Jump to content
Tuts 4 You

[unpackme] VMP/Potected+ZProtector Packed File


kobalt

Recommended Posts

Hi,

hmmm so I get some bad AntiVirus message!

HIDDENTEXT/Crypted

So this message is new for me so normaly I get just 2 other message's by the AntiVirus app which I can trust.

What now?Trust or Trash?

greetz

Link to comment

Hi,

hmmm so I get some bad AntiVirus message!

HIDDENTEXT/Crypted

So this message is new for me so normaly I get just 2 other message's by the AntiVirus app which I can trust.

What now?Trust or Trash?

greetz

Ooops the false positive in surely due to double layer protection, but the file is the same used in Asprtc+Enigma (wrong called hybrid Asprtc)a delphi free app.

But maybe i have to change the protect scheme :kick:

The Virus Total report is no so high 12%

10xt0ds.jpg

My Avast report it clean,

someone else report or test?

Edited by kobalt
Link to comment

Hi,

ok so now I tried to unpack this too.

1.- No VMP

2. -Again a first ASProtect layer.

3.- ZProtect is the second layer + HWID easy check-

4.- ZProtect used code VM

5.- Resources fixed

Ok listen.Here is my first unpacked file but at the moment I have not fixed the code VM so I just added the VM section.Of course for me it works so far but I think it will not work on other systems before I fix the VMed code in the codesection.Anyway so just try this file to see whether it also works for you or not.Tell me your result.So if it not works then I need again to write a VM fixing script.Ok just try this first.

greetz

CrackMe.zp.vmp_Unpacked so Far.rar

Link to comment

LCF

The file is running in my system (XP SP3). :worthy:

So i think, when i protect the file ( Previusly ZPT packed) with VMP doesnt apply any aditional protection

So the only real protection layer remaining is ZPRT

Asprtect is only as prevention AVs detections

Anyway u have hit the target :thumbsup:

Link to comment

Ah ok nice to hear this. :) So I use win XP No SP or SP1.

So the VMed code is also simple so I just see that much calls are just redirected to VM....some tracing and come back into codesection where the normal address of the call should be.So you have not used the advanced VM which is much harder to fix. :) Better for me this time.So what comes next? :)

greetz

Link to comment
Teddy Rogers

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...