wgz0001 Posted December 12, 2010 Share Posted December 12, 2010 vmp2.07 unpackme only game.good luck.UnpackME(2).rar 1 Link to comment Share on other sites More sharing options...
LCF-AT Posted December 12, 2010 Share Posted December 12, 2010 Hello,ok here my unpacked files so far.I have insert 2 unpacked files so if the just unpacked file not works then try the unpacked file + CPUID patch.So both files are working like the original file.I get a number if I press the OK button.So what does it mean with - pack the output file?Ok just test them and tell whether the file / s are working or not.PS: If you use Win7 then disable the ASLR feature to get the same sections addresses.PS2: If you need to use the CPUID file and if it crash then try it some more times.greetz2x_UnpackME_Unpacked+CPUID.rar 1 Link to comment Share on other sites More sharing options...
Syntax Posted December 12, 2010 Share Posted December 12, 2010 (edited) UnpackME.exe (protected) = Runs fine of course , I get numbers when i press OK button . No matter how many times i press. UnpackME_Unpacked+CPUID.exe = Runs fine in WinXP3 , i get numbers when i press OK button. But its unstable . Crashes if i press OK button some more time. UnpackME_Unpacked.exe = Runs fine in WinXPSP3 , crashes when i press OK button. Not perfect Edited December 12, 2010 by (*_*) 1 Link to comment Share on other sites More sharing options...
LCF-AT Posted December 13, 2010 Share Posted December 13, 2010 @ (*_*) Thanks for testing.Ah yes this is the nasty CPUID + self-code-checkings! I find no good solution for this feature. PS: Do it better! greetz 1 Link to comment Share on other sites More sharing options...
Teddy Rogers Posted December 13, 2010 Share Posted December 13, 2010 The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply] 1 Link to comment Share on other sites More sharing options...
Syntax Posted December 13, 2010 Share Posted December 13, 2010 PS: Do it better! Not that hard , honey UnpackME_Unpacked+ProperFix.rar 1 Link to comment Share on other sites More sharing options...
blackpirate Posted December 13, 2010 Share Posted December 13, 2010 how to disable ASLR on win 7???? 1 Link to comment Share on other sites More sharing options...
Syntax Posted December 13, 2010 Share Posted December 13, 2010 how to disable ASLR on win 7???? I searched about it and didn't found any solution 1 Link to comment Share on other sites More sharing options...
wgz0001 Posted December 13, 2010 Author Share Posted December 13, 2010 LCF-AT very strong only sometimes crash 1 Link to comment Share on other sites More sharing options...
LCF-AT Posted December 13, 2010 Share Posted December 13, 2010 @ (*_*) Hahahaha! Today is not the 1. April or? @ blackpirate Vista & 7 have ASLR (Address Space Layout Randomization) enabled by default. ASLR (Address Space Layout Randomization So try to goog..it where you can disable this feature for win7 or try to ask panga so he must know it.Maybe someone else can answer this question here for you.If someone of you know then post a answer please. @ wgz0001 "only sometimes crash" --- Yes I know it the anti patch self-code-checking.Maybe I can find a solution for this in the future. greetz 1 Link to comment Share on other sites More sharing options...
blackpirate Posted December 13, 2010 Share Posted December 13, 2010 thnx LCF! i asked because i used google already! but no result for win 7! only Vista! and things are not the same.... cheers! i just wanna test your unpacks on win 7! regards master! bp Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted December 14, 2010 Share Posted December 14, 2010 LCF-AT, what are your CPUID codes? Link to comment Share on other sites More sharing options...
LCF-AT Posted December 14, 2010 Share Posted December 14, 2010 @ blackpiratehmmm,so you know I just use winXP and "panga" told me about the ASLR feature that he had to disable it and he is use win7!So better you ask him where to disable it.Just have a look on my VMP script topic.@ EvOlUtIoN00471594 CPUID00471596 JMP 0119A3B2 ---------My CPUID Values x4---------0119A3B2 MOV EAX,6830119A3B7 MOV ECX,00119A3BC MOV EDX,387F9FF0119A3C1 MOV EBX,2---------0119A3C6 BT CX,BP0119A3CA BT DX,DI0119A3CE JMP 0047159ESo just set a BP on the CPUID above and then press the OK button of the UnpackMe then you will break on it.So I need to patch all 4 reg values to get the target also run on other systems but the problem is still the self-checking of the code itself so you know this problem.So I really have no idea how to defeat this anti-patching problem.0040211C XOR AL,BYTE PTR DS:[EDX] // edx = Address to calc [EBP] - Counter0012FFBC 000000FA // Address + counter = Last check Address 00471E59 INC EDX // Address +100472879 DEC DWORD PTR SS:[EBP] // dec counter00473744 JNZ 004727CF 0047374A PUSHFD // Block endgreetz 1 Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted December 14, 2010 Share Posted December 14, 2010 (edited) thank you lcf-at, i would like to find a solution without lose time in unpacking target itself. Tried on another one but also for me it's still impossible to solve. Hope to have news soon.Notivce that in some targets i found more than one CPUID check, sometimes 3 different places also. Edited December 14, 2010 by EvOlUtIoN Link to comment Share on other sites More sharing options...
LCF-AT Posted December 14, 2010 Share Posted December 14, 2010 @ EvOlUtIoN no problem.Yes I have seen the more than one CPUID checkings to on other targets. Maybe you can find a solution for this check problem soon.So I hope it. Info: You can also set a bp here 004020A0 VM Entry. Let's start rebuilding the VM now! Or do this now.... PUSH 40PUSH xxxxxxxx ; ASCII "Vmprotect 2.07 UnpackMePUSH xxxxxxxx ; 58621626BDD6F3E6F491EC22171AFAC0PUSH hOwner ; ('Vmprotect 2.07 UnpackMe',class='#32770')CALL MessageBoxAret greetz 1 Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted December 15, 2010 Share Posted December 15, 2010 eheh, yes...it can be done. But as you know it won't solve the problem...maybe for this unpackme but not for others at all Link to comment Share on other sites More sharing options...
wgz0001 Posted December 15, 2010 Author Share Posted December 15, 2010 test this unpacked by josong from www.52pojie.cnthxd_.rar Link to comment Share on other sites More sharing options...
Syntax Posted December 15, 2010 Share Posted December 15, 2010 Works without any problem . btw , i would like to register there , can you please PM me that (邀请码) code ? Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted December 15, 2010 Share Posted December 15, 2010 mhhhh...this seems to work, but again it is only for this target, he rebuilt some code so vm is never executed, but in other targets won't be so easy. nice it rebuilding indeed. Link to comment Share on other sites More sharing options...
wgz0001 Posted December 15, 2010 Author Share Posted December 15, 2010 test this unpacked by ximo from LCG.thxUnpackED.rar Link to comment Share on other sites More sharing options...
wgz0001 Posted December 16, 2010 Author Share Posted December 16, 2010 Works without any problem . btw , i would like to register there , can you please PM me that (邀请码) code ? BBS will be open registration on New Year's day please pay attention thx Link to comment Share on other sites More sharing options...
cooooldog Posted December 22, 2010 Share Posted December 22, 2010 开放注册几天啊? 就元旦一天吗? 帮我注册个cooooldog吧? 我元旦可能上不了网啊 BBS will be open registration on New Year's day please pay attention thx Link to comment Share on other sites More sharing options...
av999 Posted June 2, 2011 Share Posted June 2, 2011 (edited) one else example of unpacked http://rghost.ru/9150321tested only on one computer but contains simple pre-OEP fix for CPUID antidump Edited June 3, 2011 by av999 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now