Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme] Private Exe Protector 2.40.rar

pavka
pavka
in UnPackMe

Featured Replies

it's very hard... to me :D

  • 2 weeks later...

Thank!

That big section trick is one of the most annoying tricks I have seen. Not hard to beat, but you pretty much have to deal with it unless you have a computer to handle a 820 mb dump, or whatever it would be. :D

  • Author

@What

It is not obligatory to do dump all section

@What

It is not obligatory to do dump all section

True, but my computer is not great so I have to do it because I will get some bad lag or a process burner when I load it into a debugger without doing it.

It seems to hook some API's as well

Possible hook found in KERNEL32.dll.FindResourceA Rva:0001DCBB 
File:
mov edi,edi
push ebp
mov ebp,esp
push byte 0
push dword [ebp+C]
push dword [ebp+10]
push dword [ebp+8]
call 761ADBDDMemory:
jmp 306E0000
...Possible hook found in KERNEL32.dll.FindResourceExA Rva:0001DBDD 
File:
push byte 20
push dword 761ADC78
call 761A1280
xor edi,edi
mov [ebp-20],edi
mov [ebp-30],edi
mov [ebp-2C],edi
mov [ebp-4],ediMemory:
jmp 306F0000
...
Possible hook found in KERNEL32.dll.FindResourceExW Rva:0001C6E1 
File:
push byte 20
push dword 761AC778
call 761A1280
xor edi,edi
mov [ebp-20],edi
mov [ebp-30],edi
mov [ebp-2C],edi
mov [ebp-4],ediMemory:
jmp 30700000
...
Possible hook found in KERNEL32.dll.FindResourceW Rva:0001F01E 
File:
mov edi,edi
push ebp
mov ebp,esp
push byte 0
push dword [ebp+C]
push dword [ebp+10]
push dword [ebp+8]
call 761AC6E1Memory:
jmp 30710000
...Possible hook found in KERNEL32.dll.LoadResource Rva:0001C26C 
File:
push byte 10
push dword 761AC280
call 761A1280
jmp 761CB7B9
nop 
nop 
nop Memory:
jmp 30720000
...Possible hook found in KERNEL32.dll.SizeofResource Rva:0001E3EC 
File:
push byte 10
push dword 761AE400
call 761A1280
jmp 761CB80A
nop 
nop 
nop Memory:
jmp 30730000
...

Example:

306E0000	pushf 
306E0001	mov [esp],eax
306E0004	mov eax,[esp+8]
306E000B	cmp eax,400000
306E0011	jnz 306E001E
306E0017	pop eax
306E0018	push dword 2DE952E8
306E001D	ret 
306E001E	cmp eax,0
306E0024	jnz 306E0031
306E002A	pop eax
306E002B	push dword 2DE952E8
306E0030	ret 
306E0031	pop eax
306E0032	mov edi,edi
306E0034	push ebp
306E0035	mov ebp,esp
306E0037	pushf 
306E0038	mov dword [esp],761ADCC0
306E003F	ret 
...

Guess that's used for the stolen resources protection.

This one's pretty annoying, found one tutorial that actually dealt with, it was Russian though :-(

  • Author

@jstorme

its emulate api

Fresh tutor In Russian, The author is best knows about PEP :)

http://www.sendspace.com/file/lg6hxt

Thank you pavka.

I'll run them through systran and study them.

@jstorme

its emulate api

Fresh tutor In Russian, The author is best knows about PEP :)

http://www.sendspace.com/file/lg6hxt

can u reupload it again...

:giveup: please...

It looks like a really good paper, it would be nice if someone could translate it in to English...

Comicses.7z

Ted.

  • 3 weeks later...
  • Author

packed Pep 2.50 all option enabled

Project.rar

  • 2 weeks later...
packed Pep 2.50 all option enabled
this is much harder... my olly close... when try to run it :(

Hm, I "studied" the new v2.55 and with HideOD and the standard olly fixes (I think human wrote a topic about that?!) it runs fine in my Olly.

Already found start of OEP I think but complete unpacking seems to be way too hard for me.

greetz

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.