Posted July 9, 200916 yr Hello Everyone Under SEH Team Proudly Presents SEH Protector 1.0.5 Unpack ME Enabled Options : [+] Debugger Detection [+] AntiDump Protection [+] Code Obfuscation [+] Anti Decompiler Protection [+] Memory Protection Mirror : http://underseh.webng.com/SEH%20Protector%201.0.5_UnpackMe_Under%20SEH%20Team.rar Unpack this and write a tutorial BR , Under SEH Team SEH_Protector_1.0.5_UnpackMe_Under_SEH_Team.rar Edited July 9, 200916 yr by GioTiN
July 10, 200916 yr Author @ BoRoV : you like my keygen me ???? if you like , i can write new keygen me's @ LCF-AT : our file is n't a Trojan , Just packed with UPX plz try for unpacking
July 10, 200916 yr Author @ Sp1d3rZ :if you not sure for safe it , you can not work on this .in UnpackCN forum my topic have been 113 Views and also Kissy of UpK Team could unpack this.BR , GioTiN - Under SEH Team
July 10, 200916 yr Author Kissy Of UpK Team and The_SSJ of Our team could Unpack this Unpack MEBR , GioTiN - Under SEH Team
July 10, 200916 yr I guess the only way to find out if it is harmful is to debug it and do some analysis work... Ted.
July 10, 200916 yr Author I guess the only way to find out if it is harmful is to debug it and do some analysis work... Ted. Teddy , our file is safe and you can see unpacked file by UnpackCN forum in here : http://www.unpack.cn/viewthread.php?tid=38058&extra=page%3D1 BR , GioTiN - Under SEH Team
July 10, 200916 yr Well credits to oreans.. It has their Virtual Machine.. You should've credited them Giotin.
July 10, 200916 yr quosego,oreans created VM,so if vm are created by oreans that means all vm are the same stuff ?
July 10, 200916 yr Well credits to oreans.. smile.gif It has their Virtual Machine.. just a little but 90% of protection is native Delphi codes with own obfuscation engine.
July 10, 200916 yr Author @ quosego : SEH Protector Coded by : Gladiyator_Cracker - Under SEH Team i just release a Unpack ME BR , GioTiN - Under SEH Team
July 10, 200916 yr quosego,oreans created VM,so if vm are created by oreans that means all vm are the same stuff ?*facepalm*Of course not. Quosego meant that Oreans's implementation of a VM is in thier protector.
July 10, 200916 yr Author UnpackedBro it solved in some forums and in our forum with tutorials ,this Unpack ME solved and not need to unpack itBR , GioTiN - Under SEH Team
July 10, 200916 yr @sdy100 : Thank you so much , would you mind write a tut about your way for unpacking ?
July 10, 200916 yr 004E94DC E8 8BE5F1FF call SEH_Prot.00407A6C ; jmp to kernel32.ReadProcessMemory004E94E1 85C0 test eax,eax004E94E3 0F84 3C0D0000 je SEH_Prot.004EA225004E94E9 8B45 EC mov eax,dword ptr ss:[ebp-14]004E94EC 50 push eax004E94ED 8B45 C4 mov eax,dword ptr ss:[ebp-3C]004E94F0 50 push eax004E94F1 FFD6 call esi004E94F3 85C0 test eax,eax004E94F5 0F8C 2A0D0000 jl SEH_Prot.004EA225004E94FB 837D F4 00 cmp dword ptr ss:[ebp-C],0004E94FF 0F84 200D0000 je SEH_Prot.004EA225004E9505 8B45 F4 mov eax,dword ptr ss:[ebp-C] 004E9508 8B40 3C mov eax,dword ptr ds:[eax+3C]eax=7FEA0010, (ASCII "MZP")Use partical dump 7FEA0010 size is 77000
July 11, 200916 yr Author as soon (today) , we wanna release SEH Protector 2.0 Unpack ME BR , GioTiN - Under SEH Team
July 11, 200916 yr GioTiN, you've said that tuts are avaibable for your protector, can you upload them in this forum?
Create an account or sign in to comment