~ 5:40 Enigma's Registration Scheme ~ 15:37 EN-DE-Cryption ~ 33:21 Inline patching + Final Words ~ 11:56




  9. Enigma Protector 4.10 (Unpacking)

    A video tutorial showing a method of unpacking Enigma Protector 4.10.




  10. Enigma 1.5 (All Protections No Virtual Machine)

    A Shockwave Flash movie tutorial showing a method of unpacking The Enigma Protector 1.5 with all options enabled - except for Virtual Machine protection.




  11. Enigma 1.6x (Find OEP + IAT Repair)

    Two Shockwave Flash movies showing how to find the OEP and rebuild the IAT of Enigma 1.6x protected files.




  12. Enigma 1.12 (Unpacking)

    This is a tutorial on how to go about unpacking Enigma Protector 1.12 explaining how to bypass the anti-debugging tricks, stolen bytes and repairing the imports of Enigma's Import Elimination method.




  13. Enigma 1.xx - 3.xx Virtual Machine Unpacker v1.0

    It is time to release my new unpack script after a long time and it's also a very large one with more than 7000 lines.

    The title already states it is an unpacker script for Enigma protected files. Again I tried to create a script which can handle almost any version and features and the handling of this script is again very easy for you. In the best case you only need to fix the dump.

    Note: The script uses four different DLL files which you will find in the tools folder so don't forget to enter your paths + save script before you use it the first time. Don't exchange the DLL's with other DLL versions!. Just read the text files or watch the first video and you should throw an eye into Olly LOG window to get some info about your file, etc.
    Enigma 1.x - 3.x Virtual Machine Unpacker v1.0 **************************************************** ( 1.) Unpacking of ENIGMA 1.x - 3.x ( 2.) Overlay Scan & Dump ( 3.) Enigma Version & Extra Data Scan ( 4.) Attached File Dumper ( 5.) Dumping of Clean & Fixed ENIGMA DLL_Loader ( 6.) Read - Log - Labeling of DLL_Loader Exports ( 7.) RegSheme Bypass for Old & New Versions ( 8.) HWID Changer for Old & New Versions ( 9.) Extra File Dumper - VBox ( 10.) VirtualMemory Fixer 1.96 - 3.7+ ( 11.) Stolen Code Fixer ( 12.) VM OEP Scan & Move & Adjustment ( 13.) Advanced Code Redirector ( 14.) IAT Scanner ( 15.) Visual Basic API Fixer ( 16.) Visual Basic Dll Function Logger ( 17.) ENIGMA DLL_Loader SDK API Fixer ( 18.) Extra File SDK API Fixer ( 19.) TLS CB FIXER ( 20.) TLS Pointer Scan & Fixer ( 21.) PE Header Size Increase ( 22.) Main File Dumper ( 23.) GetStartupInfo Patcher ( 24.) Special Anti Patcher ( 25.) Supports Exe & Dll Files ( 26.) Supports Very Easy User Handling **************************************************** I tested this script with a lot of different files to get them successfully unpacked and all in all I am satisfied so far. Of course I created some example videos where you can see how to unpack Enigma files and have written some text files with information about the important stuff. Just read the files before you want to use the script.

    If something does not work for you or if you get any trouble or have any questions then just post a reply on the support topic to get an answer. Let me know if you find any normal Enigma protected files which can't handle the script.

    PS: Before you ask about an Enigma unpack trouble be SURE that you did read all info files & script infos inside the script!




  14. Lenas UnPackMe #8 Unpacking

    A Shockwave Flash movie showing how to unpack Lena's unpackme #8.




  • Create New...