Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

vmp2.07 unpackme

only game.

good luck.

UnpackME(2).rar

Hello,

ok here my unpacked files so far.I have insert 2 unpacked files so if the just unpacked file not works then try the unpacked file + CPUID patch.So both files are working like the original file.I get a number if I press the OK button.

So what does it mean with - pack the output file?

Ok just test them and tell whether the file / s are working or not.

PS: If you use Win7 then disable the ASLR feature to get the same sections addresses.

PS2: If you need to use the CPUID file and if it crash then try it some more times.

greetz

2x_UnpackME_Unpacked+CPUID.rar

UnpackME.exe (protected) = Runs fine of course , I get numbers when i press OK button . No matter how many times i press.

UnpackME_Unpacked+CPUID.exe = Runs fine in WinXP3 , i get numbers when i press OK button. But its unstable . Crashes if i press OK button some more time.

UnpackME_Unpacked.exe = Runs fine in WinXPSP3 , crashes when i press OK button.

Not perfect :P

Edited by (*_*)

@ (*_*)

Thanks for testing.Ah yes this is the nasty CPUID + self-code-checkings!

I find no good solution for this feature.

PS: Do it better! :woot:

greetz

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

PS: Do it better! :woot:

Not that hard , honey B)

UnpackME_Unpacked+ProperFix.rar

how to disable ASLR on win 7????

how to disable ASLR on win 7????

I searched about it and didn't found any solution :confused:

  • Author

LCF-AT very strong :worthy:

only sometimes crash

@ (*_*)

Hahahaha! :)

Today is not the 1. April or?

@ blackpirate

Vista & 7 have ASLR (Address Space Layout Randomization) enabled by default.

ASLR (Address Space Layout Randomization

So try to goog..it where you can disable this feature for win7 or try to ask panga so he must know it.Maybe someone else can answer this question here for you.If someone of you know then post a answer please.

@ wgz0001

"only sometimes crash" --- Yes I know it the anti patch self-code-checking.Maybe I can find a solution for this in the future.

greetz

thnx LCF! :yes:

i asked because i used google already! but no result for win 7!

only Vista! and things are not the same....

cheers!

i just wanna test your unpacks on win 7!

regards master!

bp

LCF-AT, what are your CPUID codes?

@ blackpirate

hmmm,so you know I just use winXP and "panga" told me about the ASLR feature that he had to disable it and he is use win7!So better you ask him where to disable it.Just have a look on my VMP script topic.

@ EvOlUtIoN

00471594  CPUID
00471596 JMP 0119A3B2
---------
My CPUID Values x4
---------
0119A3B2 MOV EAX,683
0119A3B7 MOV ECX,0
0119A3BC MOV EDX,387F9FF
0119A3C1 MOV EBX,2
---------
0119A3C6 BT CX,BP
0119A3CA BT DX,DI
0119A3CE JMP 0047159E

So just set a BP on the CPUID above and then press the OK button of the UnpackMe then you will break on it.So I need to patch all 4 reg values to get the target also run on other systems but the problem is still the self-checking of the code itself so you know this problem.So I really have no idea how to defeat this anti-patching problem.

0040211C  XOR AL,BYTE PTR DS:[EDX]  // edx = Address to calc [EBP] - Counter
0012FFBC 000000FA // Address + counter = Last check Address 00471E59 INC EDX // Address +100472879 DEC DWORD PTR SS:[EBP] // dec counter00473744 JNZ 004727CF
0047374A PUSHFD // Block end

greetz

thank you lcf-at, i would like to find a solution without lose time in unpacking target itself. Tried on another one but also for me it's still impossible to solve. Hope to have news soon.

Notivce that in some targets i found more than one CPUID check, sometimes 3 different places also.

Edited by EvOlUtIoN

@ EvOlUtIoN

no problem.Yes I have seen the more than one CPUID checkings to on other targets.

Maybe you can find a solution for this check problem soon.So I hope it.

Info: You can also set a bp here 004020A0 VM Entry. :) Let's start rebuilding the VM now! :)

Or do this now....

PUSH 40
PUSH xxxxxxxx ; ASCII "Vmprotect 2.07 UnpackMe
PUSH xxxxxxxx ; 58621626BDD6F3E6F491EC22171AFAC0
PUSH hOwner ; ('Vmprotect 2.07 UnpackMe',class='#32770')
CALL MessageBoxA
ret

:)

greetz

eheh, yes...it can be done. But as you know it won't solve the problem...maybe for this unpackme but not for others at all :D

  • Author

test this

unpacked by josong from www.52pojie.cn

thx

d_.rar

Works without any problem .

btw ,

i would like to register there , can you please PM me that (邀请码) code ?

mhhhh...this seems to work, but again it is only for this target, he rebuilt some code so vm is never executed, but in other targets won't be so easy. nice it rebuilding indeed.

  • Author

test this

unpacked by ximo from LCG.

thx

UnpackED.rar

  • Author

Works without any problem .

btw ,

i would like to register there , can you please PM me that (邀请码) code ?

BBS will be open registration on New Year's day

please pay attention

thx :rolleyes:

开放注册几天啊? 就元旦一天吗?

帮我注册个cooooldog吧? 我元旦可能上不了网啊

BBS will be open registration on New Year's day

please pay attention

thx :rolleyes:

  • 5 months later...

one else example of unpacked http://rghost.ru/9150321

tested only on one computer but contains simple pre-OEP fix for CPUID antidump

Edited by av999

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.