Leaderboard

If that's the case, that's breakable. For RAR the most efficient attacks are bruteforce, and it's much much faster to bruteforce 6-symbol password than 12... You can try freeware cRARk (http://www.crark.net) or pirated Passware Kit to crack your passwords. Depending on your CPU/GPU, it might take few hours/days but that's certainly doable. EDIT: just to give you an example, my (quite outdated) PC can try 4500 passwords/second using cRARk. For the example, there are 26 capital letters, 26 lowercase letters and 10 numbers. So, 62 different characters. If it's a 4-symbol password, it's 62*62*62*62=14776336 possibilities. To try them all, it would take 3283 seconds, or 54 minutes. If it's a 6-symbol password, it's 62*62*62*62*62*62=56800235584 possibilites. That would be 144 days to try them all. If you know you used a word from dictionary, it's much easier to try all words from dictionary. If you used l33t sp34k, that's also a good information. If you know that you always put first capital letter, that's useful. And so on. Read the manual, make the most efficient rules for bruteforce and just try..

...or just use MSDN key that's available on the net and avoid all that insanity. NYWVH-....

Nice GPU you got there, does it run "mines sweeper" at 60 FPS ?

Using cRARk with my GeForce RTX 2080 Ti, you can get around: So if your password is pretty short, bruteforcing is an option for you... -HooK

https://stackoverflow.com/questions/3817941/rar-passwords-why-dont-rainbow-tables-work

I created this experimental project. I hope someone can be useful. any collaboration and improvement is welcome thank you https://github.com/Pigrecos/Triton4Delphi

Files protected with VMProtect demo can be only ran in your own pc.

Hi, hmmm,long time ago already.Dont remember anymore about that.I just checked my codes and seen that I was using the PEB reading method like this... local STARTUP:STARTUPINFO local PI:PROCESS_INFORMATION local PIS:PROCESS_BASIC_INFORMATION local BASEADDRESS:DWORD invoke RtlZeroMemory,addr STARTUP,sizeof STARTUP invoke RtlZeroMemory,addr PI,sizeof PI invoke RtlZeroMemory,addr PIS,sizeof PIS mov STARTUP.STARTUPINFO.cb ,sizeof STARTUPINFO invoke CreateProcess,addr TARGETNAMEPATHBUF,NULL,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,addr STARTUP,addr PI .if eax == 0h ; fails ret .endif invoke NtQueryInformationProcess,PI.PROCESS_INFORMATION.hProcess,ProcessBasicInformation,addr PIS,sizeof PIS,NULL .if eax != 0h ; fails @@: invoke TerminateProcess,PI.PROCESS_INFORMATION.hProcess,0 .if eax != 1 ; fails .endif mov eax, 0h ret .endif mov esi,PIS.PROCESS_BASIC_INFORMATION.PebBaseAddress add esi,8 invoke ReadProcessMemory,PI.PROCESS_INFORMATION.hProcess,esi,addr BASEADDRESS,sizeof BASEADDRESS,NULL .if eax != 1 ; fails jmp @B .endif mov esi, BASEADDRESS greetz

Approach: Keygen.7z xSilent.Runtime.refactored.dll.7z

I led you astray when I stated getting the higher privileged window to change the lower privileged window. Apologies for that! What you need to do is have the higher privileged window change its own handles (window, gadget, etc.) to accept specified messages. In the example below a lower window wants to send #WM_SETTEXT to a higher window. It will not be able to complete this because of UIPI... EnableExplicit Enumeration Windows #Window #Gadget EndEnumeration Declare ChangeWindowMessageFilter() If OpenWindow(#Window, 0, 0, 300, 60, "Window1 - Sender (Low UIPI)", #PB_Window_ScreenCentered | #PB_Window_SystemMenu) ButtonGadget(#Gadget, 5, 5, 290, 50, "CLICK ME!") Repeat Select WaitWindowEvent() Case #PB_Event_Gadget Select EventGadget() Case #Gadget ChangeWindowMessageFilter() EndSelect Case #PB_Event_CloseWindow End EndSelect ForEver EndIf Procedure ChangeWindowMessageFilter() Protected Window, Child Window = FindWindow_(#Null, "Window2 - Receiver (High UIPI)") Child = GetWindow_(Window, #GW_CHILD) SendMessage_(Child, #WM_SETTEXT, 0, "Some text") EndProcedure The example below is the higher window. It wants to receive #WM_SETTEXT from the lower window to change the text of a gadget. Note that I am getting the handle of the gadget and using ChangeWindowMessageFilterEx to allow window messages to be sent from the lower window. EnableExplicit Enumeration Windows #Window #Gadget EndEnumeration Declare ChangeWindowMessageFilter() Global User32 = OpenLibrary(#PB_Any, "user32.dll") Prototype.i ChangeWindowMessageFilterEx(hwnd, message, action, pChangeFilterStruct) Global ChangeWindowMessageFilterEx.ChangeWindowMessageFilterEx ChangeWindowMessageFilterEx = GetFunction(User32, "ChangeWindowMessageFilterEx") If OpenWindow(#Window, 0, 0, 300, 60, "Window2 - Receiver (High UIPI)", #PB_Window_ScreenCentered | #PB_Window_SystemMenu) ButtonGadget(#Gadget, 5, 5, 290, 50, "CLICK ME!") Repeat Select WaitWindowEvent() Case #PB_Event_Gadget Select EventGadget() Case #Gadget ChangeWindowMessageFilter() EndSelect Case #PB_Event_CloseWindow End EndSelect ForEver EndIf Procedure ChangeWindowMessageFilter() #MSGFLT_ALLOW = 1 ; Modifies the User Interface Privilege Isolation (UIPI) message filter for a specified window. If ChangeWindowMessageFilterEx(GadgetID(#Gadget), #WM_SETTEXT, #MSGFLT_ALLOW, #Null) SetGadgetText(#Gadget, "Sender Can Now Change This Text") Else SetGadgetText(#Gadget, "Something Went Wrong!") EndIf EndProcedure 1) Run both executables. 2) Click "CLICK ME!" in Window1 a few times and you will notice nothing changes in Window2 3) Click "CLICK ME!" in Window2 and it will update the message filter of its gadget to accept WM_SETTEXT. Button text should change now. 4) Click "CLICK ME!" in Window1 and the button (gadget) text in Window2 should now change. Ted. ChangeWindowMessageFilterEx.zip

or simply use tools like RunAsDate

There is quite an extensive documentation available at http://help.x64dbg.com/en/latest/introduction/ConditionalBreakpoint.html, however if you don't feel like reading, just use Break Condition "0", Log Condition "r9 != 0" and uncheck "Fast Resume" (since fast resume will skip logging if break condition != 0).

There are many working keys. One of them is "$^CQE!#(Mrfe%&&$": The key was brute forced using a quickly written C++ executable: The code for the C++ executable is as follows:

[*] Changed the text How I did it? [*] Added +1 to sum factorial How I didt it? For now that the addresses are well know you can easily calculate the string value and change edit these reg values by patching the exe so it always return what ever you want.

At a long enough password length, even with enormous computing power, one is more likely to find a collision than the original password. After more than 2^128 combinations are tried for the example AES-128 HMAC used. However since the character set is limited, its not exactly clear which passwords might have shorter length collisions and using which other character set. As well depending on the decryption algorithm, the collision password may not correctly decrypt. Keep in mind that the verification algorithm and decryption algorithm are 2 different things. The verification part is merely to save the trouble of decrypting garbage data and a mere convenience. Old WinRAR versions would just extract without checking validity. In these cases an automated attack would require knowing something about the decrypted data that could be verified for correctness. Unless pre-image attacks against AES become available or quantum computers then simply an 8 character password dictionary resistant with a good enough character set is enough for most usages. If you are worried about the NSA, then probably you would want to use something completely different given they are famous for backdooring algorithms and AES was standardized in part by them.

hello , you can use " crunch " to generate a custom wordlist then change " rar " files extention to " zip " and finally you can use " fcrackzip " , all what i've mentioned is available on " kali linux OS " Greetz

password: "viva la revolution" How the password verified? Here, check my entered password against the correct one, both encrypted. Obviously, the encrypted password at RVA 00011054 is 18 characters long. But, what is the encryption or decryption algorithm? Don't dive into that, instead I assume the algorithm is symmetrical. This time, I entered the right length password "123456789012345678". At entry of the subroutine, Ecx=004FF534, we can find the entered password at allocated buffer 008F0000: Copy and paste with the correct cipher password from RVA 00011054: 008F0000 12 EC C5 CB AC FC 86 96 23 7C 7D 57 46 5C 43 4F 008F0010 56 2D 2A 00 Run to the end of loop at 01323461, we got: 008F0000 12 76 69 76 61 20 6C 61 20 72 65 76 6F 6C 75 74 .viva la revolut 008F0010 69 6F 6E 00 ion.

I think it's more than enough until quantum computing becomes mainstream, most of us will be dust when that happens

It works with the following code, thanks! static int GetRVA(MethodBase mb) { var mdInfo = MetadataInfo.GetMetadataInfo(mb.Module); int table = mb.MetadataToken >> 24; int rid = mb.MetadataToken & 0xffffff; mdInfo.MetaDataTables.GetRow((uint)table, (uint)rid, out var ppRow); return *(int*)ppRow; }

You can use MetadataLocator to get an instance of IMetaDataTables then use https://docs.microsoft.com/en-us/dotnet/framework/unmanaged-api/metadata/imetadatatables-getrow-method

Depending on how it was originally reported (assuming it was through a medium like hackerone) they probably had no other options. Reading over their hackerone page, gives me a few ideas for things to test that are possibly vulnerable. (Not looking to exploit, would report etc.)

Shit like this is the very reason peoples information lands up compromised lol. Companies try to dictate security and what they feel matters, and only when it bites them in the ass later on do they show any care for it. Glad to see someone didn't listen and released the info. Make them accountable.

I can only really see this being useful for small IoT devices where you are deploying a specific program to it and nothing else. For a computer/server where you are running numerous applications built around the .NET framework, it makes 0 sense to bundle like this. You waste space, you lock the application to the included dependencies which can lead to security issues and other problems, among other things. Like Xeno said as well, this isn't new tech either, stuff like this already exists to do the same thing. It is nice that it's built into the framework now and is supported by Microsoft directly, but I just don't see it being that useful for many people. More of a niche thing for IoT devices imo.

Language : .Net Framework 4.0 Platform : Windows x86 OS Version : ( Windows 7 and higher.) Packer / Protector : VMProtect Demo (.NET Support) Description : VMProtect introduce their own .NET solution. This a sample software from their own SDK protected with VMProtect Demo using Ultra (Mutation + Virtualization) Would like to see who and what can be recovered from source and how much of original source can be recovered. Screenshot : Project1.vmp.exe

To redirect all connections to fiddler use proxifier.

Found the bug: 004012D0 . 56 PUSH ESI 004012D1 . 57 PUSH EDI 004012D2 . 8BF1 MOV ESI,ECX 004012D4 . E8 F9140000 CALL 004027D2 ; <JMP.&mfc42.#4710> 004012D9 . 8B86 E0000000 MOV EAX,DWORD PTR DS:[ESI+E0] 004012DF . 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+20] 004012E2 . 8B3D 54324000 MOV EDI,DWORD PTR DS:[403254] 004012E8 . 50 PUSH EAX 004012E9 . 6A 01 PUSH 1 004012EB . 68 80000000 PUSH 80 004012F0 . 51 PUSH ECX 004012F1 . FFD7 CALL EDI 004012F3 . 8B96 E0000000 MOV EDX,DWORD PTR DS:[ESI+E0] 00403228 >753D77AD ­w=u msvcrt.__setusermatherr 0040322C 00000000 .... 00403230 >7616DC6A jÜv shell32.SHBrowseForFolderA 00403234 >76041C24 $v shell32.SHGetPathFromIDListA 00403238 00000000 .... 0040323C >75B07D2F /}°u USER32.GetSystemMetrics 00403240 >75B10C62 b.±u USER32.GetClientRect 00403244 >75B18DEB ë±u USER32.DrawIcon 00403248 >75B12DA4 ¤-±u USER32.EnableWindow 0040324C >75B132A9 ©2±u USER32.IsIconic 00403250 >75B0DAFB ûÚ°u USER32.LoadIconA 00403254 7594A480 €¤”u 00403258 00000000 .... 0040325C 00000000 .... The real Api is: 00403254 >75B1612E .a±u USER32.SendMessageA ˈ

I've already made Olly scripts and a tutorials for this: https://forum.tuts4you.com/topic/41261-pelock-v1-and-v2-scripts-and-tutorials/ Just needed to be configured for trial version. Your unpacked doesn't properly work on my Win 7 x86 computer

PElock use GetLocalTime Function 83 7D 14 00 EB 05 1st API Emulate 87 01 EB 04 67 D2 DE 2nd API Emulate this file is not contain OEP stolen byte FolderCompare_prot_dump_SCY.exe

From my quick test these are the window messages that you won't be able to block, or change the window filtering of, by using ChangeWindowMessageFilterEx. I only did a quick test on Windows 10, I would expect the result to be similar from Windows Vista onward... Ted.

file doesn't run at all

I ran a very quick test and it looks like the following window messages below 0x0400 (on Windows 10) cannot be blocked... 003 / 0x0003 / WM_MOVE 005 / 0x0005 / WM_SIZE 013 / 0x000D / WM_GETTEXT 014 / 0x000E / WM_GETTEXTLENGTH 051 / 0x0033 / WM_GETHOTKEY 127 / 0x007F / WM_GETICON 773 / 0x0305 / WM_RENDERFORMAT 776 / 0x0308 / WM_DRAWCLIPBOARD 781 / 0x030D / WM_CHANGECBCHAIN 787 / 0x0313 / WM_POPUPSYSTEMMENU (Undocumented) 794 / 0x031A / WM_THEMECHANGED 795 / 0x031B / WM_UAHINIT (Undocumented) 799 / 0x031F / WM_DWMNCRENDERINGCHANGED (Undocumented) Ted.

Patched it (didn't devirt) But i can't attach file since i cant obfuscate the dll that i used without your file breaking ;-; Might upload the cracked file in a day or 2 when i find a way to obfuscate my .dll without the file breaking Edit: the executable is named crackme because when i dumped the packer i renamed it to crackme without noticing Edit2: Download Link: https://anonfiles.com/V504690ana/CrackMeCracked_Protected_rar Doesn't let me attach file its too big

have you discord ?

It seems to be working perfectly fine here. I remade the example code slightly, find attached and below. I added some error checking and reporting, it may help you out a bit. As to why it may not be working for you. Possibly you have changed your Windows settings lowering UAC and/or secure desktop security policy settings. Window1 - Sender (Low UIPI) EnableExplicit Enumeration Windows #Window #Gadget EndEnumeration Declare ChangeWindowMessageFilter() If OpenWindow(#Window, 0, 0, 300, 60, "Window1 - Sender (Low UIPI)", #PB_Window_ScreenCentered | #PB_Window_SystemMenu) ButtonGadget(#Gadget, 5, 5, 290, 50, "CLICK ME!") Repeat Select WaitWindowEvent() Case #PB_Event_Gadget Select EventGadget() Case #Gadget ChangeWindowMessageFilter() EndSelect Case #PB_Event_CloseWindow End EndSelect ForEver EndIf Procedure ChangeWindowMessageFilter() Protected Window, Child Static Num Num = Num + 1 Window = FindWindow_(#Null, "Window2 - Receiver (High UIPI)") Child = GetWindow_(Window, #GW_CHILD) SendMessage_(Child, #WM_SETTEXT, 0, Str(Num)) EndProcedure Window2 - Receiver (High UIPI) EnableExplicit Enumeration Handles #Window #Gadget0 #Gadget1 #Gadget2 #Gadget3 EndEnumeration Enumeration Action #MSGFLT_RESET #MSGFLT_ALLOW #MSGFLT_DISALLOW EndEnumeration Structure CHANGEFILTERSTRUCT cbSize.l ExtStatus.l EndStructure Global CHANGEFILTERSTRUCT.CHANGEFILTERSTRUCT\cbSize = SizeOf(CHANGEFILTERSTRUCT) Declare.i WindowsErrorCode(ErrorCode, ExtStatus) Prototype.i ChangeWindowMessageFilterEx(hwnd, message, action, pChangeFilterStruct) Global ChangeWindowMessageFilterEx.ChangeWindowMessageFilterEx Global User32 = OpenLibrary(#PB_Any, "user32.dll") ChangeWindowMessageFilterEx = GetFunction(User32, "ChangeWindowMessageFilterEx") If OpenWindow(#Window, 0, 0, 305, 60, "Window2 - Receiver (High UIPI)", #PB_Window_ScreenCentered | #PB_Window_SystemMenu) ButtonGadget(#Gadget0, 5, 5, 70, 50, "NUM") ButtonGadget(#Gadget1, 80, 5, 70, 50, "RESET") ButtonGadget(#Gadget2, 155, 5, 70, 50, "ALLOW") ButtonGadget(#Gadget3, 230, 5, 70, 50, "DISALLOW") Repeat Select WaitWindowEvent() Case #PB_Event_Gadget Select EventGadget() Case #Gadget1 ChangeWindowMessageFilterEx(GadgetID(#Gadget0), #Null, #MSGFLT_RESET, @CHANGEFILTERSTRUCT) Case #Gadget2 ChangeWindowMessageFilterEx(GadgetID(#Gadget0), #WM_SETTEXT, #MSGFLT_ALLOW, @CHANGEFILTERSTRUCT) Case #Gadget3 ChangeWindowMessageFilterEx(GadgetID(#Gadget0), #WM_SETTEXT, #MSGFLT_DISALLOW, @CHANGEFILTERSTRUCT) EndSelect WindowsErrorCode(GetLastError_(), CHANGEFILTERSTRUCT\ExtStatus) Case #PB_Event_CloseWindow End EndSelect ForEver EndIf Procedure.i WindowsErrorCode(ErrorCode, ExtStatus) Protected lpBuffer, Message.s Select ExtStatus Case 0 Message.s = "MSGFLTINFO_NONE" + #CRLF$ + "Applies to MSGFLT_ALLOW and MSGFLT_DISALLOW." Case 1 Message.s = "MSGFLTINFO_ALREADYALLOWED_FORWND" + #CRLF$ + "The message has already been allowed by this window's message filter, and the function thus succeeded with no change to the window's message filter. Applies to MSGFLT_ALLOW." Case 2 Message.s = "MSGFLTINFO_ALREADYDISALLOWED_FORWND" + #CRLF$ + "The message has already been blocked by this window's message filter, and the function thus succeeded with no change to the window's message filter. Applies to MSGFLT_DISALLOW." Case 3 Message.s = "MSGFLTINFO_ALLOWED_HIGHER" + #CRLF$ + "The message is allowed at a scope higher than the window. Applies to MSGFLT_DISALLOW." EndSelect FormatMessage_(#FORMAT_MESSAGE_FROM_SYSTEM | #FORMAT_MESSAGE_ALLOCATE_BUFFER, #FORMAT_MESSAGE_FROM_STRING, ErrorCode, #Null, @lpBuffer, #Null, #Null) MessageRequester("GetLastError Code: " + ErrorCode, PeekS(lpBuffer) + #CRLF$ + Message.s, #MB_ICONERROR | #MB_TOPMOST | #MB_SETFOREGROUND) EndProcedure Ted. ChangeWindowMessageFilterEx.zip

Here's how i'd access the media.. ZDF-Mediathek "Die Subway-Falle" -> grab the "master.m3u8" https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/master.m3u8 instead of: https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_776000_av.m3u8 use: https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/master.m3u8 now have a looksy with FFMpeg -i Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_229000_av.m3u8?null=0' for reading [https @ 00000000026807c0] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_476000_av.m3u8?null=0' for reading [https @ 00000000026807c0] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_776000_av.m3u8?null=0' for reading [https @ 00000000026807c0] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_1496000_av.m3u8?null=0' for reading [https @ 00000000026807c0] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_2296000_av.m3u8?null=0' for reading [https @ 00000000026807c0] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_3296000_av.m3u8?null=0' for reading [https @ 00000000026807c0] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/index_229000_a.m3u8?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_229000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_229000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_476000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_476000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_776000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_776000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_1496000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_1496000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_2296000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_2296000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_3296000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_3296000_av.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment1_229000_a.ts?null=0' for reading [hls,applehttp @ 0000000002678c80] Opening 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/segment2_229000_a.ts?null=0' for reading Input #0, hls,applehttp, from 'https://zdfvodde-vh.akamaihd.net/i/meta-files/zdf/smil/m3u8/300/16/11/161124_subwaylfalle_inf/6/161124_subwaylfalle_inf.smil/master.m3u8': Duration: 00:44:43.44, start: 0.100511, bitrate: 0 kb/s Program 0 Metadata: variant_bitrate : 226000 Stream #0:0: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 320x176 [SAR 1:1 DAR 20:11], 25 fps, 25 tbr, 90k tbn, 50 tbc Metadata: variant_bitrate : 226000 Stream #0:1: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 226000 Program 1 Metadata: variant_bitrate : 474000 Stream #0:2: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 480x272 [SAR 1:1 DAR 30:17], 25 fps, 25 tbr, 90k tbn, 50 tbc Metadata: variant_bitrate : 474000 Stream #0:3: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 474000 Program 2 Metadata: variant_bitrate : 775000 Stream #0:4: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 640x360 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc Metadata: variant_bitrate : 775000 Stream #0:5: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 775000 Program 3 Metadata: variant_bitrate : 1495000 Stream #0:6: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 852x480 [SAR 1:1 DAR 71:40], 25 fps, 25 tbr, 90k tbn, 50 tbc Metadata: variant_bitrate : 1495000 Stream #0:7: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 1495000 Program 4 Metadata: variant_bitrate : 2297000 Stream #0:8: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 1024x576 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc Metadata: variant_bitrate : 2297000 Stream #0:9: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 2297000 Program 5 Metadata: variant_bitrate : 3298000 Stream #0:10: Video: h264 (Main) ([27][0][0][0] / 0x001B), yuv420p, 1280x720 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc Metadata: variant_bitrate : 3298000 Stream #0:11: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 3298000 Program 6 Metadata: variant_bitrate : 95000 Stream #0:12: Audio: aac (LC) ([15][0][0][0] / 0x000F), 44100 Hz, stereo, fltp Metadata: variant_bitrate : 95000

x32 versions attached here... Ted. ChangeWindowMessageFilterEx.zip

https://visualstudio.microsoft.com/es/vs/support/community-edition-expired-buy-license/ really need login for unlock the ide, only that Community Edition is free. You just need to sign-in with your Microsoft account and everything will be fine again. im was using from 2017 to today..never i was need a licence .. only login BR, Apuromafo

Visual Studio Community also expires: I mean you still have to register online: https://www.quora.com/Visual-Studio-Community-Edition-2017-is-alerting-me-that-Your-30-day-free-trial-has-ended-activate-license-or-close-Why-would-this-be-happening

pleas explain how u unpack it?

I am mostly wondering why an unpackme needs an anti VM mechanism in place. I am not running any foreign binaries on my host machine. Yes I can patch it myself, but what is the point? Given the fact that it also takes a huge amount of time to even start up, I find it a little unsettling if I have to be honest.

Hi New Update with more features : https://github.com/Ahmadmansoor/AdvancedScript AdvancedScript version 4.3 https://github.com/Ahmadmansoor/AdvancedScript/releases * Add new commands and fix some bugs * fix error load of the Auto Commands when there is no ; * Fix AutoRun and stepson ( wait command to finish). * Fix color variable name. * Add ReadFile , Write2Mem , ReadMem * Add GoToByBase Form ( https://www.youtube.com/watch?v=gQxlbC8RnRg ) * Assigne variable directly no need to Setx Command. Sample : Varx str,memory // var will hold the hex value Varx int,rax_,0 // read rax value +1 Varx str,ourStr // read test string ReadMem $memory,{rax},5 $rax_={rax} +1 $rax_=ads.exebase ReadStr $ourStr,{rdx}

I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use MegaDumper only and directt dump the assembly. But if the assembly is packed with native stub and protected with anti dump (ConfuserEx and others) or protected with whole #US encryption (DNGuardHVM and others), maybe this way is good to dump assemblies. If you can not understand it, you can reply me. Best wish.

[.NET]实战UnpackMe.mp4 -> https://mega.nz/#!YxwQSAxA!Lwd9XStVyue8fdYKZXmYkoDxE0Y7ftsyNYtBKLTRrGM

@mdj: 使用x64dbg暴打非托管强壳.mp4 -> https://mega.nz/#!Y5JBTaCS!hJXzN5ssvUyRHW8VgpGxINEVrW1zJ2Up96vqqJVG5co I can upload the second video tomorrow, if you need that too. @all: Please be nice and don't abuse the link, it is a free Mega account and has traffic limitations.

https://github.com/x64dbg/x64dbg/releases https://github.com/wwh1004/ExtremeDumper/releases

Here is the code without strings decrypted more to show that i havent just remade the method from scratch but have actually devirtualised the file obfuscator is not that good in all honesty once you get your head around everything in one method its just like any other vm private void button1_Click(object sender, EventArgs e) { int num = 0; if (num != 0) { object obj; char[] value = obj = new char[16]; obj[0] = (2049885642 ^ 2049885579); obj[1] = (721969625 ^ 721969580); obj[2] = (1722827470 ^ 1722827450); obj[3] = (675984423 ^ 675984463); obj[4] = (1647779473 ^ 1647779505); obj[5] = (1793770717 ^ 1793770638); obj[6] = (640259843 ^ 640259958); obj[7] = (959731082 ^ 959731177); obj[8] = (1744869780 ^ 1744869879); obj[9] = (237600744 ^ 237600653); obj[10] = (492056264 ^ 492056251); obj[11] = (327956409 ^ 327956426); obj[12] = (688741927 ^ 688741953); obj[13] = (658212064 ^ 658211989); obj[14] = (454212694 ^ 454212666); obj[15] = (28756323 ^ 28756290); MessageBox.Show(new string(value)); } else { object obj; char[] value2 = obj = new char[10]; obj[0] = (1435200779 ^ 1435200842); obj[1] = (853162666 ^ 853162719); obj[2] = (2119875586 ^ 2119875702); obj[3] = (712244489 ^ 712244577); obj[4] = (1541140050 ^ 1541140082); obj[5] = (2107783153 ^ 2107783095); obj[6] = (1703953462 ^ 1703953495); obj[7] = (1864360465 ^ 1864360568); obj[8] = (2035746888 ^ 2035746852); obj[9] = (620298057 ^ 620298088); MessageBox.Show(new string(value2)); } }

Alright, it was really easy to remove Opening the .exe on Dnspy we can see that the methods have some kind of decompiler crashing. So what i did was simply loading the .exe and writing each instruction to console to see what is going on. Well a lot of ldc.i4.6 appeared as you can see here Simply made a quick tool to remove this Now you can open it on dnspy and see the actual code. But there are some anti-debuggers so i modified the tool that i made to remove the antidebuggers too. like this You can simply debug it now CrackMe (1)-Cleaned.exe

nice . You’re very professional.

Figured I drop this here. Its the packer and decompressor I use for my private build of my exe packer. Feel free to do what you want with it. lzma_decenc.rar

Let me share you a couple of old keygen sources created in delphi. These sources are old, ugly & coded in a dirty style. A couple of these sources are coded by me and a couple by others, Maybe you can study and learn of it. Password is my name. sources.rar