Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme] Keris :d

B_S
B_S
in UnPackMe

Featured Replies

Posted

This is my first unpackme.. :D

The exe protected with KERIS protector....

Maybe is very easy ... :P

UnPackMe_1.rar

Beautiful skin ;) the Protector weak

Dumped.rar

It crashes when I try to execute it :dunno: However at a quick glance it looks like the main part of the file is a crypted overlay with a loader to decrypt it - am I correct?

Is Keris a new team packer/protector, I have never heard of it before, where to get it?

Ted.

Hm... just tried it. I had a BSOD... :|

Crashes for me too but not looked into it.

pavka's unpacked one works fine though. The skin is indeed nice - the work of JetCodE! from ICU.

After another try and a 2nd BSOD -

but, yes, pavka's unpacked one works fine...

Smal script

1 Layer

//////////////////////////////////////////////

var rgn

var sz

GPA "VirtualAlloc","kernel32.dll"

bp $RESULT

run

BC eip

rtu

rtr

sti

FIND eip,#6681384D5A#

bp $RESULT

run

bc eip

mov rgn,eax

find rgn,#5045#

mov sz,$RESULT

add sz,50

mov sz,[sz]

eval " damp partial in LordPe select IntelDump address:{rgn} , size:{sz}"

msg $RESULT

ret

////////////////////////////////////////////////

2 Layer

////////////////////////////////////////////////

var rgn

var sz

GPA "VirtualAlloc","kernel32.dll"

bp $RESULT

run

BC eip

rtu

FIND eip,#F3A4#

bp $RESULT

run

bc eip

mov rgn,esi

find rgn,#5045#

mov sz,$RESULT

add sz,50

mov sz,[sz]

dm rgn, sz, "dump.exe"

Msg "File Unpacked!"

ret

Seems the only requirement is run it in a debugger, crashes for me if not. When the parent process terminates dump the second process with lordpe and thats it, no fixing at all needed.

it used to run on my computer ... bt from last night it's crashing and this error message pops up: Runtime error 216 at FFF000F0

tmpiz7.jpg

Edited by nick_name

  • Author

@Teddy Rogers

KERIS is handmade by Indonesian Reverser and still evaluation so not for public right now :D

@pavka

Great job man :D

  • Author

@zako

This unpackme just protected with mophine :D

with just dump the unpackme, without repairing it will be done :D

try the second unpackme :D

Edited by B_S

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.