Posted February 1, 201114 yr Happy New Year!welcome to test it~!my friend!NOTEPAD_VP 1.88.rarNOTEPAD_VP 1.92.rar
April 6, 201114 yr *Unpacked By Narnia*Just for XP ( Tested on XP SP2 and SP3 )/>http://www.hyperupload.com/downloadfile.aspx?fv=Public/634376149112031250Project1_VP.1.93.unpacked.by.Narnia.rar
July 23, 201114 yr Hi, at the moment I write a unpacker script for VProtect. So can someone test my unpacked file?Just test whether it runs for you. XP SP2 <-- My OS | Test also the original file > NOTEPAD_VP 1.93.rar < so see whether it runs on your system. greetz NOTEPAD_VP 1.93_Unpacked.rar
July 23, 201114 yr Not works in my XP SP3 . 0111CE85 50 PUSH EAX0111CE86 8D0418 LEA EAX,DWORD PTR DS:[EAX+EBX]0111CE89 58 POP EAX0111CE8A C3 RETN > 77D242A4 = Crash$ ==> > 77D242A4$+4 > 01004521 NOTEPAD_.01004521$+8 > 01000000 NOTEPAD_.01000000But works after NOPing 0100451B CALL NOTEPAD.010C740C .Best RegardsJeRRy
July 23, 201114 yr Hi JeRRy, thanks for testing. Nice to hear that it works. Ah ok this was a script fault they missed this call in my LOG file. Ok good to know so I will add a double check into the script now. ---------- 0100451B | CALL DWORD PTR DS:[ADDR] ; USER32.LoadImageW | 77D242A4 SP2 ---------- 01004518 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX0100451B E8 EC2E0C00 CALL 010C740C ; NOTEPAD_.010C740C01004520 F6 ??? ; Unknown commandE8E8 <--- Here was the reason My script was searching for E8 and then add 5 bytes. greetz Edited July 23, 201114 yr by LCF-AT
July 25, 201114 yr Hi,ok here now my other unpacked unpackme from the "Project1_VP 1.93.rar" package.I added 2 files for testing on your system [one file is smaller so I cutted sections away].So both should work for you if "also" the original packed unpackme is running on your system.Just test it.Thank you.If all is working good then my unpack script will comming soon.XP SP2 <-- My OSgreetzProject1_VP 1.93_Unpacked_x2.rar
July 25, 201114 yr @ Zer0Flag & BLaCkViRuS Thank you for testing.Seems that I am on the right way. Ok I see there are not much VProtect unpackmes on this board which I can test now. Is there someone who knows where to get some more VProtect unpackme's?If yes then you can post them too or does someone know some targets which are protected with VProtect? Or if someone of you used the full VProtect protector.....then it would be nice if you can create a handfull of diffrent unpackme's with diffrent protection setings [everything except HWID] etc.This would be very nice and helpfully to test my script.Unfortunately is this protection a china version without a english language support [i think so].Have test the demo file and see just unreadable signs. Thank you
July 26, 201114 yr Hi Dear LCF-AT i just have demo version of VProtect.in Demo version protected file have Nag Screen and your file not protected with full functions do you need to Orginal VProtect ? Or i Make Unpack Me with Demo Version ? have a nice day Edited July 26, 201114 yr by BLaCkViRuS
July 26, 201114 yr Hi BLaCkViRuS, so normaly it would be good to get some diffrent protected VProtect files which I can test. So if you have just the demo and if you know how to protect files with this demo then you can also create some unpackmes and write which protection features are enabled in your files.I don't know how to use the demo so its not in english. Thank you PS: Do you know some china men who can create some full protected VP files?Maybe you can ask someone there. greetz
September 9, 201113 yr @ thisistestCan you also post some new VP 2.04 without HWID | Serial check?Would like to test whether there are new features added or not.Thanks
September 11, 201113 yr Ah ok and thanks for the new files without HWID. Here my first unpacked file.Just test it. Unpacked with my beta script [2 minutes] + manually API moves [2 minutes].The script will later also support the manually API moves. greetz VProtectDemo 2.08_Unpacked x2.rar
September 13, 201113 yr Hi, nice to hear thisistest. Ok here the second file GetHWID.Whole IAT & commands are fixed except the one SDK call. So you will get no number in the free field. 00401371 CALL 007738DE ; SDK-------$+66 >AND BYTE PTR DS:[ECX],AL // SDK end$+68 >MOV EAX,1 // normal code again Will check this SDK stuff deeper if my main script is finished. greetz GetHwid_Unpacked_No_SDK_Fix.rar
September 19, 201113 yr Author $-3 > 51 push ecx$-2 > FFD6 call esi ; USER32.SendMessageW$ ==> > 90 nop$+1 > 90 nop$+2 > 90 nop$+3 > 90 nop$+4 > 90 nop$+5 > 90 nop$+6 > 90 nop$+7 > 90 nop$+8 > 90 nop$+9 > 90 nop$+A > 90 nop$+B > 90 nop$+C > 90 nop$+D > 90 nop$+E > 90 nop$+F > 90 nop$+10 > 90 nop$+11 > 90 nop$+12 > 90 nop$+13 > 90 nop$+14 > 90 nop$+15 > 90 nop$+16 > 90 nop$+17 > 90 nop$+18 > 90 nop$+19 > 90 nop$+1A > 90 nop$+1B > 90 nop$+1C > 90 nop$+1D > 90 nop$+1E > 90 nop$+1F > 90 nop$+20 > 90 nop$+21 > 90 nop$+22 > 90 nop$+23 > 90 nop$+24 > 90 nop$+25 > 90 nop$+26 > 90 nop$+27 > 90 nop$+28 > 90 nop$+29 > 90 nop$+2A > 90 nop$+2B > 90 nop$+2C > 90 nop$+2D > 90 nop$+2E > 90 nop$+2F > 90 nop$+30 > 90 nop$+31 > 90 nop$+32 > 90 nop$+33 > 90 nop$+34 > 90 nop$+35 > 90 nop$+36 > 90 nop$+37 > 90 nop$+38 > 90 nop$+39 > 90 nop$+3A > 90 nop$+3B > 90 nop$+3C > 90 nop$+3D > 90 nop$+3E > 90 nop$+3F > 90 nop$+40 > 90 nop$+41 > 90 nop$+42 > 90 nop$+43 > 90 nop$+44 > 90 nop$+45 > 90 nop$+46 > 90 nop$+47 > 90 nop$+48 > 90 nop$+49 > 90 nop$+4A > 90 nop$+4B > 90 nop$+4C > 90 nop$+4D > 90 nop$+4E > 90 nop$+4F > 90 nop$+50 > 90 nop$+51 > 90 nop$+52 > 90 nop$+53 > 90 nop$+54 > 90 nop$+55 > 90 nop$+56 > 90 nop$+57 > 90 nop$+58 > 90 nop$+59 > 90 nop$+5A > 90 nop$+5B > 90 nop$+5C > 90 nop$+5D > 90 nop$+5E > 90 nop$+5F > 90 nop$+60 > 90 nop$+61 > 90 nop$+62 > 90 nop$+63 > 90 nop$+64 > 90 nop$+65 > 90 nop$+66 > 90 nop$+67 > 90 nop$+68 > B8 01000000 mov eax,1$+6D > 8B4D F4 mov ecx,dword ptr ss:[ebp-C]$+70 > 64:890D 0000000>mov dword ptr fs:[0],ecxGetHwid_Unpacked_No_SDK_Fix can working~!
September 20, 201113 yr "It is possible to create a universal WmProtect unpacker?" For OEP & Full IAT Fixing = Yes Script is already in work and working (without SDK Fix) but not finished yet. If you know some other VProtect unpackmes | targets without HWID check then you can send them to me to check them.I never have seen a real target using the VProtect protection til now. greetz
Create an account or sign in to comment