Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Hi.

A picture of "Protector options" is added to attached file.

Good Luck.

UnPackMe.rar

what do we do when we get to a sysenter?

7C90EB8D   |.  0F34					SYSENTER

Cool, i still can use my own script to find where the stolen OEP is located.

  • 3 weeks later...

Please, write tutorial.

Signature

[DotFix NiceProtect v3.6 -> * Sign by phpbb3]

signature = 60 BE ?? ?? 40 00 8D BE EB AF FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 61 50 51 74 05 83 C8 ?? EB 02 31 C0 F9 1B C9 EB

ep_only = false

Edited by ::: - phpbb3 - :::

  • 1 month later...

I'm stuck with this packer... can someone illuminate us with a little tuto? :help

Greetz

  • 4 weeks later...
I'm stuck with this packer... can someone illuminate us with a little tuto? :help

http://forum.tuts4you.com/index.php?showtopic=19091

Use my 2 scripts to find the vm start and the stolen OEP. After this assemble the OEP somewhere (a code cave would be nice). Use UIF to fix the IAT and make a dump + add the IAT with ImpREC.

The vm loop starts here:

00462191			 55				   PUSH EBP

Script output:

Command  = MOV EAX,0044FA08
--------------------Registers before 1st Call
EAX Value - 0044FA08
ESP Value - 0012FF5C
EBP Value - 0012FF70
--------------------
CALL = PUSH UnPackMe.00406564
Command = MOV EAX,DWORD PTR DS:[450DEC]
Command = MOV EAX,DWORD PTR DS:[EAX]
CALL = PUSH UnPackMe.0044E2F0
Command = MOV ECX,DWORD PTR DS:[450EC0]
Command = MOV EAX,DWORD PTR DS:[450DEC]
Command = MOV EAX,DWORD PTR DS:[EAX]
Command = MOV EDX,DWORD PTR DS:[44F7DC]
CALL = PUSH UnPackMe.0044E308
Command = MOV EAX,DWORD PTR DS:[450DEC]
Command = MOV EAX,DWORD PTR DS:[EAX]
CALL = PUSH UnPackMe.0044E388
CALL = PUSH UnPackMe.00404108

Fix it manually:

PUSH EBP
MOV EBP, ESP
SUB ESP, -10
MOV EAX,0044FA08
CALL 00406564
MOV EAX,DWORD PTR DS:[450DEC]
MOV EAX,DWORD PTR DS:[EAX]
CALL 0044E2F0
MOV ECX,DWORD PTR DS:[450EC0]
MOV EAX,DWORD PTR DS:[450DEC]
MOV EAX,DWORD PTR DS:[EAX]
MOV EDX,DWORD PTR DS:[44F7DC]
CALL 0044E308
MOV EAX,DWORD PTR DS:[450DEC]
MOV EAX,DWORD PTR DS:[EAX]
CALL 0044E388
CALL 00404108

You can guess the 1st 3 OEP commands (standard delphi oep) or search them before the VM loop...

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.