B_S Posted July 10, 2007 Share Posted July 10, 2007 This is my first unpackme.. The exe protected with KERIS protector.... Maybe is very easy ... UnPackMe_1.rar Link to comment Share on other sites More sharing options...
pavka Posted July 10, 2007 Share Posted July 10, 2007 Beautiful skin the Protector weak Dumped.rar Link to comment Share on other sites More sharing options...
Teddy Rogers Posted July 10, 2007 Share Posted July 10, 2007 It crashes when I try to execute it However at a quick glance it looks like the main part of the file is a crypted overlay with a loader to decrypt it - am I correct? Is Keris a new team packer/protector, I have never heard of it before, where to get it? Ted. Link to comment Share on other sites More sharing options...
Ufo-Pu55y Posted July 10, 2007 Share Posted July 10, 2007 Hm... just tried it. I had a BSOD... :| Link to comment Share on other sites More sharing options...
Loki Posted July 10, 2007 Share Posted July 10, 2007 Crashes for me too but not looked into it.pavka's unpacked one works fine though. The skin is indeed nice - the work of JetCodE! from ICU. Link to comment Share on other sites More sharing options...
Ufo-Pu55y Posted July 10, 2007 Share Posted July 10, 2007 After another try and a 2nd BSOD -but, yes, pavka's unpacked one works fine... Link to comment Share on other sites More sharing options...
pavka Posted July 10, 2007 Share Posted July 10, 2007 Smal script1 Layer//////////////////////////////////////////////var rgnvar szGPA "VirtualAlloc","kernel32.dll"bp $RESULTrunBC eiprturtrstiFIND eip,#6681384D5A#bp $RESULTrunbc eipmov rgn,eaxfind rgn,#5045#mov sz,$RESULTadd sz,50mov sz,[sz]eval " damp partial in LordPe select IntelDump address:{rgn} , size:{sz}"msg $RESULTret////////////////////////////////////////////////2 Layer////////////////////////////////////////////////var rgnvar szGPA "VirtualAlloc","kernel32.dll"bp $RESULTrunBC eiprtuFIND eip,#F3A4#bp $RESULTrunbc eipmov rgn,esifind rgn,#5045#mov sz,$RESULTadd sz,50mov sz,[sz]dm rgn, sz, "dump.exe"Msg "File Unpacked!"ret Link to comment Share on other sites More sharing options...
zako Posted July 10, 2007 Share Posted July 10, 2007 Seems the only requirement is run it in a debugger, crashes for me if not. When the parent process terminates dump the second process with lordpe and thats it, no fixing at all needed. Link to comment Share on other sites More sharing options...
Guest nick_name Posted July 11, 2007 Share Posted July 11, 2007 (edited) it used to run on my computer ... bt from last night it's crashing and this error message pops up: Runtime error 216 at FFF000F0 Edited July 11, 2007 by nick_name Link to comment Share on other sites More sharing options...
B_S Posted July 11, 2007 Author Share Posted July 11, 2007 @Teddy Rogers KERIS is handmade by Indonesian Reverser and still evaluation so not for public right now @pavka Great job man Link to comment Share on other sites More sharing options...
B_S Posted July 14, 2007 Author Share Posted July 14, 2007 (edited) @zako This unpackme just protected with mophine with just dump the unpackme, without repairing it will be done try the second unpackme Edited July 14, 2007 by B_S Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now