[unpackme] SEH Protector 1.0.5 Unpack ME

[GioTiN]

Hello Everyone

Under SEH Team Proudly Presents

SEH Protector 1.0.5 Unpack ME

Enabled Options :

[+] Debugger Detection

[+] AntiDump Protection

[+] Code Obfuscation

[+] Anti Decompiler Protection

[+] Memory Protection

Mirror :

http://underseh.webng.com/SEH%20Protector%201.0.5_UnpackMe_Under%20SEH%20Team.rar

Unpack this and write a tutorial

BR ,

Under SEH Team

SEH_Protector_1.0.5_UnpackMe_Under_SEH_Team.rar

Edited July 9, 2009 by GioTiN

[GioTiN]

file attached to this topic

Bye

[LCF-AT]

Hello GioTiN,

hmmm,so I don

[Gladiator]

Hello GioTiN,

hmmm,so I don

Edited July 9, 2009 by Gladiator

[BoRoV]

@GioTiN:

when you make a new keygenme?

[GioTiN]

@ BoRoV :

you like my keygen me ???? if you like , i can write new keygen me's

@ LCF-AT :

our file is n't a Trojan , Just packed with UPX

plz try for unpacking

[Sp1d3rZ]

Oh m not sure its safe or not.

[GioTiN]

@ Sp1d3rZ :

if you not sure for safe it , you can not work on this .

in UnpackCN forum my topic have been 113 Views and also Kissy of UpK Team could unpack this.

BR ,

GioTiN - Under SEH Team

[GioTiN]

Kissy Of UpK Team and The_SSJ of Our team could Unpack this Unpack ME

BR ,

GioTiN - Under SEH Team

[Teddy Rogers]

I guess the only way to find out if it is harmful is to debug it and do some analysis work...

Ted.

[GioTiN]

I guess the only way to find out if it is harmful is to debug it and do some analysis work...

Ted.

Teddy , our file is safe and you can see unpacked file by UnpackCN forum in here :

http://www.unpack.cn/viewthread.php?tid=38058&extra=page%3D1

BR ,

GioTiN - Under SEH Team

[quosego]

Well credits to oreans.. It has their Virtual Machine..

You should've credited them Giotin.

[r00t_H@ck3r]

quosego,

oreans created VM,so if vm are created by oreans that means all vm are the same stuff ?

[Gladiator]

Well credits to oreans.. smile.gif It has their Virtual Machine..

just a little

but 90% of protection is native Delphi codes with own obfuscation engine.

[GioTiN]

@ quosego :

SEH Protector Coded by : Gladiyator_Cracker - Under SEH Team

i just release a Unpack ME

BR ,

GioTiN - Under SEH Team

[sdy100]

Unpacked

Unpacked_SEH_Protector_Unpack_Me.rar

[mudlord]

quosego,

oreans created VM,so if vm are created by oreans that means all vm are the same stuff ?

*facepalm*

Of course not. Quosego meant that Oreans's implementation of a VM is in thier protector.

[GioTiN]

Unpacked

Bro it solved in some forums and in our forum with tutorials ,

this Unpack ME solved and not need to unpack it

BR ,

GioTiN - Under SEH Team

[Gladiator]

@sdy100 :

Thank you so much , would you mind write a tut about your way for unpacking ?

[GioTiN]

i'm agree with Gladiyator

Bye

[sdy100]

004E94DC E8 8BE5F1FF call SEH_Prot.00407A6C ; jmp to kernel32.ReadProcessMemory

004E94E1 85C0 test eax,eax

004E94E3 0F84 3C0D0000 je SEH_Prot.004EA225

004E94E9 8B45 EC mov eax,dword ptr ss:[ebp-14]

004E94EC 50 push eax

004E94ED 8B45 C4 mov eax,dword ptr ss:[ebp-3C]

004E94F0 50 push eax

004E94F1 FFD6 call esi

004E94F3 85C0 test eax,eax

004E94F5 0F8C 2A0D0000 jl SEH_Prot.004EA225

004E94FB 837D F4 00 cmp dword ptr ss:[ebp-C],0

004E94FF 0F84 200D0000 je SEH_Prot.004EA225

004E9505 8B45 F4 mov eax,dword ptr ss:[ebp-C]

004E9508 8B40 3C mov eax,dword ptr ds:[eax+3C]

eax=7FEA0010, (ASCII "MZP")

Use partical dump 7FEA0010

size is 77000

[Gladiator]

@sdy100:

Thanks for useful help

[GioTiN]

@ sdy100 :

Good Job bro

Bye

[GioTiN]

as soon (today) , we wanna release SEH Protector 2.0 Unpack ME

BR ,

GioTiN - Under SEH Team

[Keygen_Dr.]

GioTiN, you've said that tuts are avaibable for your protector, can you upload them in this forum?