Jump to content
Tuts 4 You

[unpackme] SEH Protector 1.0.5 Unpack ME


GioTiN

Recommended Posts

Hello Everyone

Under SEH Team Proudly Presents

SEH Protector 1.0.5 Unpack ME

Enabled Options :

[+] Debugger Detection

[+] AntiDump Protection

[+] Code Obfuscation

[+] Anti Decompiler Protection

[+] Memory Protection

Mirror :

http://underseh.webng.com/SEH%20Protector%201.0.5_UnpackMe_Under%20SEH%20Team.rar

Unpack this and write a tutorial ;)

BR ,

Under SEH Team

SEH_Protector_1.0.5_UnpackMe_Under_SEH_Team.rar

Edited by GioTiN
Link to comment

@ BoRoV :

you like my keygen me ???? :wub: if you like , i can write new keygen me's :D

@ LCF-AT :

our file is n't a Trojan , Just packed with UPX ;)

plz try for unpacking ;)

Link to comment

@ Sp1d3rZ :

if you not sure for safe it , you can not work on this .

in UnpackCN forum my topic have been 113 Views and also Kissy of UpK Team could unpack this.

BR ,

GioTiN - Under SEH Team

Link to comment
I guess the only way to find out if it is harmful is to debug it and do some analysis work... :rolleyes:

Ted.

Teddy , our file is safe and you can see unpacked file by UnpackCN forum in here :

http://www.unpack.cn/viewthread.php?tid=38058&extra=page%3D1

BR ,

GioTiN - Under SEH Team

Link to comment
Well credits to oreans.. smile.gif It has their Virtual Machine..

just a little :)

but 90% of protection is native Delphi codes with own obfuscation engine.

Link to comment

@ quosego :

SEH Protector Coded by : Gladiyator_Cracker - Under SEH Team

i just release a Unpack ME ;)

BR ,

GioTiN - Under SEH Team

Link to comment
quosego,

oreans created VM,so if vm are created by oreans that means all vm are the same stuff ?

*facepalm*

Of course not. Quosego meant that Oreans's implementation of a VM is in thier protector.

Link to comment
Unpacked

Bro it solved in some forums and in our forum with tutorials ,

this Unpack ME solved and not need to unpack it

BR ,

GioTiN - Under SEH Team

Link to comment

004E94DC E8 8BE5F1FF call SEH_Prot.00407A6C ; jmp to kernel32.ReadProcessMemory

004E94E1 85C0 test eax,eax

004E94E3 0F84 3C0D0000 je SEH_Prot.004EA225

004E94E9 8B45 EC mov eax,dword ptr ss:[ebp-14]

004E94EC 50 push eax

004E94ED 8B45 C4 mov eax,dword ptr ss:[ebp-3C]

004E94F0 50 push eax

004E94F1 FFD6 call esi

004E94F3 85C0 test eax,eax

004E94F5 0F8C 2A0D0000 jl SEH_Prot.004EA225

004E94FB 837D F4 00 cmp dword ptr ss:[ebp-C],0

004E94FF 0F84 200D0000 je SEH_Prot.004EA225

004E9505 8B45 F4 mov eax,dword ptr ss:[ebp-C]

004E9508 8B40 3C mov eax,dword ptr ds:[eax+3C]

eax=7FEA0010, (ASCII "MZP")

Use partical dump 7FEA0010

size is 77000

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...