[unpackme] Zprotect 1.4.4.0

[thisistest]

hi,this is Zprotect 1.4.4.0 With key protection

Had a low key version of the protection of lpk.dll

Zprotect_1.4.4.0.rar

y3.rar

[LCF-AT]

Hello,

here my unpacked file of the y3 file.

Check whether it also runs for you.

greetz

y3_Unpacked.rar

[thisistest]

y3_Unpacked can run, can produce under Zprotect 1.4.4.0 unapcking you learn?

thanks

[LCF-AT]

y3_Unpacked can run, can produce under Zprotect 1.4.4.0 unapcking you learn?

thanks

Hi,

ok it runs yes,so thanks for testing.

So I can't understand your question...

"can produce under Zprotect 1.4.4.0 unapcking you learn?"...

Can you explain it a bit more so that I can understand you.

greetz

[Gladiator]

Hi,

ok it runs yes,so thanks for testing.

So I can

[delldell]

I was testing a very old script that I found on the forum but I failed for zprotect

/*

OllyDbg & Fantom

*/

var iat_st

var iat_end

var func

var chek

var chj

var oep

var jf

var pf

var iat_sz

var scopy

var ocopy

var chj

var diff

var lbase

var ch2b

var srh

var masc

var mjp

mov srh,401000

var espval

gpa "VirtualAlloc","kernel32.dll"

bp $RESULT

mov espval,esp-4

erun

erun

bc eip

bphws espval,"r"

erun

mov oep,ebx

bphwc espval

bphws oep, "x"

erun

bphwc oep

cmt eip, "<---OEP"

MSGYN "Oep Faund! Fix Import Continue?"

cmp $RESULT,0

je quitno

Alloc 10000

Cmp $RESULT,0

Je abort

mov iat_stall ,$RESULT

mov scopy,iat_stall

mov oep,eip

mov iat_st,460814

mov ocopy,iat_st

mov iat_end,460f28

mov iat_sz,iat_end

sub iat_sz,iat_st

mov pf,[iat_st]

mov srh,401000

mov pf,00E76509

/*

00E76505 894C24 2C MOV DWORD PTR SS:[ESP+2C],ECX <----point write edit for you

00E76509 E9 DD000000 JMP 00E765EB

00E7650E CD 8B INT 8B

00E50000 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ

[Keygen_Dr.]

y3_Unpacked can run, can produce under Zprotect 1.4.4.0 unapcking you learn?

thanks

Hi,

ok it runs yes,so thanks for testing.

So I can

[thisistest]

01014824 > E8 01000000 call y3.0101482A

01014829 1C 87 sbb al,87

0101482B 1C 24 sbb al,24

0101482D 8D9B A0000000 lea ebx,dword ptr ds:[ebx+A0]

01014833 871C24 xchg dword ptr ss:[esp],ebx

010148A5 006C12 79 add byte ptr ds:[edx+edx+79],ch

010148A9 AD lods dword ptr ds:[esi]

010148AA E8 02000000 call y3.010148B1 调出记事本

010148AF AE scas byte ptr es:[edi]

010148B0 EC in al,dx

010148B1 871C24 xchg dword ptr ss:[esp],ebx

010148B4 8D9B D6FBFFFF lea ebx,dword ptr ds:[ebx-42A]

010149E4 05 00000100 add eax,10000 ;

UNICODE "ALLUSERSPROFILE=C:\Documents and Settings\All Users"

0101485C /0F84 ED030000 je y3.01014C4F

01014862 ^|E9 AFFBFFFF jmp y3.01014416

01014867 |56 push esi

01014868 |E9 CB010000 jmp y3.01014A38

0101486D |52 push edx

77E5429F E8 09000000 call user32.MessageBoxExA

01014773 871424 xchg dword ptr ss:[esp],edx

01014776 8D92 17FEFFFF lea edx,dword ptr ds:[edx-1E9]

0101477C 871424 xchg dword ptr ss:[esp],edx

0101477F ^ E9 9EFFFFFF jmp y3.01014722

01014784 DF ??? ;

未知命令

4354-G525-T557-P566

0009C0A8 46 F

46 00 30 00 38 00 35 00 2D 00 46 00 36 00 35 00 34 00 2D 00 35 00 33 00

42 00 42 00 2D 00 43 00

38 00 39 00 35 00 00 00 00 00

0006F8B0 0009BF78

0006F8B4 0006F910

0006F8B8 /0006F8DC

0006F43C 00070770 UNICODE "ccf1df_1.0.3790.4278_x-ww_AD682293"

0006F440 00070770 |hOwner = 00070770 ('尚未注册',class='#32770')

0006F444 0006F570 |Text = "序列号无效或已过期，软件无法完成注册！"

0006F448 0006F468 |Title = "错误"

0006F44C 00000010 \Style = MB_OK|MB_ICONHAND|MB_APPLMODAL