Leaderboard

TitanHide has been updated to support the latest VMProtect v3.9.4 changes. The service name is now used as the device name, as well, so the check for \\.\TitanHide will fail if you name the service the differently. Latest version (v0019) download link

Found how to solve it. Put bp on ntdll.dll and it lands to ntdll.dll:$52DD6 #521D6 <RtlAllocateHeap>. But there are many calls like this. The question is can this be done by script or every call have to be solved manually?

Hi X0rby, tried to solve this unpackme, thank you for the afford. I have a question. For example: 00409F46 | E8 D2F55100 | call asmtomachinecode.vmp_dump_scy.92951D | 00409F4B | CE | into | 00409F4C | 5E | pop esi | 00409F4D | C3 | ret | you solve it as: 00409F46 | FF15 E8E00A02 | call dword ptr ds:[<HeapAlloc>] | 00409F4C | 5E | pop esi | esi:"U‰еjяhP@A" 00409F4D | C3 | ret | How to do it if you don't have the original non packed file?

Can someone share new link for this

does anyone have fresh link?

could any one share this in english version

i may banter a lil in the opening, but that is how i was taught when i was in highschool learning ASM from the ukranians and russians, bootkits from the chinese You give a short shoutout or point to be made and ya write and code Here, i use the LCRN (LCG) from the GiantBlack Book of Viruses (Physicist Dr. Mark Ludwig) and his 16-bit many hoops and recreated it for x86 (32 bit) VXWriteUp.pdf

Hello, everyone. Is this enigma x64 one still able to be bypassed? Waiting for your replies as soon as possible. Many thanks in advance. Regards. sean.

A complete version of the web site has been converted into a Windows executable. It looks and behaves like the site, but with the added benefits of : No adverts Search facility for finding Run Time Library entries and .Net Methods. Fast access to 1,000+ pages of tutorial/reference pages - the full site and more System.Drawing.Graphics .Net class pages - 44 methods each with examples illustrated with graphical output Printing of pages precisely to any paper size or format RTL lists printable by letter, function, unit or category History drop-down of recent and popular RTL pages Database tutorials, not available on this web site Copy full text copy is enabled at last (the secret revealed by a user) Delphi Basics Offline 7.3.zip Serial.txt

Difficulty : 8 Language : C++ Platform : Windows 32-bit and 64-bit OS Version : All Packer / Protector : VMProtect 3.0.9 Description : The objective is to interpret virtualized functions in the attached binaries. No additional options have been used - no memory protection, no import protection and no compression. The virtualized function(s) will execute when the following key(s) is/are pressed: VMP32 (V1) : P VMP32 (V2) : 1 and 2 VMP64 (V1) : P VMP64 (V2) : 1 and 2 The virtualized functions are not very large. Detailed information of the interpreting procedure/internals or a complete solution paper is preferable. I will post similar challenges for other protectors if someone supplies me with a recent version (CodeVirtualizer, Themida, Enigma ...). Accepted solutions: VMP32 (V1) : @Raham VMP32 (V2) : @Raham VMP64 (V1) : @SmilingWolf @fvrmatteo VMP64 (V2) : @fvrmatteo @SmilingWolf @mrexodia @xSRTsect Files: devirtualizeme32_vmp_3.0.9_v1.rar devirtualizeme32_vmp_3.0.9_v2.rar devirtualizeme64_vmp_3.0.9_v1.rar devirtualizeme64_vmp_3.0.9_v2.rar Screenshot :