Leaderboard

You still alive? What this blue 🤔 anyway is good to see you after 2 years

@ro0t I traced your obsfuscations, IAT, and sections, no brute force. I found static strings such as Nickname, serial key, etc., in the rdata section. The main function was to set up the stack frame and then jump to the .ll section with MBA chains. I spent a while trying to make sense of it, but got nowhere with it. So, I wrote a small emulator to fake out the Windows structure (honestly, I am not on Windows these days), .a2l runtime needs (TED/PEB/LDR it walks to resolve the VirtualAlloc, which is kind of neat) and hooked IAT functions. Figured out the program does malloc for parsing the input serial bytes, then malloc for a 16-byte buffer where it stores the result of some custom 128-bit hash over the nickname, and the comparison between the two is done inline, so you can't just set a breakpoint to check. And then I read the computed hash from the heap, and that's your serial. I think it's really solid work. The MBA transforms did their job; I genuinely could not recover the logic. The .a2l runtime with its own stack and PEB walking dispatcher is a nice touch too. The thing that let me bypass all of it was that the I/O boundary is still clean and IAT calls to printf, fgets, and malloc are right there unprotected, so hooking them gives you the inputs and outputs without having to understand anything in between.

/* Undefine this to disable thread support. */ //#define WEBP_USE_THREAD 1I commented this out and recompiled it. hope this helps libwebp.zip

Hi @LCF-AT F-AT and @fearless , I did some more digging on those SRW lock errors. The real problem is that fearless's libWebP.lib was compiled with modern MSVC which links threading support against Synchronization APIs — and the old Masm32 kernel32.lib simply doesn't have those __imp__ decorated exports. The cleanest fix without rebuilding the lib: Copy the kernel32.lib from your Windows SDK directly into your project folder: C:\Program Files (x86)\Windows Kits\10\Lib\10.x.x\um\x86\kernel32.libAdd it explicitly in your link command before the Masm32 one, so it takes priority: LINK.EXE /SUBSYSTEM:WINDOWS /RELEASE /VERSION:4.0 /LIBPATH:"C:\YourProject\SDKLibs" /LIBPATH:"C:\_First\RadASM\Masm32\Lib"The order matters — the linker searches paths left to right. For the uuid.lib LNK4003 warning: same story, the Masm32 version is old OMF format. Grab the COFF version from the same SDK \um\x86\ folder. Even cleaner — @fearless: if you still have the WebP CMake build around, could you rebuild with -DWEBP_USE_THREAD=OFF? That strips out the SRW/ConditionVariable dependencies entirely since LCF-AT is just doing single-threaded image loading anyway. The lib would be smaller and have zero CRT or threading baggage. Price h_h

Took a quick look, didn’t dive too deep yet. Already managed to expose part of the check (PBKDF2 → AES → "UNPACKED"), so it’s not as opaque as it first looks. This kind of protection layer is also something I’ve been dealing with in my own work: https://forum.tuts4you.com/topic/46002-continuation-fork-krypton-net-reactor-devirtualizer/#comment-229109 No full unpack yet, just a quick peek for now.

My malware collection: Here is a collection of malwares. Not a complete collection LOL :-) The collection include HTML infector, MP3 infector, a Ramsoware (and some analyzes of it), Zip password is INFECTED or infected alternative download link: https://workupload.com/file/hBttkmGhc9S InfectedCollection.rar

No easy way. Some ways to obtain libs and or build them are: nuget: https://www.nuget.org - search for packages, select and choose download package on right side. .nupkg files are just zip archives, so rename .nupkg file and add a .zip to the extension and extract with Winzip, Winrar or 7zip. For example: https://www.nuget.org/packages/zlib_static vcpkg: https://www.studyplan.dev/pro-cpp/vcpkg-windows, https://github.com/microsoft/vcpkg. Once installed you can install packages via the command line, for example: vcpkg install zlib --triplet x86-windows-static. Note: If you don't have a x86-windows-static.cmake file in the triplets folder you can easily create one with notepad: set(VCPKG_TARGET_ARCHITECTURE x86) set(VCPKG_CRT_LINKAGE static) set(VCPKG_LIBRARY_LINKAGE static)cmake: https://cmake.org/download/ - third party and open source libraries on Github that support Cmake and have a CMakeLists.txt file. Cmake can build the visual studio solution (.sln) for x86 or x64. Once the solution is built you can compile the library with visual studio. Most of the solutions will only give you libraries that are compiled with cdecl prototypes, (PROTO C in masm etc), which makes it harder to use with lib2inc.exe for example as you will only be given :VARARG instead of defined parameters. That may be enough to use the library though. Also libraries compiled as for standard visual studio usage, along with the functions being exported/defined as cdecl, will also require additional visual c libraries to handle extra things like security cookies, exception handling and other stuff, which make linking with the library in asm a lot more awkward. I prefer if possible to compile libraries with stdcall (PROTO STDCALL in masm etc or just PROTO as the default is assumed as STDCALL), which means its easier to create definition files for RasASM/WInASM (masmApiCall.api or masmApiCall.vaa files) However its not just a case of changing the calling convention to stdcall (Solution right click->properties->Configuration Properties->C/C++->Advanced->Calling Convention: __stdcall (/Gz)) as some properties need changing and/or manual fixing up may be required: adjusting defines, changing some functions that cant be configured as __stdcall, disabling exception handling, disabling security check and changing runtime library to /MT instead of /MD : Solution right click->properties->Configuration Properties->C/C++->Enable C++ Exceptions: No Solution right click->properties->Configuration Properties->C/C++->Runtime Library: /MT Solution right click->properties->Configuration Properties->C/C++->Security Check: Disable Security Check (/GS-) There are other settings in a project that may need changing as well, like disabling Whole Program Optimization etc Once compiled, then you need to test that the library works in masm/uasm.

Well done :) I can create some more challenges for you if you'd like, I also have Intellilock

Does .NET Reactor 7.5.9.1 exist in the world? Seems the latest is 7.5 : https://www.eziriz.com/reactor_download.htm

src & exe ... GetWinVer_src.zip

I believe we are moving forward in the challenge

Some have already been included from @fearless API/Library Function/Method Language/Framework Notes Windows API (Native) DeleteFileA() / DeleteFileW() C/C++ Low-level, Unicode support with W variant. Only deletes files, not directories. Windows API (Native) RemoveDirectoryA() / RemoveDirectoryW() C/C++ Deletes empty directories only. Must be empty first. Windows API (Native) SHFileOperationA() / SHFileOperationW() C/C++ High-level Shell API. Can delete files/folders recursively with flags like FO_DELETE. Supports recycle bin. Windows API (Native) IFileOperation COM Interface C/C++ Modern replacement for SHFileOperation(). Better for recursive deletion and recycle bin support. MSVC Standard Library std::filesystem::remove() C++17+ Deletes a single file or empty directory. MSVC Standard Library std::filesystem::remove_all() C++17+ Recursively deletes files and directories. Qt Framework QFile::remove() C++ (Qt) Deletes a single file. Cross-platform. Qt Framework QDir::removeRecursively() C++ (Qt) Recursively removes a directory and all contents. Cross-platform. Qt Framework QDir::rmdir() C++ (Qt) Removes an empty directory only. .NET Framework File.Delete() C# / VB.NET Deletes a single file. .NET Framework Directory.Delete() C# / VB.NET Deletes a directory; optional recursive parameter for contents. Python (stdlib) os.remove() Python Deletes a single file. Python (stdlib) os.rmdir() Python Removes an empty directory. Python (stdlib) shutil.rmtree() Python Recursively removes a directory tree.

DeleteFile DeleteFileA: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-deletefilea DeleteFileW: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-deletefilew RemoveDirectory RemoveDirectoryA: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-removedirectorya RemoveDirectoryW: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-removedirectoryw SHFileOperation SHFileOperationA: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shfileoperationa SHFileOperationW: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shfileoperationw SHFILEOPSTRUCT (for SHFileOperation) SHFILEOPSTRUCTA: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/ns-shellapi-shfileopstructa SHFILEOPSTRUCTW: https://learn.microsoft.com/en-us/windows/win32/api/shellapi/ns-shellapi-shfileopstructw

prob need to change to include the PROTO C definition for functions: uncompress2 PROTO C :DWORD,:DWORD,:DWORD,:DWORDdll2lib is not the best way to accomplish this, as you are including the whole dll, all functions regardless of what you might want to use. Best way would be to download a static library and define the inc file using PROTO C, but that assumes you know what the parameters are - sometimes they are defined in docs, readmes, api's or headers. The ultimate way IMHO is to compile and selectively choose stdcall and strip out the stuff not needed for masm etc, as outlined in previous post.

Hey guys. thanks again for your help so far. The good news first its working NOW using the latest new libweb from you @fearless. The bad news is, I don't know why because, I got again that error.. LIBCMT.lib(_chkstk_.obj) : fatal error LNK1112: module machine type 'x64' conflicts with target machine type 'X86'..about x64 with x86. I made a new sample project just to put the lib with some functions calls into to see whether it works and at some point it did compile it but I really didn't changed anything what makes it so strange. In my big main code project I got same error again and then I just places the.. include libwebp.inc includelib libwebp.lib...somewhere higher and then it work to compile the project = Then I tried to place the both entry's back at the lower place and it worked too then. Super strange. So could it be that there is any reading syntax problem or something? Doing some new copy / paste did maybe fix that problem. I don't know, its again one of those super awkward issues you'll never get or find any logical answer for. (Used WinASM, still)! I don't have Windows SDK etc. As I said, I didn't code for longer while and just had to update some codes etc. By the way, I also tried to create a static lib of that dll or any others using Dll2Lib tool but even with the created libs from there it didn't work and also forgot how to use it right to get it work even I used it years ago pretty often. Damn! Is there now some easier way to make static libs etc? I mean without to install all those VC HUGE package tools I don't need etc. Just a tool, load dll, make the static lib, use it etc. Let me know if so. Thanks again guys. greetz

@Visual Studio How do you add custom anti-tamper? Can we add custom anti-tamper on .net reactor 7.5?

ok , I am so sorry to bather you. thank you .

Thanks. Your example works, but in my Visual C++ program RtlGetVersion doesn't work, probability I'm missing some config. I was able to fix this by @boot samples; all works fine now.

Apologies for the late response. Let me know if this was not what you wanted... Ted. RtlGetVersion.zip

https://github.com/HydraDragonAntivirus/HydraDragonAntivirus/tree/development-version/hydradragon/python_hook_backend/new/nuitka_blob_loader

@boot , I was unable to compile your code for x86 on VS 2022, so I wrote my own based off of what you provided. I was able to compile (x86/x64) and run this code on WIN7+: // // Windows Version Reader by Stingered (2026) // Compatible: Windows 7 through Windows 11 (hopefully) // #include <Windows.h> #include <stdio.h> #include <iostream> typedef NTSTATUS(NTAPI* pfnRtlGetVersion)(PRTL_OSVERSIONINFOW); void GetRealVersion(DWORD* major, DWORD* minor, DWORD* build, DWORD* revision) { HMODULE hMod = GetModuleHandleW(L"ntdll.dll"); if (hMod) { pfnRtlGetVersion RtlGetVersion = (pfnRtlGetVersion)GetProcAddress(hMod, "RtlGetVersion"); if (RtlGetVersion) { OSVERSIONINFOEXW osvi = { 0 }; osvi.dwOSVersionInfoSize = sizeof(osvi); if (RtlGetVersion((PRTL_OSVERSIONINFOW)&osvi) == 0) { // STATUS_SUCCESS if (major) *major = osvi.dwMajorVersion; if (minor) *minor = osvi.dwMinorVersion; if (build) *build = osvi.dwBuildNumber; } } } HKEY hKey; if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS) { DWORD ubr = 0; DWORD size = sizeof(ubr); if (RegQueryValueExW(hKey, L"UBR", NULL, NULL, (LPBYTE)&ubr, &size) == ERROR_SUCCESS) { if (revision) *revision = ubr; } RegCloseKey(hKey); } } int main() { std::cout << "\r\n Windows OS Version Reader\r\n"; std::cout << " Compatibility: Windows 7 through Windows 11 (hopefully)\r\n"; DWORD major = 0; DWORD minor = 0; DWORD build = 0; DWORD revision = 0; GetRealVersion(&major, &minor, &build, &revision); printf("\r\n Windows Version -> %u.%u.%u.%u\r\n", major, minor, build, revision); printf("\n"); system("pause"); return 0; }

Here is my code: RTL_OSVERSIONINFOW rovi = { 0 }; HMODULE hMod = ::GetModuleHandleW(L"ntdll.dll"); if (hMod) { RtlGetVersionPtr fxPtr = (RtlGetVersionPtr)::GetProcAddress(hMod, "RtlGetVersion"); if (fxPtr != NULL) { rovi.dwOSVersionInfoSize = sizeof(rovi); if ( STATUS_SUCCESS == fxPtr(&rovi) ) { OSVERSIONINFO os; ZeroMemory(&os, sizeof(OSVERSIONINFO)); os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); os.dwMajorVersion = rovi.dwMajorVersion; os.dwMinorVersion = rovi.dwMinorVersion; int sheetmajor = os.dwMajorVersion; // 5 int sheetminor = os.dwMinorVersion; // 1 return os; } } }returns v5.1 Here is registry key read: char* version_str = TryReadRegistryKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "CurrentVersion"); char* TryReadRegistryKey(HKEY hkey,char* regpath, char* valuename) { LONG lResult; HKEY hKey2; DWORD dwType; DWORD dwBytes = 100; lResult = RegOpenKeyEx(hkey, regpath, 0, KEY_READ|KEY_QUERY_VALUE|KEY_WOW64_32KEY, &hKey2); if (lResult != ERROR_SUCCESS) return 0; lResult = RegQueryValueEx(hKey2, valuename, 0, &dwType, (LPBYTE)buffer_keep, &dwBytes); RegCloseKey(hKey2); if (lResult == ERROR_SUCCESS) return buffer_keep; return 0; } also return v5.1. @Teddy Rogers I will be very great-full if you post an compiled exe if that is possible.

https://stackoverflow.com/questions/37700605/getting-windows-os-version-programmatically [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion] "CurrentVersion"="6.3" Problem solved.

r00t0 KeygenMe v4 Difficulty: 5 Language: C GCC Platform: x64 OS Version: Windows 10+ Packer / Protector : Selfmade Description : Implement keygenme that generate a serial derived from a nickname. Also demonstrate a generator that, given a nickname, produces the correct serial. I used my own tool that I've been developing for two years. It started as an optimizer, but I’m now experimenting with the reverse idea — using it to help with obfuscation and code retranslation. File Information Submitter r00t0 Submitted 11/02/2025 Category KeygenMe View File

Okay, that’s the correct key. Did you use any tool or just brute-force it?

Nice one, have to give you credit for your obsfuscator: Key

Eazfuscator.NET v2025.01 File protected by eazfuscator v2025.01 having Code Virtualization enabled. Find registration combination and reply it with the success message! File Information Submitter whoknows Submitted 07/22/2025 Category UnPackMe (.NET) View File

What Apis can be used for deleting a file or a folder? Can someone list most of them or all of them?

A couple of years ago my old Iomega ZIP100 parallel port drive started randomly ejecting disks. Instead of replacing it, I decided to do something slightly unreasonable: reverse-engineer the protocol and build my own ZIP100 emulator. That hobby project eventually became LPT100, a parallel-port ZIP100 emulator implemented on a microcontroller that reads/writes disk images stored on a USB flash drive. The project ended up being much deeper than expected because there is almost no public documentation of the ZIP parallel protocol. Most of the work involved reverse-engineering the Linux ppa driver, tracing PALMZIP behavior, and capturing port activity. The final project, named LPT100, was implemented on a PIC32MZ microcontroller and tested with: MS-DOS/Windows 98/Windows XP/Linux (Super 8086 Box, DOSBox-X, QEMU) and MS-DOS + PALMZIP (Book 8088), with disk images stored on USB flash drive. Parallel port interface was done via GPIO + DMA capture. I documented everything in two articles: Part 1 – Protocol reverse engineering + emulator in DOSBox/QEMU https://www.toughdev.com/content/2026/02/pic32mz-iomega-zip100-parallel-port-emulator-part-1-dosbox-qemu-testing/ Part 2 – Building the actual hardware https://www.toughdev.com/content/2026/03/pic32mz-iomega-zip100-parallel-port-emulator-part-2-hardware-design/ Part 1 Video - Emulator testing (DOSBox + QEMU + multiple OSes): https://youtu.be/ZMJkRygU8kI Part 2 Video - Real hardware LPT100 board running on Book 8088: https://youtu.be/340J7vItfPw On my Book8088 system, write speed is ~7.2 KB/s, read speed is around 6.3 KB/s in nibble mode, which is actually pretty close to real ZIP parallel performance on 8088 systems. When tested in Windows 98 using DOSBox-X, the speed is around 50-60KB/sec in bidirectional mode. The emulator works perfectly on 8088-class systems, although faster machines (386+) can overwhelm the microcontroller timing. I might consider migrating to a faster MCU (e.g. Teensy) in a future revision. If anyone here still uses parallel ZIP drives, I would love to hear your thoughts.

there is 2 way as far as i know, de4dot uses hash and which i dont know how it works and how it detects the handler second way is mine, in every handler, you need to seperate when the handler reach the end of its blocks, since its combined you need to detect the last instruction of every handler in handler method the structure should be like this handlerMethod{{handler1_start..handler1_end}, {handler2_start..handler2_end}} then to detect what handler is that use pattern matching loop through every handler you detect in that handlerMethod then match with the right pattern

hekliet keygemne #1 Not much to say there. Valid solution is a keygen that produces a valid key for any given name. Binaries for Linux and Windows are provided. Plain C, no symbols stripped, compiled with -O0, so should be fairly easy to follow. Difficulty is medium. Or perhaps easy for someone with some math knowledge. Here are some valid keys: Name: hekliet Key: 3fec806bc9ce82d4c00ee01af273a0b5 Name: Tuts 4 You Key: 40105e5bb69056bd3fdc1a4496fa9430 Name: Guybrush Threepwood Key: 400e09a63ee6d3a2bfd94d31f7369d10 File Information Submitter hekliet Submitted 03/17/2026 Category KeygenMe View File

My solution (Not much to say there either)... kg.7z

Hi @fearless, thanks for all those info's but its really too complex. Lets say I have / find some lib on internet or download it from that website you did mention nuget like that zlib static. Now I put it in my project.. includelib zlib.lib...create a function proto.. uncompress2 PROTO :DWORD,:DWORD,:DWORD,:DWORD...and a function of it in source... invoke uncompress2,0,0,0,0...and I get... error LNK2019: unresolved external symbol _uncompress2@16 referenced in function _$$$00001@0 ...\WinAsm\testingonly\onlytest.exe : fatal error LNK1120: 1 unresolved externals....why? I know in the past I creates static libs using the dll2lib tool..https://binary-soft.com/index.htm but I forgot how it works or how to make the function work using that lib then. Just forgot it and I also get those linker errors. The only thing I can do is using the direct dll files to load them but its not so nice way and I would prefer doing some static libs instead. So my goal is it just to create a static lib of any dll I need to use few functions XY. I create the lib using dll2lib etc but always get some errors. greetz

Hi again, @fearless could it be that you create that lib with specific linker options to include those specific other libs? I tried to load your example project in RadASM and compiled there but I get errors about missing libs... ucrt.lib Uuid.Lib vcruntime.lib oldnames.lib libcmt.lib....I put them into lib folder and get this error now... libWebP.lib(vp8l_dec.obj) : warning LNK4044: unrecognized option "alternatename:___isa_available=___isa_available_default"; ignored libWebP.lib(yuv.obj) : warning LNK4044: unrecognized option "alternatename:___isa_available=___isa_available_default"; ignored libWebP.lib(lossless.obj) : warning LNK4044: unrecognized option "alternatename:___isa_available=___isa_available_default"; ignored C:\_First\RadASM\Masm32\Lib\uuid.lib : warning LNK4003: invalid library format; library ignored C:\_First\RadASM\Masm32\Lib\uuid.lib : warning LNK4003: invalid library format; library ignored libWebP.lib(upsampling.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(rescaler.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(alpha_processing.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(lossless.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(filters.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(vp8_dec.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(thread_utils.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(dec.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(yuv.obj) : error LNK2001: unresolved external symbol __imp__ReleaseSRWLockExclusive@4 libWebP.lib(upsampling.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(rescaler.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(alpha_processing.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(lossless.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(filters.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(vp8_dec.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(thread_utils.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(dec.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(yuv.obj) : error LNK2001: unresolved external symbol __imp__AcquireSRWLockExclusive@4 libWebP.lib(thread_utils.obj) : error LNK2001: unresolved external symbol __imp__InitializeSRWLock@4 libWebP.lib(thread_utils.obj) : error LNK2001: unresolved external symbol __imp__InitializeConditionVariable@4 libWebP.lib(thread_utils.obj) : error LNK2001: unresolved external symbol __imp__WakeConditionVariable@4 libWebP.lib(thread_utils.obj) : error LNK2001: unresolved external symbol __imp__SleepConditionVariableSRW@16 libWebPTest.exe : fatal error LNK1120: 6 unresolved externals...any ideas how to fix that or could you maybe rebuild that lib somehow else / clean etc? Thanks. @Price Not sure about that, could also just some AntiDump issue the script maybe didn't find / fix it because manually changes etc. As I said, I'm out of to check TM WL stuff for long time. Hope you get some help by other member to handle your target problems. greetz

Bypassed the license check but unpack is too complicated. The imports are very heavy wrapped. Can do it but few hours manual work will need.

Unpacked CFF Explorer_protected_unp_cl.7z

Difficulty : I guess 3 is enough. Language : Delphi Platform : Windows x32/x64 OS Version : XP and above Packer / Protector : None. Description : Goals: 1. Write a valid keygen for the target. Good luck! Screenshot : Go Figure!!! Fixed.zip

Overview:TitanHide is a driver intended to hide debuggers from certain processes.The driver hooks various Nt* kernel functions (using inline hooks at themoment) and modifies the return values of the original functions.To hide a process, you must pass a simple structure with a ProcessID andthe hiding option(s) to enable to the driver. The internal API isdesigned to add hooks with little effort, which means adding featuresis really easy.Features:- ProcessDebugFlags (NtQueryInformationProcess)- ProcessDebugPort (NtQueryInformationProcess)- ProcessDebugObjectHandle (NtQueryInformationProcess)- DebugObject (NtQueryObject)- SystemKernelDebuggerInformation (NtQuerySystemInformation)- NtClose (STATUS_INVALID_HANDLE exception)- ThreadHideFromDebugger (NtSetInformationThread)Test environments:- Windows 7 x64 (SP1)- Windows XP x86 (SP3)- Windows XP x64 (SP1)Installation:1) Copy TitanHide.sys to %systemroot%\system32\drivers2) Start 'loader.exe' (available on the download page)3) Delete the old service (when present)4) Install a new service5) Start driver6) Use 'TitanHideGUI.exe' to set hide optionsNOTE: When on x64, you have to disable PatchGuard and driver signature enforcement yourself. Google is your friend Repository:https://bitbucket.org/mrexodia/titanhide/ Downloads: https://bitbucket.org/mrexodia/titanhide/downloads Feel free to report bugs and/or request features. Greetings, Mr. eXoDia TitanHide_0001.rar loader.rar

I recommand the people to use this protection because it's very good. The protection is advanced like Pelock but very good. Only a real reserver can do it But it needs much times to be able handle it. UnpackMe.Obsidium.1.69b1.x86_unprotect.rar

Results : Screen Recording - Made with FlexClip.webm No need for unpack,is this UnpackMe or CrackMe? Thread says UnpackMe but app says otherwise. Currently in process of making automatic patcher for the CrackMe,will upload here once im done.

Don't ask to unpack commercial software, you already ask to unpack commercial software many times, and ask to update ILProtector & SMD_Agile & SMD_Virbox to help you earn money. You earn money from clients by those unpacked files and tools but the developer @CodeExplorer earn nothing.

Creating a scrolling starfield effect in Delphi. Starfield.rar

Like this one It can be debugged and unpacked easily. So there are no antidebugger . we can enable drx and debugge it as normal app.

Is this a seek-and-hide game? giving the forums links and he must search until he finds it? Look at this (a random post), he gets the plugin from here and puts it for sale on that forum...

awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)

You make me cry a little everytime I see your replies. I will before-hand declare that this is my last response to your impeccable rant of stupidity, but I feel the need to put out these points. Yes, you did just say a few posts back, that "OP asked for protection, not virtualization", thus claiming that virtualization is not protection. Yes, OP asked for a native packer, as he asked for a packer for his Win32 file. Win32 is a native format, unlike .NET which is a non-native format. If you claim otherwise, I'll die of laughter. Nope, Themida is not useless. It might be easily unpacked (since LCF-AT made a superior script), but there's a big difference between unpacking and devirtualizing. If you have succesfully unpacked a file, no matter how you did it, the file is still protected (as an unpacked software) as long as the virtualization is not broken (which is a whole different league to unpacking). The virtualized code sections will not be made readable by any public tools, and there are very few people world-wide who has even got the capability of making such tools. So nope, I'm not unknowledgeable. Actually, I'd go as far as to claim that on the contrary, I am moderately knowledgable and you are simply extremely uninformed. Yes, OP was looking for constructive feedback, which is why I striked down on you, as you were supplying false information. Oh my god.. I don't even know what to say to this... Themida not an obfuscator? If you had the time to properly read that image, you'd immediately notice the big fat .NET in front of the obfuscator. They're saying it's not a .NET Obfuscator, which means it doesn't obfuscate the IR for .NET. It is however, a compressor, an obfuscator and a virtual machine software for native formats.

Do not listen to that idiot. If you do , your program will be cracked 100% Use VMProtect , even battleeye is protected with VMProtect lmao http://vmpsoft.com/ Unlike themida , dumping a VMProtect executable won't make the protection obsolete. Themida is NOT an obfuscator , here's literally the developer of themida saying it himself

1. Don't put words in my mouth. Never claimed virtualization isn't protection. 2. OP didn't ask for a native packer , stop assuming because it makes you look extremely uninformed and stupid. 3. Themida offers NO PROTECTION , it's literally useless in every situation , it's completely worthless , even the developer admits it. Using themida is begging to have your shit cracked / leaked. It ISN'T protection at all. Anyone that claims themida is adequate protection either works for oreans or has no idea what the fµck they're talking about. Clearly you're the latter. Oh yeah don't come in here being a direspectful fµck head either. OP is looking for constructive feedback , not some edgy 14 year olds opinion on freeware

Well we are talking about protection , as OP requested "I would like to protect a small Win32 file and deciding which protection software to use" not virtualization. Seems like my answer was pretty accurate as themida offers 0 protection in real situations / scenarios If we're talking about the best virtualization, agile.net is by far the most secure Anyways nothing is safe these days